Slow Windows XP, CPU 100% all the time, end of my tether!

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Slow Windows XP, CPU 100% all the time, end of my tether! tried as many fixes as I could but no dice

#1 J Cccccccccc

Member

Group: Members
Posts: 32
Joined: 07-August 11

Posted 03 September 2011 - 09:10 AM

Hi folks, at the end of my tether with a laptop running Windows XP Professional. I'm pretty sure this came about after a BSOD. Boot up is ridiculously slow, hangs after splash screen and generally CPU maxed out all the time. I've tried as many fixes as I could from the recommendations here and some improvement but not much. I tried a Repair Install today (off a USB, mind) and it says it was too corrupted to do it!! No idea what to do next. Important work in the next few weeks so can't afford time for a clean install right now. Any recommendations?

Attached File(s)

Jccc hijackthis.log (9.75K)
Number of downloads: 6

#2 HelpBot

Bleepin' Binary Bot

Group: Bots
Posts: 5,607
Joined: 05-October 07
Gender:Male

Posted 08 September 2011 - 09:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/417252 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Casey_boy

Bleeping physicist

Group: Malware Response Instructor
Posts: 5,218
Joined: 02-January 09
Gender:Male
Location:United Kingdom

Posted 08 September 2011 - 01:39 PM

Hi,

My name is Casey and I will be helping you with your malware problems.

Whilst we work on the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

:step1:

We need to create an OTL Report

Please download OTL from here
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

Regards,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.

* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *

#4 J Cccccccccc

Member

Group: Members
Posts: 32
Joined: 07-August 11

Posted 08 September 2011 - 04:44 PM

Thanks very much!! doing the scans now.

#5 J Cccccccccc

Member

Group: Members
Posts: 32
Joined: 07-August 11

Posted 08 September 2011 - 05:11 PM

OTL.txt

OTL logfile created on: 08/09/2011 22:15:20 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Tony\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 60.51% Memory free
5.90 Gb Paging File | 5.33 Gb Available in Paging File | 90.25% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 81.43 Gb Total Space | 31.37 Gb Free Space | 38.52% Space Free | Partition Type: NTFS
Drive D: | 589.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 209.80 Gb Total Space | 8.21 Gb Free Space | 3.91% Space Free | Partition Type: NTFS
Drive F: | 6.85 Gb Total Space | 2.23 Gb Free Space | 32.54% Space Free | Partition Type: FAT32

Computer Name: LENOVO-D6CD08A0 | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/08 22:14:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\desktop\OTL.exe
PRC - [2011/09/03 00:08:37 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011/08/13 09:21:32 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/11 20:16:13 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/06/24 00:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 08:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/03/17 10:52:49 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2010/02/03 12:18:46 | 001,133,952 | ---- | M] (PreSonus Audio Electronics) -- C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
PRC - [2009/12/22 10:17:04 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/11 13:40:44 | 000,355,840 | ---- | M] (Outertech) -- C:\Program Files\CachemanXP\CachemanXP.exe
PRC - [2008/05/08 07:46:16 | 002,685,496 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/18 22:21:30 | 001,440,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/01/18 22:21:30 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/01/05 03:48:52 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 22:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2002/02/23 00:19:44 | 000,442,368 | ---- | M] (OuterTechnologies) -- C:\Program Files\CpuUsage\CpuUsage.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/03 00:12:53 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2011/09/03 00:12:51 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2011/09/03 00:12:49 | 000,275,968 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2011/09/03 00:12:46 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2011/09/03 00:12:45 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2011/09/03 00:12:44 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2011/09/03 00:12:41 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2011/09/03 00:12:40 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2011/09/03 00:12:38 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2011/09/03 00:12:37 | 000,106,496 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreelements.dll
MOD - [2011/09/03 00:12:35 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2011/09/03 00:12:34 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2011/09/03 00:12:32 | 000,776,704 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2011/08/11 17:57:23 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/19 16:13:32 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll
MOD - [2011/06/24 00:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010/10/01 22:05:46 | 008,972,888 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtGui4.dll
MOD - [2010/10/01 22:05:42 | 002,456,152 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtCore4.dll
MOD - [2010/10/01 22:05:28 | 002,111,064 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avzkrnl.dll
MOD - [2010/10/01 21:07:46 | 000,733,184 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\localization_manager.dll
MOD - [2009/12/22 10:17:04 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
MOD - [2009/10/30 20:32:30 | 000,410,496 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\dblite.dll
MOD - [2008/01/18 22:16:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SUService)
SRV - [2011/08/13 09:21:32 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/11 20:16:13 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/07/19 16:13:32 | 003,542,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/17 08:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/03/17 10:52:49 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2009/12/22 10:17:04 | 000,225,280 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/01/11 13:40:44 | 000,355,840 | ---- | M] (Outertech) [Auto | Running] -- C:\Program Files\CachemanXP\CachemanXP.exe -- (CachemanXPService)
SRV - [2008/05/08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/04/25 16:18:10 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2008/04/25 16:18:02 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2008/04/25 16:16:04 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/04/25 16:15:58 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/04/25 16:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/01/05 03:48:52 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/05/24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\Lenovo\PMDriver\PMSveH.exe -- (PMSveH)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2002/02/23 00:19:44 | 000,442,368 | ---- | M] (OuterTechnologies) [Auto | Running] -- C:\Program Files\CpuUsage\CpuUsage.exe -- (CpuUsageServ)

========== Driver Services (SafeList) ==========

DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/12 14:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2011/04/30 13:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 13:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 12:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/03/17 10:52:58 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/03/17 10:52:24 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2011/03/17 10:52:19 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/03/17 10:51:22 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/01/19 02:20:16 | 006,878,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32) ___ Intel®
DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/01 18:53:00 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2010/04/09 16:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/03/25 11:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 12:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/03/20 11:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/02/03 12:18:42 | 000,137,088 | ---- | M] (Archwave AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pae_1394.sys -- (pae_1394)
DRV - [2010/02/03 12:18:42 | 000,052,608 | ---- | M] (Archwave AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pae_avs.sys -- (pae_avs)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/14 13:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)
DRV - [2009/12/14 13:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009/11/26 13:10:46 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\klbg.sys -- (KLBG)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/21 15:05:40 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/07/06 17:10:22 | 005,788,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/29 17:43:32 | 000,007,168 | ---- | M] (Novation Digital Music Systems Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\automap.sys -- (automap)
DRV - [2009/05/04 21:43:03 | 000,039,376 | ---- | M] (Apricorn) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/04/08 10:48:22 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/12/12 14:57:58 | 000,027,648 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnusbaudio.sys -- (NvnUsbAudio)
DRV - [2008/08/07 10:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/01 10:26:46 | 000,974,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2008/04/28 14:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/04/21 09:20:04 | 000,737,792 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/03/25 15:22:50 | 000,985,472 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 15:22:10 | 000,210,560 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/25 15:22:06 | 000,731,264 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/03/17 17:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/14 21:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/02/23 00:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/12/10 05:21:26 | 000,539,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/11/27 08:40:38 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/11/21 03:51:30 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/09/17 10:34:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [2007/06/29 04:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/31 05:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/23 02:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/03/23 02:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 11:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/10/19 08:46:38 | 000,022,432 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmidi2.sys -- (BCMIDI)
DRV - [2005/04/14 02:00:00 | 000,138,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0090Vid.sys -- (V0090VID)
DRV - [2004/12/23 12:14:18 | 000,020,992 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcr2000.sys -- (BCR2000) B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=100368&mntrId=1c1d839500000000000000216b3c9e58
IE - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_ss&affID=100368&mntrId=1c1d839500000000000000216b3c9e58"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {0dd39226-2650-404d-a43d-ffd906b35a9e}:0.2.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {B2EA3FAB-912C-48a1-BABD-C5B00BB885BB}:1.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&affID=100368&mntrId=1c1d839500000000000000216b3c9e58&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Tony\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Tony\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/11 20:01:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/25 19:52:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/25 19:54:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011/08/23 22:05:44 | 000,000,000 | ---D | M]

[2009/06/30 01:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Extensions
[2009/06/03 21:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/06/30 01:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Extensions\MediaCoder
[2011/09/05 16:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions
[2009/06/11 03:12:59 | 000,000,000 | ---D | M] (Clear Private Data... +) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\{0dd39226-2650-404d-a43d-ffd906b35a9e}
[2011/06/24 19:30:56 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/02/14 00:17:55 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/03/27 02:07:15 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2009/06/11 03:13:04 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/07/08 12:10:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/18 18:59:17 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/21 10:16:23 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/12/10 09:59:49 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/09/05 16:50:45 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\ffxtlbr@babylon.com
[2011/06/09 16:37:45 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\firefox@ghostery.com
[2011/06/24 19:16:04 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\foxyproxy@eric.h.jung
[2010/05/13 01:00:05 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\illimitux@illimitux.net
[2011/08/04 13:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\staged
[2009/05/22 01:14:18 | 000,000,000 | ---D | M] (Duck Duck Go Toolbar) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\toolbar@duckduckgo.com
[2010/10/20 15:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\searchplugins\conduit.xml
[2011/08/11 20:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 12:14:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/16 17:25:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 13:22:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/23 18:48:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/23 11:18:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/24 19:04:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/11 20:20:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/03/25 00:24:33 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\{B2EA3FAB-912C-48A1-BABD-C5B00BB885BB}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TONY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AB9C9RUQ.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI
[2011/01/23 18:47:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/02 01:31:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/16 05:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/11 20:16:19 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[1999/12/31 17:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2009/04/10 13:09:29 | 001,212,416 | ---- | M] (cedelia) -- C:\Program Files\mozilla firefox\plugins\NPStreamPlug.dll
[2011/09/05 16:50:22 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/02 18:13:28 | 000,420,823 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14517 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] File not found
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] File not found
O4 - HKLM..\Run: [SkyTel] File not found
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant)
O4 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FP10 Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe (PreSonus Audio Electronics)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C2EB39F-1FEF-4045-967A-2829C8108410}: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5C285C9-C0D8-4F15-986D-04CD078E2F66}: DhcpNameServer = 62.40.32.33 8.8.8.8
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/04/30 08:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{49b5476c-32d4-11e0-bd2f-002269f3cf7d}\Shell - "" = AutoRun
O33 - MountPoints2\{49b5476c-32d4-11e0-bd2f-002269f3cf7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49b5476c-32d4-11e0-bd2f-002269f3cf7d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{49b5476f-32d4-11e0-bd2f-002269f3cf7d}\Shell - "" = AutoRun
O33 - MountPoints2\{49b5476f-32d4-11e0-bd2f-002269f3cf7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49b5476f-32d4-11e0-bd2f-002269f3cf7d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{acbddbc2-3528-11de-94ba-00216b3c9e58}\Shell\AutoRun\command - "" = k1d.exe
O33 - MountPoints2\{acbddbc2-3528-11de-94ba-00216b3c9e58}\Shell\open\Command - "" = k1d.exe
O33 - MountPoints2\{ba6ab240-6abe-11e0-abbc-001e101ff602}\Shell - "" = AutoRun
O33 - MountPoints2\{ba6ab240-6abe-11e0-abbc-001e101ff602}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba6ab240-6abe-11e0-abbc-001e101ff602}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f4caef7e-0041-11df-bb6f-002269f3cf7d}\Shell - "" = AutoRun
O33 - MountPoints2\{f4caef7e-0041-11df-bb6f-002269f3cf7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4caef81-0041-11df-bb6f-002269f3cf7d}\Shell - "" = AutoRun
O33 - MountPoints2\{f4caef81-0041-11df-bb6f-002269f3cf7d}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 22:16:49 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tony\Desktop\tdsskiller.exe
[2011/09/08 22:14:33 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2011/09/08 19:44:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tony\Recent
[2011/09/07 19:06:24 | 000,000,000 | ---D | C] -- C:\Intel
[2011/09/06 10:35:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/09/06 10:07:00 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2011/09/06 10:07:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2011/09/06 10:07:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2011/09/06 10:06:57 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2011/09/06 10:06:57 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2011/09/06 10:06:57 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2011/09/06 10:06:57 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2011/09/06 10:06:57 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2011/09/06 10:06:57 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2011/09/06 10:06:57 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2011/09/06 10:06:57 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2011/09/06 10:06:56 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2011/09/06 10:06:56 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2011/09/06 10:06:56 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2011/09/06 10:06:56 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2011/09/06 10:06:56 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2011/09/06 10:06:56 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2011/09/06 10:06:56 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2011/09/06 10:06:56 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2011/09/06 10:06:56 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2011/09/06 10:06:56 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2011/09/06 10:06:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2011/09/06 10:06:53 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/09/06 10:06:01 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2011/09/06 10:05:57 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2011/09/06 10:05:56 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2011/09/06 10:05:41 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2011/09/06 10:05:24 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2011/09/06 10:04:40 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2011/09/06 10:04:20 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2011/09/06 10:04:03 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2011/09/06 10:03:31 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2011/09/06 10:03:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2011/09/06 10:03:06 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2011/09/06 10:02:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2011/09/06 10:02:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2011/09/06 10:02:32 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2011/09/06 10:02:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2011/09/06 10:02:29 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2011/09/06 10:02:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2011/09/06 09:40:25 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/09/06 09:39:16 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/09/06 09:39:16 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2011/09/06 09:39:15 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/09/06 09:39:15 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
[2011/09/06 09:39:15 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/09/06 09:39:15 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
[2011/09/06 09:39:14 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/09/06 09:39:14 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
[2011/09/06 09:39:14 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/09/06 09:39:14 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2011/09/06 09:39:14 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/09/06 09:39:14 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
[2011/09/06 09:39:14 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/09/06 09:39:14 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1snxx.sys
[2011/09/06 09:39:14 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/09/06 09:39:14 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
[2011/09/06 09:39:13 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/09/06 09:39:13 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2011/09/06 09:39:13 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/09/06 09:39:13 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
[2011/09/06 09:39:13 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/09/06 09:39:13 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
[2011/09/06 09:39:13 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/09/06 09:39:13 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xbxx.sys
[2011/09/06 09:39:12 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/09/06 09:39:12 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2011/09/06 09:39:12 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/09/06 09:39:12 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2011/09/06 09:39:12 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/09/06 09:39:12 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2011/09/06 09:39:12 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/09/06 09:39:12 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2011/09/06 09:39:12 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/09/06 09:39:12 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2011/09/06 09:39:11 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/09/06 09:39:11 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2011/09/06 09:39:11 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/09/06 09:39:11 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2011/09/06 09:39:10 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/09/06 09:39:10 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2011/09/06 09:39:10 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/09/06 09:39:10 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2011/09/06 09:39:09 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/09/06 09:39:09 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2011/09/05 16:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Phyxion.net
[2011/09/05 16:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2011/09/05 16:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/09/05 16:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Local Settings\Application Data\Babylon
[2011/09/05 16:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/09/05 16:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\Babylon
[2011/09/05 16:48:46 | 006,949,696 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Tony\Desktop\stinger10.2.0.267.exe
[2011/09/05 00:20:35 | 000,229,376 | R--- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\UCI32M27.dll
[2011/09/05 00:20:34 | 000,985,472 | R--- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DPV.sys
[2011/09/05 00:20:34 | 000,731,264 | R--- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_CNXT.sys
[2011/09/05 00:20:34 | 000,210,560 | R--- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSFHWAZL.sys
[2011/09/04 23:38:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\x64
[2011/09/04 23:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Start Menu\Programs\Driver Cleaner.NET Trial
[2011/09/04 23:37:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/09/04 19:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\My Documents\New Folder (2)
[2011/09/04 19:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/09/04 15:55:50 | 000,121,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\gfxSrvc.dll
[2011/09/04 15:55:50 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/09/04 15:55:48 | 003,140,608 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\GfxUI.exe
[2011/09/04 15:55:45 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresn.lrc
[2011/09/04 09:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\DriverCleanerDotNETTrial
[2011/09/04 08:52:10 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/09/04 08:51:36 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/09/03 22:09:50 | 000,018,816 | ---- | C] (Sophos Group) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2011/09/03 15:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/09/03 15:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/09/03 15:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/02 22:08:23 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/09/02 21:40:31 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/09/02 21:01:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/09/02 20:42:33 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/09/02 20:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\ElevatedDiagnostics
[2011/09/02 03:57:11 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2011/09/02 03:57:11 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/09/01 11:20:05 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/09/01 10:14:05 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/09/01 08:43:06 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/09/01 08:23:02 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/08/30 22:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2011/08/23 18:24:29 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/08/23 18:24:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/08/23 18:24:21 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/08/23 18:24:17 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/08/23 18:24:13 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/08/23 18:24:10 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/08/23 18:24:02 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/08/23 18:23:57 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/08/23 18:23:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2011/08/23 18:23:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2011/08/23 18:23:45 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2011/08/23 18:23:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2011/08/23 18:23:31 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/08/23 18:23:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/08/23 18:23:13 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/08/23 18:23:08 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/08/23 18:23:05 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/08/23 18:23:01 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/08/23 18:22:57 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/08/23 18:22:43 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2011/08/23 18:22:43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2011/08/23 18:22:36 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2011/08/23 18:22:27 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2011/08/23 18:22:26 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2011/08/23 18:22:19 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2011/08/23 18:22:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2011/08/23 18:22:04 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/08/23 18:22:04 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/08/23 18:21:57 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/08/23 18:21:49 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2011/08/23 18:21:49 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2011/08/23 18:21:44 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2011/08/23 18:21:41 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2011/08/23 18:21:32 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/08/23 18:21:32 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/08/23 18:21:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/08/23 18:21:18 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/08/23 18:21:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/08/23 18:21:09 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/08/23 18:21:01 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/08/23 18:21:01 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/08/23 18:20:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/08/23 18:20:50 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/08/23 18:20:43 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2011/08/23 18:20:42 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2011/08/23 18:20:34 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2011/08/23 18:20:26 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/08/23 18:20:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/08/23 18:20:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/08/23 18:20:07 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/08/23 18:20:07 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/08/23 18:20:01 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/08/23 18:19:52 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2011/08/23 18:19:31 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2011/08/23 18:19:30 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/08/23 18:19:26 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2011/08/23 18:19:17 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2011/08/23 18:19:08 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2011/08/23 18:19:07 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2011/08/23 18:19:01 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2011/08/23 18:18:55 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2011/08/23 18:18:55 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/08/23 18:18:47 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2011/08/23 18:18:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2011/08/23 18:18:32 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2011/08/23 18:18:29 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2011/08/23 18:18:08 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2011/08/23 18:17:57 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2011/08/23 18:17:40 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2011/08/23 18:17:29 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2011/08/23 18:17:29 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2011/08/23 18:17:21 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/08/23 18:17:11 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2011/08/23 18:17:08 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2011/08/23 18:16:30 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2011/08/23 17:59:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/08/23 17:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Player Classic - Home Cinema
[2011/08/22 23:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\HotSync
[2011/08/22 22:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/08/20 09:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
[2011/08/20 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2011/08/13 12:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\PCDr
[2011/08/13 10:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2011/08/13 10:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/13 10:11:19 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/08/13 10:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/08/13 09:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/13 09:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/08/13 09:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\SUPERAntiSpyware.com
[2011/08/13 09:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/13 09:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/13 09:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/13 09:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2011/08/13 02:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Local Settings\Application Data\uTorrent
[2011/08/12 16:00:50 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/08/11 20:19:34 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/08/11 20:19:33 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/08/11 20:19:32 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/08/11 19:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/08/11 19:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011/08/11 18:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/08/11 18:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/08/10 22:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/08/10 22:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Checker
[2009/04/11 01:04:15 | 005,689,344 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe
[2009/04/08 10:23:07 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\vm331Rmv.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/08 23:01:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA25FB1A-5CBF-462B-B523-8C4C570907F9}.job
[2011/09/08 23:00:02 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3137458556-2241964357-1189253063-1005UA.job
[2011/09/08 22:43:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 22:42:36 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 22:42:19 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype (2).lnk
[2011/09/08 22:16:49 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tony\Desktop\tdsskiller.exe
[2011/09/08 22:14:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\Desktop\OTL.exe
[2011/09/08 21:55:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/08 21:53:13 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/09/08 21:53:11 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 21:53:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3137458556-2241964357-1189253063-1005.job
[2011/09/08 21:53:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/07 16:31:43 | 000,110,086 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\HWCH_11_badge (2).jpg
[2011/09/07 01:31:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/06 09:11:53 | 000,001,483 | ---- | M] () -- C:\WINDOWS\System32\pae_coinst_FirePod.cfg
[2011/09/05 22:25:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3137458556-2241964357-1189253063-1005.job
[2011/09/05 20:19:55 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Pomodoro.lnk
[2011/09/05 16:52:29 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Sweeper.lnk
[2011/09/05 16:48:58 | 006,949,696 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Tony\Desktop\stinger10.2.0.267.exe
[2011/09/05 16:41:59 | 166,706,926 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\regsept.reg
[2011/09/04 11:33:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2011/09/04 10:53:14 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/09/04 09:47:07 | 000,001,829 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Cleaner.NET Trial.lnk
[2011/09/03 23:20:25 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/09/03 15:47:22 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/03 11:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/03 02:00:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3137458556-2241964357-1189253063-1005Core.job
[2011/09/02 20:26:54 | 000,015,380 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\cc_20110902_202634.reg
[2011/08/31 23:48:58 | 000,176,554 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\ray2.jpg
[2011/08/31 23:48:33 | 000,147,133 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\ray1.jpg
[2011/08/31 23:46:04 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2011/08/30 23:10:43 | 077,272,751 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\lace antenna - autumn love.zip
[2011/08/30 21:57:49 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Kaspersky PURE (2).lnk
[2011/08/28 10:26:05 | 000,000,342 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\music.lnk
[2011/08/27 15:11:58 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/25 21:02:58 | 000,043,216 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\cc_20110825_210248.reg
[2011/08/24 17:05:09 | 000,010,473 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\Payslip 473 (24-08-2011).pdf
[2011/08/24 16:54:05 | 000,009,045 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\gci wages.ods
[2011/08/24 08:04:24 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/08/24 08:04:23 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/08/23 17:53:35 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic - Home Cinema.lnk
[2011/08/23 17:42:10 | 000,106,796 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\cc_20110823_174147.reg
[2011/08/23 07:17:31 | 000,582,119 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\bills.pdf
[2011/08/23 00:19:52 | 000,218,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/22 23:40:28 | 000,000,094 | ---- | M] () -- C:\WINDOWS\family.ini
[2011/08/22 23:40:16 | 000,214,162 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\cc_20110822_233954.reg
[2011/08/21 17:50:21 | 003,131,392 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Lana_Johnidas_with_the_Swinging_Strings_-_Close_to_You.mp3
[2011/08/21 17:50:08 | 002,641,920 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Lana_Johnidas_with_the_Swinging_Strings_-_Scotch_Tape.mp3
[2011/08/20 16:45:23 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2011/08/17 20:00:47 | 000,151,995 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\nay-2.jpg
[2011/08/14 10:12:19 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/13 02:14:32 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/08/12 02:05:16 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/12 02:05:16 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/11 20:16:10 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/08/11 20:16:10 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/08/11 20:16:10 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/11 20:16:09 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/08/11 20:16:08 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/08/11 20:06:46 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/08/11 19:53:02 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/08/11 19:52:57 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/08/11 17:57:28 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/11 13:50:36 | 000,506,522 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 13:50:36 | 000,090,184 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/07 16:31:43 | 000,110,086 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\HWCH_11_badge (2).jpg
[2011/09/06 10:28:20 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/06 09:39:09 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/09/05 16:52:29 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Sweeper.lnk
[2011/09/05 16:39:25 | 166,706,926 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\regsept.reg
[2011/09/05 00:20:34 | 000,146,036 | R--- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2011/09/04 15:55:59 | 000,133,738 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.he-IL.resources
[2011/09/04 15:55:59 | 000,001,023 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2011/09/04 15:55:57 | 000,118,677 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fi-FI.resources
[2011/09/04 15:55:56 | 000,178,400 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.el-GR.resources
[2011/09/04 15:55:55 | 000,165,374 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ru-RU.resources
[2011/09/04 15:55:54 | 000,139,901 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ar-SA.resources
[2011/09/04 15:55:54 | 000,118,049 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sk-SK.resources
[2011/09/04 15:55:53 | 000,114,354 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sl-SI.resources
[2011/09/04 15:55:53 | 000,102,872 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-CN.resources
[2011/09/04 15:55:51 | 001,674,683 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2011/09/04 15:55:45 | 000,120,781 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fr-FR.resources
[2011/09/04 15:55:45 | 000,120,360 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-BR.resources
[2011/09/04 15:55:44 | 000,125,547 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.it-IT.resources
[2011/09/04 15:55:44 | 000,123,228 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ko-KR.resources
[2011/09/04 15:55:43 | 000,121,165 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.tr-TR.resources
[2011/09/04 15:55:43 | 000,119,341 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sv-SE.resources
[2011/09/04 15:55:43 | 000,119,058 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-PT.resources
[2011/09/04 15:55:42 | 000,118,409 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pl-PL.resources
[2011/09/04 15:55:42 | 000,110,205 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.en-US.resources
[2011/09/04 15:55:41 | 000,119,581 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nl-NL.resources
[2011/09/04 15:55:40 | 000,136,402 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ja-JP.resources
[2011/09/04 15:55:37 | 000,189,534 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.th-TH.resources
[2011/09/04 15:55:36 | 000,122,923 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.es-ES.resources
[2011/09/04 15:55:36 | 000,119,598 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.hu-HU.resources
[2011/09/04 15:55:36 | 000,114,242 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.da-DK.resources
[2011/09/04 15:55:36 | 000,104,033 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-TW.resources
[2011/09/04 15:55:36 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/09/04 15:55:35 | 000,122,700 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.de-DE.resources
[2011/09/04 15:55:35 | 000,114,833 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nb-NO.resources
[2011/09/04 15:55:34 | 000,118,754 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.cs-CZ.resources
[2011/09/04 09:47:07 | 000,001,829 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Cleaner.NET Trial.lnk
[2011/09/03 23:20:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/09/03 15:47:22 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/02 20:26:47 | 000,015,380 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\cc_20110902_202634.reg
[2011/08/31 23:48:57 | 000,176,554 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\ray2.jpg
[2011/08/31 23:48:33 | 000,147,133 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\ray1.jpg
[2011/08/30 22:58:53 | 077,272,751 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\lace antenna - autumn love.zip
[2011/08/30 21:57:49 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Kaspersky PURE (2).lnk
[2011/08/28 10:26:05 | 000,000,342 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\music.lnk
[2011/08/25 21:02:54 | 000,043,216 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\cc_20110825_210248.reg
[2011/08/24 17:05:09 | 000,010,473 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\Payslip 473 (24-08-2011).pdf
[2011/08/24 16:53:44 | 000,009,045 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\gci wages.ods
[2011/08/23 17:53:34 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic - Home Cinema.lnk
[2011/08/23 17:42:01 | 000,106,796 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\cc_20110823_174147.reg
[2011/08/23 07:17:31 | 000,582,119 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\bills.pdf
[2011/08/22 23:40:28 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2011/08/22 23:40:01 | 000,214,162 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\cc_20110822_233954.reg
[2011/08/21 17:50:06 | 003,131,392 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Lana_Johnidas_with_the_Swinging_Strings_-_Close_to_You.mp3
[2011/08/21 17:49:57 | 002,641,920 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Lana_Johnidas_with_the_Swinging_Strings_-_Scotch_Tape.mp3
[2011/08/17 20:00:47 | 000,151,995 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\nay-2.jpg
[2011/08/15 22:43:07 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype (2).lnk
[2011/08/13 12:37:55 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA25FB1A-5CBF-462B-B523-8C4C570907F9}.job
[2011/08/11 20:28:14 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3137458556-2241964357-1189253063-1005.job
[2011/08/11 20:28:13 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3137458556-2241964357-1189253063-1005.job
[2011/08/10 22:47:47 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\Tony\Start Menu\Programs\Update Checker.lnk
[2011/07/31 17:17:12 | 000,635,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/24 19:43:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\housecall.guid.cache
[2011/03/25 00:23:33 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/03/25 00:23:31 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/03/17 09:23:33 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\netstat.bat
[2010/11/27 19:02:40 | 000,026,112 | ---- | C] () -- C:\WINDOWS\LgUninst.exe
[2010/11/14 12:54:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010/11/14 12:51:36 | 005,901,024 | ---- | C] () -- C:\Program Files\HSS-1.54-install-anchorfree-232-expatshield.exe
[2010/11/07 22:54:29 | 001,420,315 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/11/05 17:02:58 | 000,004,626 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2010/09/10 17:50:04 | 000,000,063 | ---- | C] () -- C:\WINDOWS\eFaxView.ini
[2010/09/06 17:55:22 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/14 14:25:53 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2010/07/08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/05/01 18:53:00 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2010/02/07 00:18:54 | 000,000,068 | ---- | C] () -- C:\WINDOWS\spwdr.INI
[2010/02/07 00:09:59 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2010/02/07 00:09:56 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2010/02/07 00:09:56 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010/02/07 00:09:56 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2010/02/07 00:09:56 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2010/02/06 21:58:10 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\bdfvconp.ini
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/02/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/01/30 20:59:18 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/01/30 20:59:18 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/12/30 15:06:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2009/12/30 15:06:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2009/12/30 15:06:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2009/12/30 15:06:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2009/12/30 15:06:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2009/12/30 15:06:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2009/12/30 14:37:01 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/11/27 01:51:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Hyperman.dll
[2009/11/19 02:41:12 | 000,011,910 | ---- | C] () -- C:\WINDOWS\System32\Genmidi.dll
[2009/11/19 02:41:12 | 000,011,910 | ---- | C] () -- C:\WINDOWS\Genmidi.dll
[2009/11/17 11:23:14 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\setup_ldm.iss
[2009/10/06 16:20:43 | 000,000,968 | ---- | C] () -- C:\WINDOWS\Sidplay2w.ini
[2009/09/18 19:05:36 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\Jublerupdater.xml
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/09/08 09:37:22 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/23 16:50:52 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2009/07/23 16:43:00 | 000,000,452 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2009/06/30 01:23:02 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\MPUI.ini
[2009/06/17 17:09:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/05/11 19:45:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/30 13:21:31 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/30 03:26:17 | 000,027,136 | ---- | C] () -- C:\WINDOWS\rdcd32.dll
[2009/04/30 03:26:17 | 000,003,360 | ---- | C] () -- C:\WINDOWS\rdcd16.dll
[2009/04/28 20:59:23 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2009/04/27 22:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PlgEnabler2a.INI
[2009/04/24 01:45:23 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/04/24 01:45:23 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/04/24 01:45:23 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/04/24 01:45:23 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/04/24 01:45:23 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/04/24 01:45:23 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/04/24 01:45:23 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/04/24 01:45:23 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/04/24 01:45:23 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/04/24 01:45:23 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/04/24 01:45:23 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/04/24 01:45:23 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/04/24 01:45:23 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/04/24 01:45:23 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/04/24 01:45:23 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/04/24 01:45:23 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/04/08 11:18:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/08 10:54:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/08 10:47:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009/04/08 10:44:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/04/08 10:44:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/04/08 10:44:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/04/08 10:44:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/04/08 10:44:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/04/08 10:44:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/04/08 10:43:38 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/08 10:23:07 | 000,001,291 | ---- | C] () -- C:\WINDOWS\vm331Rmv.ini
[2009/04/08 10:12:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2009/04/07 21:41:45 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/07 21:41:31 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/08/11 12:56:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2008/08/11 12:48:00 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008/08/11 12:48:00 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/01/18 22:16:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/04/30 08:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 08:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 08:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/30 08:10:07 | 000,023,412 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/30 07:56:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2006/04/30 07:55:55 | 000,506,522 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/30 07:55:55 | 000,090,184 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/30 07:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 01:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/30 01:03:29 | 000,218,448 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/14 20:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\WgaTray.exe:SummaryInformation
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDF51F17
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD

< End of report >

extras.txt

OTL Extras logfile created on: 08/09/2011 22:15:20 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Tony\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 60.51% Memory free
5.90 Gb Paging File | 5.33 Gb Available in Paging File | 90.25% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 81.43 Gb Total Space | 31.37 Gb Free Space | 38.52% Space Free | Partition Type: NTFS
Drive D: | 589.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 209.80 Gb Total Space | 8.21 Gb Free Space | 3.91% Space Free | Partition Type: NTFS
Drive F: | 6.85 Gb Total Space | 2.23 Gb Free Space | 32.54% Space Free | Partition Type: FAT32

Computer Name: LENOVO-D6CD08A0 | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera11\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera11\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe" = C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe:*:Enabled:RegTool.exe -- ()
"C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe" = C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe:*:Enabled:Sibelius.exe -- (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\Program Files\PPMate\ppamnet.exe" = C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Documents and Settings\Tony\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Tony\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\Opera 11.10 beta\opera.exe" = C:\Program Files\Opera 11.10 beta\opera.exe:*:Enabled:Opera Internet Browser
"C:\Program Files\Opera11\opera.exe" = C:\Program Files\Opera11\opera.exe:*:Enabled:Opera Internet Browser
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009AC76E-1A66-4682-82B7-417E77F3C648}" = Superior Drummer Installer
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{106ED49A-BC2C-4E5A-98FC-CF41D93A1171}" = Pomodoro
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{19DD4FB9-0D1C-441F-B39E-3B937378683D}_is1" = Cabbage V1.97.4
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F808FB4-37D0-4274-BEE4-08783188F2B6}" = MediaSweeper
"{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.1.0
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}" = Sony Sound Forge 9.0
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B7FB6C2-B673-474E-8B68-00A0BF8652DB}" = Waves Masters 3.6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8967ABFB-CBCA-4EC0-8DE8-A01135267C16}" = EZplayer pro
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4EF2149-B09D-4E6F-987A-744D58585A76}" = Max 5.1.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BBB3F622-D848-4CDA-B282-CC53627432F0}" = Microsoft Application Compatibility Toolkit 5.5
"{BC975AF9-0C87-4361-8F4B-FBEF2FC7B3A9}" = Drumazon
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}" = Adobe Audition 3.0.1 Patch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EABACFC4-1CB1-438E-A418-0A3B21CD30D3}" = Waves Restoration 3.6
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 9.13 beta
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AnalogX DXMan" = AnalogX DXMan
"ASIO4ALL" = ASIO4ALL
"AudioEase Altiverb VST RTAS_is1" = AudioEase Altiverb VST RTAS v6.10
"Automap Universal ReWire_is1" = Automap ReWire 1.0
"BabylonToolbar" = Babylon toolbar on IE
"CachemanXP 1.8.0.15" = CachemanXP 1.8.0.15
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Collab" = Collab
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"CpuUsage System Service 1.0" = CpuUsage System Service 1.0
"Creative VF0090" = Creative WebCam Vista Plus Driver (1.02.02.0414)
"Creative WebCam Center" = Creative WebCam Center
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"DriverCleanerDotNETTrial" = Driver Cleaner.NET Trial
"DrumStation DT-010" = DrumStation DT-010
"East West Drumkit From Hell 2" = East West Drumkit From Hell 2
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"Emagic Logic Audio Platinum 5.5" = Emagic Logic Audio Platinum 5.5
"Emagic Logic Audio Platinum 5.5.1" = Emagic Logic Audio Platinum 5.5.1
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"FileHippo.com" = FileHippo.com Update Checker
"FL Studio 10" = FL Studio 10
"Freecorder4.1" = Freecorder
"Glary Utilities_is1" = Glary Utilities 2.35.0.1216
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HALion v1.10" = HALion v1.10
"HFSExplorer" = HFSExplorer 0.21
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"iZotope Vinyl_is1" = iZotope Vinyl
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic)
"Lenovo Registration" = Lenovo Registration
"Live 8.2.2" = Live 8.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Native Instruments B4 v1.11" = Native Instruments B4 v1.11
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Nomad Factory Blue Tubes Bundle v2.0" = Nomad Factory Blue Tubes Bundle v2.0
"Nomad Factory Liquid Bundle VST v1.6" = Nomad Factory Liquid Bundle VST v1.6
"Novation USB Audio Driver_is1" = Novation USB Audio Driver 1.2.8
"O2 Broadband" = O2 Broadband
"Opera 11.51.1087" = Opera 11.51
"PCMCIAPW" = ThinkPad PC Card Power Policy
"PoiZone" = PoiZone
"PowerShell" = Windows PowerShell™ 1.0
"PreSonus FP10 driver v5.13.0.0" = PreSonus FP10 driver v5.13.0.0
"Prosoniq mixCiter" = Prosoniq mixCiter
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"SendSpaceWizard" = SendSpace Wizard
"SopCast" = SopCast 3.2.4
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"SP6" = Logitech SetPoint 6.30
"Steinberg LM-4 MarkII" = Steinberg LM-4 MarkII
"Steinberg Quadrafuzz v1.01" = Steinberg Quadrafuzz v1.01
"Steinberg Spectralizer v1.21" = Steinberg Spectralizer v1.21
"Steinberg Ultravoice v1.02" = Steinberg Ultravoice v1.02
"Task Coach_is1" = Task Coach 1.0.3
"TBL BassLine v1.3 VSTi" = TBL BassLine v1.3 VSTi
"TC | Native Reverb DX" = TC | Native Reverb DX
"TimeWorks Mastering EQ" = TimeWorks Mastering EQ
"TimeWorks Reverb 4080L v1.064" = TimeWorks Reverb 4080L v1.064
"Toxic Biohazard" = Toxic Biohazard
"TreeSize Free_is1" = TreeSize Free V2.5
"Tweak UI 2.10" = Tweak UI
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Warp VST V1.0" = Warp VST V1.0
"Waves Renaissance Collection 2" = Waves Renaissance Collection 2
"Waves Znoise v1.0" = Waves Znoise v1.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Ripper Platinum 5" = Xilisoft DVD Ripper Platinum 5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IntelliAdmin_NetworkAdministrator33" = IntelliAdmin Network Administrator - Remove
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/09/2011 10:47:40 | Computer Name = LENOVO-D6CD08A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/09/2011 15:48:38 | Computer Name = LENOVO-D6CD08A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/09/2011 18:26:33 | Computer Name = LENOVO-D6CD08A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/09/2011 18:30:25 | Computer Name = LENOVO-D6CD08A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/09/2011 18:30:27 | Computer Name = LENOVO-D6CD08A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 04/09/2011 04:23:24 | Computer Name = LENOVO-D6CD08A0 | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 11.51.1087.0, faulting module
opera.dll, version 11.51.1087.0, fault address 0x0032dd9b.

Error - 04/09/2011 05:53:42 | Computer Name = LENOVO-D6CD08A0 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 04/09/2011 11:57:24 | Computer Name = LENOVO-D6CD08A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 05/09/2011 15:20:20 | Computer Name = LENOVO-D6CD08A0 | Source = CachemanXPService | ID = 0
Description =

Error - 06/09/2011 14:18:33 | Computer Name = LENOVO-D6CD08A0 | Source = CachemanXPService | ID = 0
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 14/11/2010 12:25:16 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 24/11/2010 03:20:01 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Unable to retrieve machine model -> Exception message: Provider load
failure

Error - 24/11/2010 03:20:01 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Retrieved null machine type model

Error - 03/12/2010 13:33:31 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe

Error - 09/12/2010 07:21:26 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 20/01/2011 05:54:07 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Unable to retrieve machine model -> Exception message:

Error - 20/01/2011 05:54:18 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Retrieved null machine type model

Error - 20/01/2011 05:55:22 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Unable to retrieve machine model -> Exception message:

Error - 20/01/2011 05:55:22 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Retrieved null machine type model

Error - 27/03/2011 18:39:26 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe

[ NetLimiter Events ]
Error - 14/03/2011 21:38:02 | Computer Name = LENOVO-D6CD08A0 | Source = NetLimiter 2 | ID = 1000
Description =

[ System Events ]
Error - 08/09/2011 12:01:25 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_3D9B17AA&REV_00\4&1a9c2d41&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 12:01:25 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_3D9A17AA&REV_00\4&1a9c2d41&0&02E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 12:01:25 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_3D9C17AA&REV_00\4&1a9c2d41&0&03E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 13:51:04 | Computer Name = LENOVO-D6CD08A0 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 08/09/2011 13:55:39 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_3D9B17AA&REV_00\4&1a9c2d41&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 13:55:39 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_3D9A17AA&REV_00\4&1a9c2d41&0&02E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 13:55:39 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_3D9C17AA&REV_00\4&1a9c2d41&0&03E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 16:57:55 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_3D9B17AA&REV_00\4&1a9c2d41&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 16:57:55 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_3D9A17AA&REV_00\4&1a9c2d41&0&02E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 16:57:55 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_3D9C17AA&REV_00\4&1a9c2d41&0&03E0)
disappeared from the system without first being prepared for removal.

< End of report >

#6 J Cccccccccc

Member

Group: Members
Posts: 32
Joined: 07-August 11

Posted 08 September 2011 - 05:17 PM

extras.txt

OTL Extras logfile created on: 08/09/2011 22:15:20 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Tony\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 60.51% Memory free
5.90 Gb Paging File | 5.33 Gb Available in Paging File | 90.25% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 81.43 Gb Total Space | 31.37 Gb Free Space | 38.52% Space Free | Partition Type: NTFS
Drive D: | 589.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 209.80 Gb Total Space | 8.21 Gb Free Space | 3.91% Space Free | Partition Type: NTFS
Drive F: | 6.85 Gb Total Space | 2.23 Gb Free Space | 32.54% Space Free | Partition Type: FAT32

Computer Name: LENOVO-D6CD08A0 | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera11\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera11\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe" = C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe:*:Enabled:RegTool.exe -- ()
"C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe" = C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe:*:Enabled:Sibelius.exe -- (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\Program Files\PPMate\ppamnet.exe" = C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Documents and Settings\Tony\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Tony\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\Opera 11.10 beta\opera.exe" = C:\Program Files\Opera 11.10 beta\opera.exe:*:Enabled:Opera Internet Browser
"C:\Program Files\Opera11\opera.exe" = C:\Program Files\Opera11\opera.exe:*:Enabled:Opera Internet Browser
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009AC76E-1A66-4682-82B7-417E77F3C648}" = Superior Drummer Installer
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{106ED49A-BC2C-4E5A-98FC-CF41D93A1171}" = Pomodoro
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{19DD4FB9-0D1C-441F-B39E-3B937378683D}_is1" = Cabbage V1.97.4
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F808FB4-37D0-4274-BEE4-08783188F2B6}" = MediaSweeper
"{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.1.0
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}" = Sony Sound Forge 9.0
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B7FB6C2-B673-474E-8B68-00A0BF8652DB}" = Waves Masters 3.6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8967ABFB-CBCA-4EC0-8DE8-A01135267C16}" = EZplayer pro
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4EF2149-B09D-4E6F-987A-744D58585A76}" = Max 5.1.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BBB3F622-D848-4CDA-B282-CC53627432F0}" = Microsoft Application Compatibility Toolkit 5.5
"{BC975AF9-0C87-4361-8F4B-FBEF2FC7B3A9}" = Drumazon
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}" = Adobe Audition 3.0.1 Patch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EABACFC4-1CB1-438E-A418-0A3B21CD30D3}" = Waves Restoration 3.6
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 9.13 beta
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AnalogX DXMan" = AnalogX DXMan
"ASIO4ALL" = ASIO4ALL
"AudioEase Altiverb VST RTAS_is1" = AudioEase Altiverb VST RTAS v6.10
"Automap Universal ReWire_is1" = Automap ReWire 1.0
"BabylonToolbar" = Babylon toolbar on IE
"CachemanXP 1.8.0.15" = CachemanXP 1.8.0.15
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Collab" = Collab
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"CpuUsage System Service 1.0" = CpuUsage System Service 1.0
"Creative VF0090" = Creative WebCam Vista Plus Driver (1.02.02.0414)
"Creative WebCam Center" = Creative WebCam Center
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"DriverCleanerDotNETTrial" = Driver Cleaner.NET Trial
"DrumStation DT-010" = DrumStation DT-010
"East West Drumkit From Hell 2" = East West Drumkit From Hell 2
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"Emagic Logic Audio Platinum 5.5" = Emagic Logic Audio Platinum 5.5
"Emagic Logic Audio Platinum 5.5.1" = Emagic Logic Audio Platinum 5.5.1
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"FileHippo.com" = FileHippo.com Update Checker
"FL Studio 10" = FL Studio 10
"Freecorder4.1" = Freecorder
"Glary Utilities_is1" = Glary Utilities 2.35.0.1216
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HALion v1.10" = HALion v1.10
"HFSExplorer" = HFSExplorer 0.21
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"iZotope Vinyl_is1" = iZotope Vinyl
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic)
"Lenovo Registration" = Lenovo Registration
"Live 8.2.2" = Live 8.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Native Instruments B4 v1.11" = Native Instruments B4 v1.11
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Nomad Factory Blue Tubes Bundle v2.0" = Nomad Factory Blue Tubes Bundle v2.0
"Nomad Factory Liquid Bundle VST v1.6" = Nomad Factory Liquid Bundle VST v1.6
"Novation USB Audio Driver_is1" = Novation USB Audio Driver 1.2.8
"O2 Broadband" = O2 Broadband
"Opera 11.51.1087" = Opera 11.51
"PCMCIAPW" = ThinkPad PC Card Power Policy
"PoiZone" = PoiZone
"PowerShell" = Windows PowerShell™ 1.0
"PreSonus FP10 driver v5.13.0.0" = PreSonus FP10 driver v5.13.0.0
"Prosoniq mixCiter" = Prosoniq mixCiter
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"SendSpaceWizard" = SendSpace Wizard
"SopCast" = SopCast 3.2.4
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"SP6" = Logitech SetPoint 6.30
"Steinberg LM-4 MarkII" = Steinberg LM-4 MarkII
"Steinberg Quadrafuzz v1.01" = Steinberg Quadrafuzz v1.01
"Steinberg Spectralizer v1.21" = Steinberg Spectralizer v1.21
"Steinberg Ultravoice v1.02" = Steinberg Ultravoice v1.02
"Task Coach_is1" = Task Coach 1.0.3
"TBL BassLine v1.3 VSTi" = TBL BassLine v1.3 VSTi
"TC | Native Reverb DX" = TC | Native Reverb DX
"TimeWorks Mastering EQ" = TimeWorks Mastering EQ
"TimeWorks Reverb 4080L v1.064" = TimeWorks Reverb 4080L v1.064
"Toxic Biohazard" = Toxic Biohazard
"TreeSize Free_is1" = TreeSize Free V2.5
"Tweak UI 2.10" = Tweak UI
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Warp VST V1.0" = Warp VST V1.0
"Waves Renaissance Collection 2" = Waves Renaissance Collection 2
"Waves Znoise v1.0" = Waves Znoise v1.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Ripper Platinum 5" = Xilisoft DVD Ripper Platinum 5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IntelliAdmin_NetworkAdministrator33" = IntelliAdmin Network Administrator - Remove
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/09/2011 10:47:40 | Computer Name = LENOVO-D6CD08A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/09/2011 15:48:38 | Computer Name = LENOVO-D6CD08A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/09/2011 18:26:33 | Computer Name = LENOVO-D6CD08A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/09/2011 18:30:25 | Computer Name = LENOVO-D6CD08A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/09/2011 18:30:27 | Computer Name = LENOVO-D6CD08A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 04/09/2011 04:23:24 | Computer Name = LENOVO-D6CD08A0 | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 11.51.1087.0, faulting module
opera.dll, version 11.51.1087.0, fault address 0x0032dd9b.

Error - 04/09/2011 05:53:42 | Computer Name = LENOVO-D6CD08A0 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 04/09/2011 11:57:24 | Computer Name = LENOVO-D6CD08A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 05/09/2011 15:20:20 | Computer Name = LENOVO-D6CD08A0 | Source = CachemanXPService | ID = 0
Description =

Error - 06/09/2011 14:18:33 | Computer Name = LENOVO-D6CD08A0 | Source = CachemanXPService | ID = 0
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 14/11/2010 12:25:16 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 24/11/2010 03:20:01 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Unable to retrieve machine model -> Exception message: Provider load
failure

Error - 24/11/2010 03:20:01 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Retrieved null machine type model

Error - 03/12/2010 13:33:31 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe

Error - 09/12/2010 07:21:26 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 20/01/2011 05:54:07 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Unable to retrieve machine model -> Exception message:

Error - 20/01/2011 05:54:18 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Retrieved null machine type model

Error - 20/01/2011 05:55:22 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Unable to retrieve machine model -> Exception message:

Error - 20/01/2011 05:55:22 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Retrieved null machine type model

Error - 27/03/2011 18:39:26 | Computer Name = LENOVO-D6CD08A0 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe

[ NetLimiter Events ]
Error - 14/03/2011 21:38:02 | Computer Name = LENOVO-D6CD08A0 | Source = NetLimiter 2 | ID = 1000
Description =

[ System Events ]
Error - 08/09/2011 12:01:25 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_3D9B17AA&REV_00\4&1a9c2d41&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 12:01:25 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_3D9A17AA&REV_00\4&1a9c2d41&0&02E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 12:01:25 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_3D9C17AA&REV_00\4&1a9c2d41&0&03E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 13:51:04 | Computer Name = LENOVO-D6CD08A0 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 08/09/2011 13:55:39 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_3D9B17AA&REV_00\4&1a9c2d41&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 13:55:39 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_3D9A17AA&REV_00\4&1a9c2d41&0&02E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 13:55:39 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_3D9C17AA&REV_00\4&1a9c2d41&0&03E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 16:57:55 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_3D9B17AA&REV_00\4&1a9c2d41&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 16:57:55 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_3D9A17AA&REV_00\4&1a9c2d41&0&02E0)
disappeared from the system without first being prepared for removal.

Error - 08/09/2011 16:57:55 | Computer Name = LENOVO-D6CD08A0 | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_3D9C17AA&REV_00\4&1a9c2d41&0&03E0)
disappeared from the system without first being prepared for removal.

< End of report >

#7 J Cccccccccc

Member

Group: Members
Posts: 32
Joined: 07-August 11

Posted 08 September 2011 - 05:37 PM

TDSSKiller found nothing.

2011/09/08 23:33:40.0781 2020 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/08 23:33:42.0796 2020 ================================================================================
2011/09/08 23:33:42.0796 2020 SystemInfo:
2011/09/08 23:33:42.0796 2020
2011/09/08 23:33:42.0796 2020 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/08 23:33:42.0796 2020 Product type: Workstation
2011/09/08 23:33:42.0796 2020 ComputerName: LENOVO-D6CD08A0
2011/09/08 23:33:43.0406 2020 UserName: Tony
2011/09/08 23:33:43.0406 2020 Windows directory: C:\WINDOWS
2011/09/08 23:33:43.0406 2020 System windows directory: C:\WINDOWS
2011/09/08 23:33:43.0406 2020 Processor architecture: Intel x86
2011/09/08 23:33:43.0406 2020 Number of processors: 2
2011/09/08 23:33:43.0406 2020 Page size: 0x1000
2011/09/08 23:33:43.0406 2020 Boot type: Normal boot
2011/09/08 23:33:43.0406 2020 ================================================================================
2011/09/08 23:33:46.0656 2020 Initialize success
2011/09/08 23:33:52.0125 1904 ================================================================================
2011/09/08 23:33:52.0125 1904 Scan started
2011/09/08 23:33:52.0125 1904 Mode: Manual;
2011/09/08 23:33:52.0125 1904 ================================================================================
2011/09/08 23:33:54.0281 1904 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/09/08 23:33:54.0640 1904 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/08 23:33:54.0968 1904 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/09/08 23:33:55.0281 1904 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/08 23:33:55.0500 1904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/08 23:33:56.0078 1904 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/08 23:33:56.0421 1904 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/08 23:33:56.0609 1904 afcdp (f132d0bfde7c5ea1ab42325c5694a969) C:\WINDOWS\system32\DRIVERS\afcdp.sys
2011/09/08 23:33:56.0953 1904 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/08 23:33:57.0296 1904 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/08 23:33:57.0687 1904 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/08 23:33:58.0093 1904 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/08 23:33:58.0281 1904 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/08 23:33:58.0625 1904 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/08 23:33:58.0937 1904 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/08 23:33:59.0281 1904 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/08 23:33:59.0718 1904 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/09/08 23:34:00.0140 1904 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/08 23:34:00.0500 1904 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/08 23:34:00.0703 1904 ApfiltrService (0f83cb9bcb247869bcad28026b8f134b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/09/08 23:34:01.0218 1904 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/08 23:34:01.0609 1904 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/08 23:34:01.0812 1904 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/08 23:34:02.0187 1904 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/08 23:34:02.0718 1904 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/09/08 23:34:02.0937 1904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/08 23:34:03.0296 1904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/08 23:34:03.0546 1904 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/08 23:34:03.0937 1904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/08 23:34:04.0109 1904 automap (99288f6ff063cfb9b3f1d3238c9208ab) C:\WINDOWS\system32\DRIVERS\automap.sys
2011/09/08 23:34:04.0421 1904 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/09/08 23:34:04.0671 1904 b57w2k (b9391a83f075351c923c3a37c53af396) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/09/08 23:34:05.0062 1904 BCMIDI (c2f56b680c4207521630c013e0ece002) C:\WINDOWS\system32\Drivers\bcmidi2.sys
2011/09/08 23:34:05.0234 1904 BCR2000 (1c2b385adebde32d5f7c13cb2c608817) C:\WINDOWS\system32\drivers\bcr2000.sys
2011/09/08 23:34:05.0546 1904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/08 23:34:06.0187 1904 btaudio (b6e16da77eafe84a8c5bc44784feeaea) C:\WINDOWS\system32\drivers\btaudio.sys
2011/09/08 23:34:06.0703 1904 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/09/08 23:34:07.0015 1904 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/09/08 23:34:07.0218 1904 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/09/08 23:34:07.0593 1904 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/09/08 23:34:07.0765 1904 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/09/08 23:34:08.0140 1904 BTKRNL (ef5e0de0a7ca2977a9255f36f4d915ab) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/09/08 23:34:08.0593 1904 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/09/08 23:34:08.0781 1904 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/09/08 23:34:09.0156 1904 btwmodem (8bcd7bfe9c70a8ff7444263435b18aa1) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/09/08 23:34:09.0281 1904 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/09/08 23:34:09.0640 1904 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/08 23:34:09.0796 1904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/08 23:34:09.0953 1904 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/08 23:34:10.0312 1904 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/08 23:34:10.0484 1904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/08 23:34:10.0828 1904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/08 23:34:11.0031 1904 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/08 23:34:11.0375 1904 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/09/08 23:34:11.0953 1904 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/08 23:34:12.0125 1904 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/08 23:34:12.0343 1904 CnxtHdAudService (e2d7f6af93fe72dd840802797fafe4d3) C:\WINDOWS\system32\drivers\CHDAU32.sys
2011/09/08 23:34:12.0703 1904 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/08 23:34:13.0031 1904 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/08 23:34:13.0250 1904 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/09/08 23:34:13.0703 1904 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\WINDOWS\system32\DRIVERS\CSCrySec.sys
2011/09/08 23:34:13.0937 1904 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
2011/09/08 23:34:14.0218 1904 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/08 23:34:14.0406 1904 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/08 23:34:14.0859 1904 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/08 23:34:15.0109 1904 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/08 23:34:15.0546 1904 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/09/08 23:34:16.0031 1904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/08 23:34:16.0406 1904 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/08 23:34:16.0687 1904 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/08 23:34:17.0031 1904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/08 23:34:17.0406 1904 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/08 23:34:17.0796 1904 ewusbnet (4fd02e31eac2cbc81eb08a1ce81e73a2) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
2011/09/08 23:34:18.0687 1904 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
2011/09/08 23:34:19.0062 1904 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/08 23:34:19.0468 1904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/08 23:34:19.0687 1904 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/08 23:34:20.0046 1904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/08 23:34:20.0406 1904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/08 23:34:20.0765 1904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/08 23:34:21.0171 1904 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/08 23:34:21.0484 1904 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/09/08 23:34:21.0687 1904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/08 23:34:22.0078 1904 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/08 23:34:22.0375 1904 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/08 23:34:23.0250 1904 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/08 23:34:23.0609 1904 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/09/08 23:34:24.0062 1904 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/09/08 23:34:24.0484 1904 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/08 23:34:24.0828 1904 huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
2011/09/08 23:34:25.0171 1904 hwdatacard (3e3bfe85b9fe3720bf4c108f57c945fb) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/09/08 23:34:25.0796 1904 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/08 23:34:26.0187 1904 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/08 23:34:26.0546 1904 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/08 23:34:27.0156 1904 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/08 23:34:27.0718 1904 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/09/08 23:34:28.0171 1904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/08 23:34:28.0765 1904 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/08 23:34:29.0218 1904 IntcAzAudAddService (aa5eefcdb0869d45560fab917316645a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/08 23:34:29.0859 1904 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/08 23:34:30.0250 1904 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/08 23:34:30.0453 1904 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/08 23:34:30.0781 1904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/08 23:34:31.0000 1904 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/08 23:34:31.0343 1904 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/08 23:34:31.0531 1904 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/08 23:34:31.0859 1904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/08 23:34:32.0265 1904 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/08 23:34:32.0593 1904 JMCR (a69a1b991824b98f744913555f665893) C:\WINDOWS\system32\DRIVERS\jmcr.sys
2011/09/08 23:34:32.0875 1904 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/08 23:34:33.0156 1904 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/08 23:34:33.0468 1904 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2011/09/08 23:34:33.0765 1904 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\DRIVERS\klbg.sys
2011/09/08 23:34:34.0000 1904 KLIF (cf9f89b7b5e08beb60e52dd7ff3a69e5) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/09/08 23:34:34.0265 1904 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/09/08 23:34:34.0546 1904 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/09/08 23:34:34.0750 1904 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/08 23:34:35.0156 1904 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/08 23:34:35.0703 1904 LBeepKE (5644acfa1b281ce2212353552147d1a0) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/09/08 23:34:36.0390 1904 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/09/08 23:34:36.0875 1904 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/09/08 23:34:37.0546 1904 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/09/08 23:34:37.0812 1904 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/08 23:34:38.0109 1904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/08 23:34:38.0578 1904 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/08 23:34:39.0000 1904 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/09/08 23:34:39.0437 1904 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/08 23:34:39.0828 1904 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/08 23:34:40.0218 1904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/08 23:34:41.0593 1904 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/08 23:34:41.0812 1904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/08 23:34:42.0203 1904 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/08 23:34:42.0812 1904 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/08 23:34:43.0046 1904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/08 23:34:43.0421 1904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/08 23:34:43.0625 1904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/08 23:34:44.0015 1904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/08 23:34:44.0250 1904 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/08 23:34:44.0687 1904 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/08 23:34:44.0953 1904 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/08 23:34:45.0250 1904 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/08 23:34:45.0718 1904 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/08 23:34:46.0031 1904 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/08 23:34:46.0250 1904 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/08 23:34:46.0531 1904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/08 23:34:46.0828 1904 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/08 23:34:47.0062 1904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/08 23:34:47.0343 1904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/08 23:34:47.0937 1904 NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/09/08 23:34:48.0609 1904 NETwNx32 (d51118ea7f2699cce54e9646465c233b) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
2011/09/08 23:34:49.0312 1904 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\WINDOWS\system32\ckldrv.sys
2011/09/08 23:34:49.0468 1904 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/08 23:34:49.0890 1904 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/08 23:34:50.0187 1904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/08 23:34:50.0781 1904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/08 23:34:51.0140 1904 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/08 23:34:51.0640 1904 NvnUsbAudio (8dd29b418c65aca68b461c667287ebaf) C:\WINDOWS\system32\DRIVERS\nvnusbaudio.sys
2011/09/08 23:34:51.0906 1904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/08 23:34:52.0281 1904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/08 23:34:52.0531 1904 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/08 23:34:52.0953 1904 pae_1394 (3dec2c9480bb0e9b145c6b1962d6a05f) C:\WINDOWS\system32\Drivers\pae_1394.sys
2011/09/08 23:34:53.0296 1904 pae_avs (3b908161579fec397b17b4d92977d124) C:\WINDOWS\system32\Drivers\pae_avs.sys
2011/09/08 23:34:53.0593 1904 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/09/08 23:34:53.0953 1904 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/08 23:34:54.0343 1904 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/08 23:34:54.0703 1904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/08 23:34:55.0265 1904 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/08 23:34:55.0796 1904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/08 23:34:56.0156 1904 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/08 23:34:57.0296 1904 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/08 23:34:57.0593 1904 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/08 23:34:58.0109 1904 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/09/08 23:34:58.0375 1904 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2011/09/08 23:34:58.0781 1904 PMHler (c6114ccd63db3925a0450b1089ece503) C:\WINDOWS\system32\drivers\PMHler.sys
2011/09/08 23:34:59.0281 1904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/08 23:34:59.0656 1904 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/08 23:35:00.0078 1904 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
2011/09/08 23:35:00.0484 1904 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/08 23:35:01.0062 1904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/08 23:35:01.0468 1904 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/08 23:35:01.0765 1904 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/08 23:35:02.0125 1904 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/08 23:35:02.0390 1904 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/08 23:35:02.0796 1904 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/08 23:35:03.0187 1904 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/08 23:35:03.0578 1904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/08 23:35:04.0046 1904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/08 23:35:04.0515 1904 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/08 23:35:04.0875 1904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/08 23:35:05.0140 1904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/08 23:35:05.0578 1904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/08 23:35:06.0015 1904 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/08 23:35:06.0468 1904 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/08 23:35:07.0000 1904 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/08 23:35:07.0515 1904 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/09/08 23:35:08.0265 1904 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/08 23:35:08.0687 1904 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/08 23:35:09.0250 1904 SAVRKBootTasks (e5c587c0668f83e799d1c43bc53e5e37) C:\WINDOWS\system32\SAVRKBootTasks.sys
2011/09/08 23:35:09.0796 1904 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/09/08 23:35:10.0250 1904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/08 23:35:11.0421 1904 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/08 23:35:11.0953 1904 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/08 23:35:12.0640 1904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/08 23:35:13.0265 1904 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/08 23:35:13.0687 1904 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/08 23:35:14.0234 1904 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/09/08 23:35:14.0546 1904 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/08 23:35:14.0937 1904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/08 23:35:15.0265 1904 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/08 23:35:15.0718 1904 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/08 23:35:16.0171 1904 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/08 23:35:16.0609 1904 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/08 23:35:16.0984 1904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/08 23:35:17.0484 1904 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/08 23:35:17.0859 1904 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/08 23:35:18.0187 1904 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/08 23:35:18.0437 1904 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/08 23:35:18.0828 1904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/08 23:35:19.0281 1904 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2011/09/08 23:35:19.0687 1904 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/08 23:35:20.0203 1904 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/08 23:35:20.0921 1904 tdrpman251 (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
2011/09/08 23:35:21.0281 1904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/08 23:35:21.0687 1904 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/08 23:35:22.0140 1904 tifsfilter (1d4e8d7041ca9069f65e132249a81b6d) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/09/08 23:35:22.0515 1904 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/09/08 23:35:22.0921 1904 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/08 23:35:23.0265 1904 TPkd (35255ededd214aaa0820f10b2af0f808) C:\WINDOWS\system32\drivers\TPkd.sys
2011/09/08 23:35:23.0656 1904 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
2011/09/08 23:35:24.0109 1904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/08 23:35:24.0625 1904 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/08 23:35:25.0031 1904 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/08 23:35:25.0609 1904 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/08 23:35:26.0046 1904 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/08 23:35:26.0468 1904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/08 23:35:26.0890 1904 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/08 23:35:27.0328 1904 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/08 23:35:27.0781 1904 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/08 23:35:28.0234 1904 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/08 23:35:28.0687 1904 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/08 23:35:29.0109 1904 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/08 23:35:29.0562 1904 V0090VID (58567a3e213209fc5d787d1f42941a06) C:\WINDOWS\system32\DRIVERS\V0090Vid.sys
2011/09/08 23:35:30.0046 1904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/08 23:35:30.0437 1904 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/08 23:35:31.0015 1904 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/08 23:35:31.0421 1904 vm331avs (b9dfda5510fffb6c8b825271e3e3d2e0) C:\WINDOWS\system32\Drivers\vm331avs.sys
2011/09/08 23:35:31.0875 1904 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/08 23:35:32.0406 1904 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/08 23:35:32.0828 1904 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/09/08 23:35:33.0734 1904 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/08 23:35:34.0234 1904 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/08 23:35:35.0375 1904 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/08 23:35:35.0859 1904 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/08 23:35:36.0312 1904 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/08 23:35:37.0390 1904 MBR (0x1B8) (4242ed2ee0db4e0a0925aa6400e1183f) \Device\Harddisk0\DR0
2011/09/08 23:35:37.0718 1904 MBR (0x1B8) (8a5942164bc1470c2d2d38aced367cc2) \Device\Harddisk1\DR8
2011/09/08 23:35:37.0828 1904 Boot (0x1200) (b054c0377d3badab58b8cff3afe42854) \Device\Harddisk0\DR0\Partition0
2011/09/08 23:35:37.0968 1904 Boot (0x1200) (b6e19ca9916e365bd948d57f4b792ea7) \Device\Harddisk0\DR0\Partition1
2011/09/08 23:35:38.0125 1904 Boot (0x1200) (f1c2287c7de9f78a1485b0e047a3b84f) \Device\Harddisk0\DR0\Partition2
2011/09/08 23:35:38.0234 1904 Boot (0x1200) (fcce96e024f6fcd39589ccd7e413e2ab) \Device\Harddisk1\DR8\Partition0
2011/09/08 23:35:38.0328 1904 ================================================================================
2011/09/08 23:35:38.0328 1904 Scan finished
2011/09/08 23:35:38.0328 1904 ================================================================================
2011/09/08 23:35:38.0468 3232 Detected object count: 0
2011/09/08 23:35:38.0468 3232 Actual detected object count: 0

#8 Casey_boy

Bleeping physicist

Group: Malware Response Instructor
Posts: 5,218
Joined: 02-January 09
Gender:Male
Location:United Kingdom

Posted 09 September 2011 - 03:51 PM

Hi,

P2P Warning

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

I strongly recommend that you uninstall these programs, however, should you decide to keep this program please refrain from using it until we get your computer clean and always show caution in any files you download.

:step2:

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
If prompted with a legal dialog, accept the warning.
Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press
Click on
Click on
Uncheck this checkbox:
Close/Exit Spybot Search and Destroy

I notice you have a plethora of antimalware programs/rootkit scanners/registry scanners installed on your PC. Whilst you may think this is benefical - this may well be the cause of your problems.

My advice is to uninstall everything security related - except for MalwareBytes AntiMalware. I would then recommend installing an anti-virus product such as Microsoft Security Essentials.

:step4:

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:otl
IE - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=100368&mntrId=1c1d839500000000000000216b3c9e58
IE - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: http://search.babylon.com/?babsrc=HP_ss&affID=100368&mntrId=1c1d839500000000000000216b3c9e58
FF - prefs.js..extensions.enabledItems: {B2EA3FAB-912C-48a1-BABD-C5B00BB885BB}:1.8
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&affID=100368&mntrId=1c1d839500000000000000216b3c9e58&q="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
[2011/09/05 16:50:45 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\ffxtlbr@babylon.com
[2011/09/05 16:50:22 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [Freecorder FLV Service] File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] File not found
O4 - HKLM..\Run: [IntelWireless] File not found
O4 - HKLM..\Run: [SkyTel] File not found
O32 - AutoRun File - [2006/04/30 08:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{49b5476c-32d4-11e0-bd2f-002269f3cf7d}\Shell - "" = AutoRun
O33 - MountPoints2\{49b5476c-32d4-11e0-bd2f-002269f3cf7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49b5476c-32d4-11e0-bd2f-002269f3cf7d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{49b5476f-32d4-11e0-bd2f-002269f3cf7d}\Shell - "" = AutoRun
O33 - MountPoints2\{49b5476f-32d4-11e0-bd2f-002269f3cf7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49b5476f-32d4-11e0-bd2f-002269f3cf7d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{acbddbc2-3528-11de-94ba-00216b3c9e58}\Shell\AutoRun\command - "" = k1d.exe
O33 - MountPoints2\{acbddbc2-3528-11de-94ba-00216b3c9e58}\Shell\open\Command - "" = k1d.exe
O33 - MountPoints2\{ba6ab240-6abe-11e0-abbc-001e101ff602}\Shell - "" = AutoRun
O33 - MountPoints2\{ba6ab240-6abe-11e0-abbc-001e101ff602}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba6ab240-6abe-11e0-abbc-001e101ff602}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f4caef7e-0041-11df-bb6f-002269f3cf7d}\Shell - "" = AutoRun
O33 - MountPoints2\{f4caef7e-0041-11df-bb6f-002269f3cf7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4caef81-0041-11df-bb6f-002269f3cf7d}\Shell - "" = AutoRun
O33 - MountPoints2\{f4caef81-0041-11df-bb6f-002269f3cf7d}\Shell\AutoRun - "" = Auto&Play
[2011/09/05 16:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/09/05 16:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Local Settings\Application Data\Babylon
[2011/09/05 16:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/09/05 16:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\Babylon
[2011/09/04 23:38:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\x64
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\WgaTray.exe: SummaryInformation
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDF51F17
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD

:commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.

* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *

#9 J Cccccccccc

Member

Group: Members
Posts: 32
Joined: 07-August 11

Posted 09 September 2011 - 04:00 PM

Ok going to give this a go now.. uninstalling Glary Utilities and uTorrent also.

#10 J Cccccccccc

Member

Group: Members
Posts: 32
Joined: 07-August 11

Posted 09 September 2011 - 04:09 PM

All processes killed
========== OTL ==========
HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3137458556-2241964357-1189253063-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Freecorder Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: http://search.babylon.com/?babsrc=HP_ss&affID=100368&mntrId=1c1d839500000000000000216b3c9e58 removed from browser.startup.homepage
Prefs.js: {B2EA3FAB-912C-48a1-BABD-C5B00BB885BB}:1.8 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "http://search.babylon.com/?babsrc=adbartrp&affID=100368&mntrId=1c1d839500000000000000216b3c9e58&q=" removed from keyword.URL
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17\ deleted successfully.
C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\ab9c9ruq.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{381FFDE8-2394-4F90-B10D-FC6124A40F8C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{381FFDE8-2394-4F90-B10D-FC6124A40F8C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_USERS\S-1-5-21-3137458556-2241964357-1189253063-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3137458556-2241964357-1189253063-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3137458556-2241964357-1189253063-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Freecorder FLV Service deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HPDJ Taskbar Utility deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IntelWireless deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SkyTel deleted successfully.
C:\AUTOEXEC.BAT moved successfully.
File D:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b5476c-32d4-11e0-bd2f-002269f3cf7d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b5476c-32d4-11e0-bd2f-002269f3cf7d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b5476c-32d4-11e0-bd2f-002269f3cf7d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b5476c-32d4-11e0-bd2f-002269f3cf7d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b5476c-32d4-11e0-bd2f-002269f3cf7d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b5476c-32d4-11e0-bd2f-002269f3cf7d}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b5476f-32d4-11e0-bd2f-002269f3cf7d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b5476f-32d4-11e0-bd2f-002269f3cf7d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b5476f-32d4-11e0-bd2f-002269f3cf7d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b5476f-32d4-11e0-bd2f-002269f3cf7d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b5476f-32d4-11e0-bd2f-002269f3cf7d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b5476f-32d4-11e0-bd2f-002269f3cf7d}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acbddbc2-3528-11de-94ba-00216b3c9e58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acbddbc2-3528-11de-94ba-00216b3c9e58}\ not found.
File k1d.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acbddbc2-3528-11de-94ba-00216b3c9e58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acbddbc2-3528-11de-94ba-00216b3c9e58}\ not found.
File k1d.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba6ab240-6abe-11e0-abbc-001e101ff602}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba6ab240-6abe-11e0-abbc-001e101ff602}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba6ab240-6abe-11e0-abbc-001e101ff602}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba6ab240-6abe-11e0-abbc-001e101ff602}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba6ab240-6abe-11e0-abbc-001e101ff602}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba6ab240-6abe-11e0-abbc-001e101ff602}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4caef7e-0041-11df-bb6f-002269f3cf7d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4caef7e-0041-11df-bb6f-002269f3cf7d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4caef7e-0041-11df-bb6f-002269f3cf7d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4caef7e-0041-11df-bb6f-002269f3cf7d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4caef81-0041-11df-bb6f-002269f3cf7d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4caef81-0041-11df-bb6f-002269f3cf7d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4caef81-0041-11df-bb6f-002269f3cf7d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4caef81-0041-11df-bb6f-002269f3cf7d}\ not found.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2 folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Babylon\Setup folder moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\Tony\Application Data\Babylon folder moved successfully.
C:\WINDOWS\System32\x64 folder moved successfully.
Unable to delete ADS C:\WINDOWS\System32\WgaTray.exe: SummaryInformation .
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CDF51F17 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 14466963 bytes
->Temporary Internet Files folder emptied: 1222585 bytes
->FireFox cache emptied: 3274360 bytes
->Opera cache emptied: 136690 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56468 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 1060296 bytes
->Temporary Internet Files folder emptied: 662660 bytes

User: profile

User: Tony
->Temp folder emptied: 136155333 bytes
->Temporary Internet Files folder emptied: 1129976 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 34334816 bytes
->Google Chrome cache emptied: 49773947 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 63958 bytes

User: tony higgins

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 9196897 bytes
%systemroot%\System32 .tmp files removed: 52224 bytes
%systemroot%\System32\dllcache .tmp files removed: 1011336 bytes
%systemroot%\System32\drivers .tmp files removed: 6044864 bytes
Windows Temp folder emptied: 33702179 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 126251416 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 399.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.27.0 log created on 09092011_220324

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_188.dat not found!

Registry entries deleted on Reboot...

#11 Casey_boy

Bleeping physicist

Group: Malware Response Instructor
Posts: 5,218
Joined: 02-January 09
Gender:Male
Location:United Kingdom

Posted 09 September 2011 - 04:31 PM

Please visit the online Jotti Virus Scanner

<--link

Browse to the following filepath:

C:\WINDOWS\System32\WgaTray.exe
Click on the button.
The scanner will check the file with various AV companies.
Copy and paste the results box into a reply to this thread.

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

How is your PC running?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.

* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *

#12 J Cccccccccc

Member

Group: Members
Posts: 32
Joined: 07-August 11

Posted 09 September 2011 - 07:47 PM

Jotti: all found nothing

ESET scanning now.

The computer is actually working great, it seems like an enormous number of hardware interrupts for the harddisk was the issue. But my graphics card is still not working, I get a Code 37 error for it (Mobile Intel 4 Series Chipset.) Thanks very much for help so far though, this is a pretty minor issue compared to my laptop being a snail!!

#13 Casey_boy

Bleeping physicist

Group: Malware Response Instructor
Posts: 5,218
Joined: 02-January 09
Gender:Male
Location:United Kingdom

Posted 10 September 2011 - 09:02 AM

Hi again J Cccccccccc,

Let me know how the ESET scan went

The graphics card issue might be resolved by uninstalling/reinstalling your graphics card driver. As for the hard drive issues, you should try running checkdisk.

Run CheckDisk

Double-click My Computer, and then right-click the hard disk that has your Windows installation on it.
Click Properties, and then click Tools.
Under Error-checking, click Check Now (you may need to enter your administrator password)]. A dialog box that shows the Check disk options is displayed,
Sselect the Scan for and attempt recovery of bad sectors check box, and then click Start.
Click Yes to schedule the disk check
Restart your PC

Note: this process will take some time, please allow it to run fully.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.

* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *

#14 J Cccccccccc

Member

Group: Members
Posts: 32
Joined: 07-August 11

Posted 10 September 2011 - 09:09 AM

Hi again, the ESET scan was just so slow that I had to stop it as I needed my computer today. I'm going to run it through the night tonight instead. Thanks very much for everything so far!!

The graphics card issue is baffling. I've tried uninstalling and reinstalling, rolling back drivers, completely uninstalling drivers and starting from scratch and manually directing the hardware dialogue to the location of the drivers. The device just doesn't want to hook up to the drivers or something for some reason. It's the last thing wrong I think now, everything else seems to be back to normal!!

#15 Casey_boy

Bleeping physicist

Group: Malware Response Instructor
Posts: 5,218
Joined: 02-January 09
Gender:Male
Location:United Kingdom

Posted 10 September 2011 - 05:17 PM

Hi,

If ESET is taking too long, it may have stalled. In which case we should try another scanner.

Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.

Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.
Read the "Advantages - Requirements and Limitations" then press the ... button.
You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the ... button.
Make sure these boxes are checked. By default, they should be. If not, please check them and click on the ... button afterwards:
- Detect malicious programs of the following categories:
  Viruses, Worms, Trojan Horses, Rootkits
  Spyware, Adware, Dialers and other potentially dangerous programs
- Scan compound files (doesn't apply to the File scan area):
  Archives
  Mail databases
Click on My Computer under the Scan section. OK any warnings from your protection programs.
The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
Click on Save Report As... and change the Files of type to Text file (.txt)
Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.

-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.

* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *