Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected


  • This topic is locked This topic is locked
17 replies to this topic

#1 novice4

novice4

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 14 October 2009 - 06:54 AM

very sluggish start up and computer running windows xp pro service pack 3.
when opening mozilla firefox avg pops up and says virus found and when doing a full scan in safe mode,Avg virus finds nothing,ran malware bytes found a few things,ran spybot,ran super anti spware,Adaware tried to run but seems to stall.
INSTALLED AND RAN DDS TOOL DOWNLOAD AND HAVE ATTACH REPORT TXT & DDS REPORT TXT
INSTALLED AND RAN ROOT REPEAL DOWNLOAD AND HAVE ARK .TXT REPORT
Awaiting for instuctions
thank you in advance



DDS (Ver_09-10-13.01) - NTFSx86 NETWORK
Run by adie at 12:56:49.87 on 14/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.200 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\adie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.yahoo.com/
uWindow Title = >>> 'Full Speed' Enabled <<<
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
uWindows: load=c:\docume~1\adie\locals~1\temp\ieudinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: -{71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
uExplorerRun: [ClipSrv] c:\windows\clipsrv.exe /waitservice
mExplorerRun: [ClipSrv] c:\windows\clipsrv.exe /waitservice
mExplorerRun: [Mstsc] c:\docume~1\adie\locals~1\applic~1\micros~1\mstsc.exe /waitservice
mExplorerRun: [Cisvc] c:\docume~1\adie\locals~1\applic~1\cisvc.exe /waitservice
dExplorerRun: [DllHst] c:\docume~1\adie\applic~1\micros~1\dllhst3g.exe /waitservice
StartupFolder: c:\docume~1\adie\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: live.com\login
Trusted Zone: orange.fr
Trusted Zone: weborama.fr\orange
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adie\applic~1\mozilla\firefox\profiles\78fr4enf.default\
FF - prefs.js: browser.search.selectedEngine - Google Search Community
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\adie\application data\mozilla\firefox\profiles\78fr4enf.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\adie\application data\mozilla\firefox\profiles\78fr4enf.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - component: c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
FF - component: c:\program files\mozilla firefox\extensions\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint_.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-25 108552]
S0 irglpc;irglpc;c:\windows\system32\drivers\qtji.sys --> c:\windows\system32\drivers\qtji.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-25 335240]
S1 ntiomin;ntiomin; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
S1 vcdrom;Virtual CD-ROM Device Driver;f:\xportableappsvcdrom\VCdRom.sys [2009-10-1 8576]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-25 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-25 297752]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-20 55152]
S2 gupdate1c98a0a4221bac0;Google Update Service (gupdate1c98a0a4221bac0);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]
S2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-5 30152]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 cpuz132;cpuz132;f:\liberkey\liberkey\apps\pcwizard\app\pcwizard\pcwiz32.sys [2009-10-1 12672]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-2-6 59328]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-5-12 79888]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-5-12 31952]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-10-13 21:21 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{BB36BADD-522D-4988-B24C-0D9C7F8078A1}
2009-10-13 21:20 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-12 12:47 <DIR> -cd----- c:\docume~1\adie\applic~1\Thinstall
2009-10-12 10:45 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-12 10:44 <DIR> -cd----- c:\program files\SUPERAntiSpyware
2009-10-12 10:44 <DIR> -cd----- c:\docume~1\adie\applic~1\SUPERAntiSpyware.com
2009-10-10 10:47 0 ac--h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-09 10:18 <DIR> -cd----- c:\program files\Secunia
2009-10-09 09:56 61,440 ac------ c:\windows\mstinit.exe
2009-10-08 14:04 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-10-08 10:33 0 ac------ c:\windows\system32\FOXIT_PDF
2009-10-02 21:33 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-10-02 21:33 <DIR> -cd----- c:\program files\DAEMON Tools Lite
2009-10-01 14:11 721,904 ac------ c:\windows\system32\drivers\sptd.sys
2009-10-01 14:11 <DIR> -cd----- c:\docume~1\adie\applic~1\DAEMON Tools Lite
2009-09-28 15:25 <DIR> -cd----- c:\program files\uTorrent
2009-09-28 15:25 <DIR> -cd----- c:\docume~1\adie\applic~1\uTorrent
2009-09-27 11:55 61,440 ac------ c:\windows\system\rsvp.exe
2009-09-21 11:33 61,440 ac------ c:\docume~1\adie\applic~1\comrepl.exe
2009-09-21 11:07 446,464 ac------ c:\windows\system32\NVUNINST.EXE
2009-09-21 10:03 <DIR> -cd----- C:\04-23-2008-0731

==================== Find3M ====================

2009-10-12 10:27 11,242 ac------ c:\windows\system32\nvModes.dat
2009-09-25 15:40 61,440 ac------ c:\windows\clipsrv.exe
2009-09-25 15:40 61,440 ac------ c:\docume~1\adie\applic~1\clipsrv.exe
2009-09-21 10:34 81,920 ac------ c:\windows\system32\nvsvc32.exe
2009-09-10 14:54 38,224 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 ac------ c:\windows\system32\drivers\mbam.sys
2009-09-02 11:05 44,544 -c------ c:\windows\AWuninstall.exe
2009-08-18 09:31 11,952 ac------ c:\windows\system32\avgrsstx.dll
2009-08-18 09:31 335,240 ac------ c:\windows\system32\drivers\avgldx86.sys
2009-08-05 11:01 204,800 ac------ c:\windows\system32\mswebdvd.dll
2009-07-25 14:01 57,344 ac------ c:\docume~1\adie\applic~1\mqtgsvc.exe
2009-07-25 05:23 411,368 ac------ c:\windows\system32\deploytk.dll
2009-07-17 21:01 58,880 ac------ c:\windows\system32\atl.dll
2007-11-19 13:13 32 -c------ c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-11-30 00:54 3,766 -c-sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-20 02:01 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042020090421\index.dat

============= FINISH: 12:58:25.83 ===============

Attached Files


Edited by novice4, 15 October 2009 - 03:37 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:56 AM

Posted 15 October 2009 - 10:41 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll

  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 novice4

novice4
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 15 October 2009 - 03:14 PM

Hello Sam, :(
thanks for you reply and your help.
Here are the logs from the downloads you asked for.
No problems downloading or starting or updating Malwarebytes or OTL Everything ran fine.

Computer still slow on start up and connecting to internet and lags on loading pages.
other Programmes slow to launch.
thanks again for your time and help much appreciated.
Adie




Malwarebytes' Anti-Malware 1.41
Database version: 2968
Windows 5.1.2600 Service Pack 3

15/10/2009 21:17:11
mbam-log-2009-10-15 (21-17-11).txt

Scan type: Quick Scan
Objects scanned: 102141
Time elapsed: 25 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\IEudinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\MstInit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\CmSTP (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\mstinit.exe (Trojan.Zaplo) -> Quarantined and deleted successfully.
C:\Documents and Settings\adie\Application Data\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\adie\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\adie\Local Settings\Application Data\ieudinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\adie\Application Data\mstinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\adie\Local Settings\Temp\cmstp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\adie\Application Data\mqtgsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

----------------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 15/10/2009 21:39:30 - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\adie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.23 Mb Total Physical Memory | 46.14 Mb Available Physical Memory | 9.02% Memory free
1.22 Gb Paging File | 0.62 Gb Available in Paging File | 51.23% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 26.12 Gb Free Space | 46.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DALLAWAY-78JOFZ
Current User Name: adie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/15 21:27:48 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/15 21:14:04 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adie\Desktop\OTL.exe
PRC - [2009/10/14 14:38:06 | 00,778,072 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/14 14:38:02 | 01,169,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/07 10:08:38 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/25 15:40:56 | 00,061,440 | ---- | M] () -- C:\WINDOWS\clipsrv.exe
PRC - [2009/09/21 10:34:27 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/09/10 10:13:55 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/21 10:15:32 | 00,900,816 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2009/08/18 09:31:40 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/18 09:31:36 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/18 09:31:25 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/18 09:31:00 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/18 09:29:54 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/16 13:20:16 | 25,604,904 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/05/25 17:43:18 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\SkypePM.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/14 02:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2008/04/14 02:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2008/04/14 02:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/04/04 19:10:26 | 00,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/01/22 22:50:56 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2007/10/23 10:29:56 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2007/07/02 14:29:22 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 17:44:44 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apntex.exe
PRC - [2007/05/22 15:18:56 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/01/04 23:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2006/09/08 16:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\HidFind.exe
PRC - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2004/03/04 20:59:30 | 00,487,424 | ---- | M] () -- C:\Program Files\Dell\QuickSet\Quickset.exe
PRC - [2004/02/23 11:56:18 | 00,561,152 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2004/02/20 16:14:04 | 00,045,056 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe
PRC - [2004/02/04 07:28:16 | 00,053,248 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
PRC - [2004/01/09 10:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe
PRC - [2004/01/09 10:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe
PRC - [2003/07/16 18:42:45 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/14 14:38:02 | 01,169,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/09/21 10:34:27 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009/09/04 09:46:25 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/08/18 09:31:00 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/18 09:29:54 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2009/02/08 18:27:56 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98a0a4221bac0 [Auto | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/14 02:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2008/04/14 02:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2008/04/14 02:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2008/04/14 02:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2008/04/14 02:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/04 19:10:26 | 00,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service [Auto | Running])
SRV - [2008/01/22 22:50:56 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC [Auto | Running])
SRV - [2007/12/06 18:09:22 | 00,138,680 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2007/10/23 10:29:56 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])
SRV - [2006/10/19 05:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/02/20 16:14:04 | 00,045,056 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (WLTRYSVC [Auto | Running])
SRV - [2004/02/04 07:28:16 | 00,053,248 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2004/01/09 10:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2004/01/09 10:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2003/07/16 18:41:47 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2003/04/29 14:29:54 | 00,139,264 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2001/09/10 19:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\..\URLSearchHook: 0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\..\URLSearchHook: 08C06D61-F1F3-4799-86F8-BE1A89362C85} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\S-1-5-21-73586283-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\S-1-5-21-73586283-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google Search Community"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:5.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.78
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.2
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.5
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.30
FF - prefs.js..extensions.enabledItems: {8B8A525A-CFCA-44cf-81C3-3969E6CB96E0}:2.8.2.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/04 10:28:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/11 13:14:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/21 23:22:55 | 00,000,000 | ---D | M]

[2009/05/18 09:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Extensions
[2009/05/18 09:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/13 20:46:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions
[2009/08/20 13:44:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2008/08/23 10:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2)
[2009/02/25 13:24:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(3)
[2009/07/04 11:41:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/14 09:58:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/08/05 13:34:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{8B8A525A-CFCA-44cf-81C3-3969E6CB96E0}
[2009/10/08 23:29:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/05/14 10:24:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{C1273352-9340-4d54-A6D7-17DC157EC0B9}
[2009/09/21 12:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2009/08/30 10:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2009/08/30 10:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}-trash
[2009/09/03 18:53:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/06/26 22:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/09/11 12:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\capturefoxmovie@advancity.net
[2009/10/01 14:33:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\firebug@software.joehewitt.com
[2009/07/09 20:05:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\seo-blogger@wordtracker.com
[2008/07/20 10:03:16 | 00,001,579 | ---- | M] () -- C:\Documents and Settings\adie\Application Data\Mozilla\FireFox\Profiles\78fr4enf.default\searchplugins\aol-search.xml
[2008/06/21 23:27:09 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\adie\Application Data\Mozilla\FireFox\Profiles\78fr4enf.default\searchplugins\askcom.xml
[2008/05/30 19:58:52 | 00,001,944 | ---- | M] () -- C:\Documents and Settings\adie\Application Data\Mozilla\FireFox\Profiles\78fr4enf.default\searchplugins\live-search.xml
[2008/05/30 19:58:52 | 00,001,071 | ---- | M] () -- C:\Documents and Settings\adie\Application Data\Mozilla\FireFox\Profiles\78fr4enf.default\searchplugins\lonely-planet-online.xml
[2008/06/06 20:46:13 | 00,001,961 | ---- | M] () -- C:\Documents and Settings\adie\Application Data\Mozilla\FireFox\Profiles\78fr4enf.default\searchplugins\technorati.xml
[2009/10/13 20:46:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/09 10:43:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
[2009/09/10 10:14:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/21 23:23:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 11:40:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 23:02:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/10 10:13:54 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 10:13:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/19 11:58:22 | 00,049,152 | ---- | M] () -- C:\Program Files\mozilla firefox\components\SiteVacuumXPCOM.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/09/10 01:09:32 | 00,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/10 10:13:57 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/05 21:59:06 | 00,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/10 13:27:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/10 13:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/10 13:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/10 13:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/10 13:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/10 13:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/10 13:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/03/10 01:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/07/25 08:46:05 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/25 08:46:05 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/24 22:37:33 | 00,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2007/07/26 13:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2009/07/25 08:46:05 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/25 08:46:06 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/25 08:46:06 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/24 15:58:57 | 00,002,817 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SiteVacuum.xml
[2009/07/25 08:46:06 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/25 08:46:06 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (344494 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 www.1800searchonline.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 11835 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Guard for Internet Explorer) - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll (Lavasoft AB)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - -{71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-73586283-706699826-854245398-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-73586283-706699826-854245398-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMCTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-73586283-706699826-854245398-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-73586283-706699826-854245398-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\adie\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
F3 - HKU\S-1-5-21-73586283-706699826-854245398-1003 WinNT: Load - (C:\DOCUME~1\adie\LOCALS~1\APPLIC~1\comrepl.exe) - C:\Documents and Settings\adie\Local Settings\Application Data\comrepl.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-706699826-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-73586283-706699826-854245398-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-73586283-706699826-854245398-1003\..Trusted Domains: live.com ([login] http in Trusted sites)
O15 - HKU\S-1-5-21-73586283-706699826-854245398-1003\..Trusted Domains: orange.fr ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73586283-706699826-854245398-1003\..Trusted Domains: weborama.fr ([orange] http in Trusted sites)
O15 - HKU\S-1-5-21-73586283-706699826-854245398-1003\..Trusted Domains: 73 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe (CamfrogWEB Advanced Unicode Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop Components:1 () - http://www.ddbeautyproducts.com/
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{47ecdee0-fda9-11dc-a9cf-000cf13ca8b7}\Shell - "" = AutoRun
O33 - MountPoints2\{47ecdee0-fda9-11dc-a9cf-000cf13ca8b7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{47ecdee0-fda9-11dc-a9cf-000cf13ca8b7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/r) - File not found
O34 - HKLM BootExecute: (\??\E:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: AppMgmt - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/13 21:21:10 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BB36BADD-522D-4988-B24C-0D9C7F8078A1}
[2009/10/13 21:20:15 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/04 18:26:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/10/02 21:33:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/12 10:45:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/12 10:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\adie\Application Data\SUPERAntiSpyware.com
[2009/10/12 12:47:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\adie\Application Data\Thinstall
[2009/10/08 16:15:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\adie\Local Settings\Application Data\Runscanner.net
[2009/10/12 12:47:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\adie\Local Settings\Application Data\Thinstall
[2009/10/04 18:26:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/10/08 14:04:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/02 21:33:23 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/10/14 14:33:41 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/09 10:18:22 | 00,000,000 | ---D | C] -- C:\Program Files\Secunia
[2009/10/12 10:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/15 21:14:01 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\adie\Desktop\OTL.exe
[2009/10/15 11:13:09 | 00,559,976 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\adie\Desktop\autorunsc.exe
[2009/10/15 11:13:08 | 00,669,032 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\adie\Desktop\autoruns.exe
[2009/10/14 14:40:50 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/10/11 10:11:45 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\adie\Desktop\TFC.exe
[2009/10/08 14:05:24 | 00,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 14 Days ==========

[2009/10/15 21:55:32 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/15 21:36:24 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/15 21:26:41 | 00,011,242 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/10/15 21:24:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/15 21:23:50 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/15 21:23:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/15 21:23:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/15 21:19:39 | 05,942,524 | -H-- | M] () -- C:\Documents and Settings\adie\Local Settings\Application Data\IconCache.db
[2009/10/15 21:14:04 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adie\Desktop\OTL.exe
[2009/10/15 21:01:04 | 00,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/10/15 20:48:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 10:00:01 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\JkDefrag.job
[2009/10/15 09:17:01 | 00,027,506 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/15 09:17:00 | 42,879,815 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/14 23:02:50 | 00,628,542 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 23:02:50 | 00,532,310 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 23:02:50 | 00,103,410 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 18:46:45 | 00,011,242 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/10/14 14:35:01 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/14 10:50:50 | 00,344,494 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/13 20:24:29 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/10/13 10:20:20 | 00,669,032 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\adie\Desktop\autoruns.exe
[2009/10/13 10:20:20 | 00,559,976 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\adie\Desktop\autorunsc.exe
[2009/10/12 13:07:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/12 12:22:15 | 00,000,281 | ---- | M] () -- C:\WINDOWS\ImageInc.ini
[2009/10/12 10:45:13 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/11 11:17:53 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\adie\Local Settings\Application Data\housecall.guid.cache
[2009/10/11 10:11:47 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adie\Desktop\TFC.exe
[2009/10/10 10:47:54 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/09 10:18:57 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\adie\Start Menu\Programs\Startup\Secunia PSI.lnk
[2009/10/08 20:47:24 | 00,000,690 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/08 10:33:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\FOXIT_PDF
[2009/10/08 10:33:40 | 00,057,222 | ---- | M] () -- C:\Documents and Settings\adie\My Documents\TARIF GROSSISTE 2009.pdf
[2009/10/08 09:04:02 | 00,000,723 | ---- | M] () -- C:\Documents and Settings\adie\Desktop\Internet Explorer.lnk
[2009/10/07 16:38:43 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/10/07 14:01:33 | 02,477,617 | ---- | M] () -- C:\Documents and Settings\adie\My Documents\img051.jpg
[2009/10/07 13:58:02 | 01,795,406 | ---- | M] () -- C:\Documents and Settings\adie\My Documents\img050.jpg
[2009/10/06 19:58:06 | 00,853,416 | ---- | M] () -- C:\Documents and Settings\adie\My Documents\Shipping.jpg
[2009/10/06 13:50:29 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\adie\Desktop\CCleaner.lnk
[2009/10/04 23:59:21 | 02,265,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/04 20:31:27 | 00,110,592 | ---- | M] () -- C:\Documents and Settings\adie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/03 10:05:18 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/02 21:33:28 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk

========== Files - No Company Name ==========
[2009/10/15 21:27:42 | 00,061,440 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\comrepl.exe
[2009/10/15 11:13:08 | 00,048,904 | ---- | C] () -- C:\Documents and Settings\adie\Desktop\autoruns.chm
[2009/10/14 14:35:01 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/12 10:45:13 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/11 11:17:53 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\housecall.guid.cache
[2009/10/10 10:47:54 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/09 10:18:57 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\adie\Start Menu\Programs\Startup\Secunia PSI.lnk
[2009/10/08 10:33:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\FOXIT_PDF
[2009/10/08 10:33:35 | 00,057,222 | ---- | C] () -- C:\Documents and Settings\adie\My Documents\TARIF GROSSISTE 2009.pdf
[2009/10/08 09:04:02 | 00,000,723 | ---- | C] () -- C:\Documents and Settings\adie\Desktop\Internet Explorer.lnk
[2009/10/07 13:59:34 | 02,477,617 | ---- | C] () -- C:\Documents and Settings\adie\My Documents\img051.jpg
[2009/10/07 13:58:01 | 01,795,406 | ---- | C] () -- C:\Documents and Settings\adie\My Documents\img050.jpg
[2009/10/06 19:58:06 | 00,853,416 | ---- | C] () -- C:\Documents and Settings\adie\My Documents\Shipping.jpg
[2009/10/05 00:01:24 | 00,061,440 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\cisvc.exe
[2009/10/02 21:33:27 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2009/10/01 14:11:43 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/09/30 19:05:40 | 00,061,440 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\logman.exe
[2009/09/21 11:33:50 | 00,061,440 | ---- | C] () -- C:\Documents and Settings\adie\Application Data\comrepl.exe
[2009/09/21 08:06:05 | 00,061,440 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\rsvp.exe
[2009/09/02 14:42:20 | 00,000,011 | ---- | C] () -- C:\WINDOWS\3DShadow.INI
[2009/09/02 11:16:44 | 00,000,281 | ---- | C] () -- C:\WINDOWS\ImageInc.ini
[2009/08/08 10:36:08 | 00,061,440 | ---- | C] () -- C:\Documents and Settings\adie\Application Data\clipsrv.exe
[2009/08/07 22:34:45 | 00,000,209 | ---- | C] () -- C:\WINDOWS\WebPage.INI
[2009/07/24 13:33:10 | 00,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/06/19 09:37:41 | 00,000,040 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/05/29 11:10:01 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/05/29 11:10:01 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/05/29 11:09:37 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/05/29 11:09:36 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/05/29 11:09:35 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/05/29 11:09:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/05/12 22:01:04 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/12 22:00:59 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/12 22:00:57 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/12 22:00:57 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/02/17 00:03:24 | 00,000,017 | -H-- | C] () -- C:\Documents and Settings\adie\Application Data\mpdt294
[2009/02/17 00:03:15 | 00,000,350 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
[2009/01/31 19:11:28 | 00,000,107 | ---- | C] () -- C:\WINDOWS\ImgMap.INI
[2008/08/14 23:09:47 | 00,000,370 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2008/07/06 20:56:57 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\PUTTY.RND
[2008/07/06 13:20:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/07/05 12:25:28 | 00,115,712 | ---- | C] () -- C:\Documents and Settings\adie\Application Data\SharedSettings.ccs
[2008/07/05 12:25:08 | 00,000,208 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll
[2008/06/01 17:15:45 | 00,000,080 | ---- | C] () -- C:\WINDOWS\SiteSpiderforms.ini
[2008/04/17 13:33:39 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2008/02/19 14:58:59 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/02/14 11:26:04 | 00,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2007/11/19 13:13:28 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/17 13:49:01 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/11/15 13:50:36 | 00,000,690 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/09 10:33:18 | 00,000,045 | ---- | C] () -- C:\WINDOWS\SFEditorU.INI
[2007/04/07 18:14:00 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\fusioncache.dat
[2007/04/07 17:56:59 | 00,003,894 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/06 18:42:10 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2007/01/06 18:42:07 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2007/01/03 00:00:53 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/03 00:00:53 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/02 23:48:57 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys
[2006/12/23 07:53:49 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/02 04:13:01 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/02 04:10:09 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/12/02 04:08:48 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EP_CX5000.ini
[2006/11/05 21:24:04 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/04 19:00:05 | 00,103,424 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/25 22:25:44 | 00,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/12 18:33:17 | 00,000,382 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 18:01:51 | 00,110,592 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/09/12 00:26:54 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2006/09/11 21:01:57 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/09/11 20:11:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/09/11 18:58:40 | 05,942,524 | -H-- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\IconCache.db
[2006/09/11 18:47:56 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\adie\Application Data\desktop.ini
[2006/01/04 11:12:04 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2004/01/09 10:10:48 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/09/10 02:17:24 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/09/10 02:17:24 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/07/16 18:45:02 | 00,000,932 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/16 18:41:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/07/16 18:26:11 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2003/07/16 18:26:11 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2003/07/16 18:26:11 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2003/07/16 18:26:11 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2003/07/16 18:26:11 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\ac6dli8.dll
[2003/07/16 18:26:11 | 00,000,340 | ---- | C] () -- C:\WINDOWS\System32\oq9x4m3.dll
[2003/07/16 18:26:11 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2003/07/16 18:26:11 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2003/07/16 18:26:11 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\tyngsze.dll
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/10/15 21:17:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\adie\Application Data
[2009/04/10 16:08:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Any Video Converter
[2009/05/31 18:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Any Video Converter Professional
[2008/04/06 18:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\ArcSoft
[2009/09/02 16:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\AV Bros Page Curl Pro 2.2 DEMO
[2009/09/04 00:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Blender Foundation
[2009/08/17 12:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\CamfrogWEB
[2009/09/04 13:33:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\com.adobe.ExMan
[2008/09/12 13:36:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/04 15:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\DAEMON Tools Lite
[2009/09/23 15:03:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Download Manager
[2008/02/14 12:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\EPSON
[2009/08/06 14:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\FileZilla
[2008/07/08 21:18:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\FireShot
[2009/09/04 00:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Foxit
[2007/12/02 12:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\GeoVid
[2006/12/23 03:57:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\GetRightToGo
[2008/02/06 16:06:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Grisoft
[2009/09/30 15:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\gtk-2.0
[2009/03/07 20:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\ImageThumbs
[2006/09/11 19:15:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\InterVideo
[2009/03/16 22:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\JGsoft
[2009/02/25 13:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Motive
[2007/01/10 03:58:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\MSN6
[2009/06/25 09:56:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Nokia
[2009/05/12 09:39:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\OpenOffice.org
[2009/05/18 12:41:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\PC Suite
[2008/01/15 12:38:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\SmartFTP
[2009/10/12 12:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Thinstall
[2009/05/04 21:13:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Trellian
[2009/10/08 18:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\uTorrent
[2009/09/05 10:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Viewpoint
[2009/04/21 23:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Windows Desktop Search
[2009/04/20 09:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Windows Search
[2009/10/13 21:21:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/16 10:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/13 21:21:10 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BB36BADD-522D-4988-B24C-0D9C7F8078A1}
[2009/10/14 14:18:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2007/11/14 17:26:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3D3
[2008/04/06 18:15:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/10/02 21:33:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/04/06 18:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2008/02/14 11:27:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/04/14 23:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/05/25 13:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/07/11 13:09:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/09/02 12:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/02/25 13:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2006/09/12 00:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/02/09 23:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/12/02 14:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/04/27 09:32:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/05/18 12:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/07/01 14:47:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stylus Studio
[2008/05/27 12:48:26 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2009/10/14 09:10:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/14 11:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/09/07 00:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2009/09/05 10:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/26 14:44:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009/06/25 20:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2006/09/11 18:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/10/15 21:36:24 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/03 10:05:18 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2003/07/16 18:31:17 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/15 21:23:50 | 00,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/15 21:55:32 | 00,000,884 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/15 10:00:01 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\JkDefrag.job
[2009/10/15 21:23:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/15 21:01:04 | 00,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 02:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 02:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\nvsvc32.exe:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5A61FDD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C1EFF69
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC3571BD
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:56 AM

Posted 16 October 2009 - 08:54 AM

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


=====================

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 novice4

novice4
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 16 October 2009 - 03:16 PM

Hello Sam,
here is the ESET Log:
THANKS



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6208
# api_version=3.0.2
# EOSSerial=aa586c67a3d05d498f421936405f67a8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-10-16 07:58:25
# local_time=2009-10-16 09:58:25 (+0100, Romance Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 50 0 0 0 0 0
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=5890 16777214 0 0 0 0 0 0
# compatibility_mode=8447 16777215 0 0 0 0 0 0
# scanned=205722
# found=14
# cleaned=14
# scan_time=11142
C:\Documents and Settings\adie\Application Data\clipsrv.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\adie\Application Data\comrepl.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\adie\Application Data\Microsoft\cisvc.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\adie\Application Data\Microsoft\cmstp.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\adie\Application Data\Microsoft\dllhst3g.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\adie\Local Settings\Application Data\cisvc.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\adie\Local Settings\Application Data\comrepl.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\adie\Local Settings\Application Data\logman.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\adie\Local Settings\Application Data\rsvp.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\adie\Local Settings\Application Data\Microsoft\mstsc.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\adie\Local Settings\Application Data\Microsoft\rsvp.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\clipsrv.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\logman.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system\rsvp.exe a variant of Win32/TrojanDownloader.Agent.PMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:56 AM

Posted 17 October 2009 - 07:24 AM

Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 novice4

novice4
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 17 October 2009 - 03:20 PM

Hello Sam,
here is the latest log from Malwarebytes.
After starting Malwarebytes a few seconds after,Avg virus popped up and found virus cookie.weborama,i put this into AVG Virus Vault but this is the second time this cookie has shown up,this happens once or twice before when i open firefox browser and with cookie.Yadro too.

Virus name:Tracking cookie.Weborama
Path to file: c:\documents and settings\adie\application data\mozilla\firefox\profiles\78fr4enf.dfault\cookies.sqlite is with the file name.

I have just gone into my e-mail and firefox window appeared with this message Add ons causing problems:
Microsoft.netframework assistant 1.1 BLOCKED
Windows presentation foundation 3.5.30729.1 BLOCKED
RESTART FIREFOX
again restart firefox and then when my home page eventually shows up i get AVG found virus again with the same as as above.

Computer is slow loading all programmes after start and very slow on launching Firefox Browswer.
Hope this makes sense to you & helps
thanks again for your patience. :(












Malwarebytes' Anti-Malware 1.41
Database version: 2975
Windows 5.1.2600 Service Pack 3

17/10/2009 21:30:16
mbam-log-2009-10-17 (21-30-16).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 323835
Time elapsed: 3 hour(s), 38 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\adie\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by novice4, 17 October 2009 - 03:47 PM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:56 AM

Posted 17 October 2009 - 06:48 PM

After starting Malwarebytes a few seconds after,Avg virus popped up and found virus cookie.weborama,i put this into AVG Virus Vault but this is the second time this cookie has shown up,this happens once or twice before when i open firefox browser and with cookie.Yadro too.

Virus name:Tracking cookie.Weborama
Path to file: c:\documents and settings\adie\application data\mozilla\firefox\profiles\78fr4enf.dfault\cookies.sqlite is with the file name.

Cookies are unavoidable if you browse the internet and they don't really pose a threat. It's best to let your antivirus and antispyware programs clean them out from time to time, but there's no reason to be concerned. They're just text files and they don't do anything.

I have just gone into my e-mail and firefox window appeared with this message Add ons causing problems:
Microsoft.netframework assistant 1.1 BLOCKED
Windows presentation foundation 3.5.30729.1 BLOCKED
RESTART FIREFOX

I just got the exact notification today also. I haven't researched it to find out why, but it's not indicative of malware.


I do notice that you're a bit light on memory.

511.23 Mb Total Physical Memory | 46.14 Mb Available Physical Memory | 9.02% Memory free

Take a look at the extensions and plugins that you're using with Firefox. Any that you don't need or use any more, uninstall them. That should speed up Firefox loading.


Please post a new log from OTL.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 novice4

novice4
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 18 October 2009 - 03:50 AM

hi again,
Unistalled a few extension i do not use in firefox .
PC2 synchronisation uninstalled but still shows in list how can i get rid of that?what is this extension?
also .net framework is unistalled but this is in programmes list do i need to delete them from programmes?what is this extension?
also windows presentation is still showing in list for plugins how do i delete that?what is this extension?
still showing virus alerts fro the one's i mentioned and stll slow on starting firefox browser.

how do i get more memory? ....................511.23 Mb Total Physical Memory | 46.14 Mb Available Physical Memory | 9.02% Memory free

thanks for you help :(


here is the OtL log:





OTL logfile created on: 18/10/2009 10:18:16 - Run 2
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\adie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.23 Mb Total Physical Memory | 57.57 Mb Available Physical Memory | 11.26% Memory free
1.22 Gb Paging File | 0.56 Gb Available in Paging File | 45.99% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 26.01 Gb Free Space | 46.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DALLAWAY-78JOFZ
Current User Name: adie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/18 10:17:05 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adie\Desktop\OTL.exe
PRC - [2009/10/17 09:30:23 | 02,025,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/15 21:27:48 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/14 14:38:06 | 00,778,072 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/14 14:38:02 | 01,169,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/21 10:34:27 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/09/10 10:13:55 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/21 10:15:32 | 00,900,816 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2009/08/18 09:31:40 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/18 09:31:36 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/18 09:31:25 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/18 09:31:00 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/18 09:29:54 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/16 13:20:16 | 25,604,904 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/05/25 17:43:18 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\SkypePM.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/14 02:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2008/04/14 02:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2008/04/14 02:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/04/04 19:10:26 | 00,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/01/22 22:50:56 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2007/10/23 10:29:56 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2007/07/02 14:29:22 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 17:44:44 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apntex.exe
PRC - [2007/05/22 15:18:56 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/01/04 23:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2006/09/08 16:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\HidFind.exe
PRC - [2004/03/04 20:59:30 | 00,487,424 | ---- | M] () -- C:\Program Files\Dell\QuickSet\Quickset.exe
PRC - [2004/02/23 11:56:18 | 00,561,152 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2004/02/20 16:14:04 | 00,045,056 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe
PRC - [2004/02/04 07:28:16 | 00,053,248 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
PRC - [2004/01/09 10:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe
PRC - [2004/01/09 10:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe
PRC - [2003/07/16 18:42:45 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/14 14:38:02 | 01,169,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/09/21 10:34:27 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009/09/04 09:46:25 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/08/18 09:31:00 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/18 09:29:54 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2009/02/08 18:27:56 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98a0a4221bac0 [Auto | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/14 02:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2008/04/14 02:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2008/04/14 02:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2008/04/14 02:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2008/04/14 02:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/04 19:10:26 | 00,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service [Auto | Running])
SRV - [2008/01/22 22:50:56 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC [Auto | Running])
SRV - [2007/12/06 18:09:22 | 00,138,680 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2007/10/23 10:29:56 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])
SRV - [2006/10/19 05:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Stopped])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/02/20 16:14:04 | 00,045,056 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (WLTRYSVC [Auto | Running])
SRV - [2004/02/04 07:28:16 | 00,053,248 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2004/01/09 10:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2004/01/09 10:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2003/07/16 18:41:47 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2003/04/29 14:29:54 | 00,139,264 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2001/09/10 19:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\..\URLSearchHook: 0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\..\URLSearchHook: 08C06D61-F1F3-4799-86F8-BE1A89362C85} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\S-1-5-21-73586283-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-73586283-706699826-854245398-1003\S-1-5-21-73586283-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google Search Community"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.78
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.5
FF - prefs.js..extensions.enabledItems: {8B8A525A-CFCA-44cf-81C3-3969E6CB96E0}:2.8.2.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/04 10:28:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/11 13:14:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/21 23:22:55 | 00,000,000 | ---D | M]

[2009/05/18 09:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Extensions
[2009/05/18 09:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/18 10:03:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions
[2009/08/20 13:44:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2008/08/23 10:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2)
[2009/02/25 13:24:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(3)
[2009/09/14 09:58:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/08/05 13:34:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{8B8A525A-CFCA-44cf-81C3-3969E6CB96E0}
[2009/06/26 22:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/09/11 12:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\capturefoxmovie@advancity.net
[2009/10/01 14:33:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\mozilla\Firefox\Profiles\78fr4enf.default\extensions\firebug@software.joehewitt.com
[2008/07/20 10:03:16 | 00,001,579 | ---- | M] () -- C:\Documents and Settings\adie\Application Data\Mozilla\FireFox\Profiles\78fr4enf.default\searchplugins\aol-search.xml
[2008/06/21 23:27:09 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\adie\Application Data\Mozilla\FireFox\Profiles\78fr4enf.default\searchplugins\askcom.xml
[2008/05/30 19:58:52 | 00,001,944 | ---- | M] () -- C:\Documents and Settings\adie\Application Data\Mozilla\FireFox\Profiles\78fr4enf.default\searchplugins\live-search.xml
[2008/05/30 19:58:52 | 00,001,071 | ---- | M] () -- C:\Documents and Settings\adie\Application Data\Mozilla\FireFox\Profiles\78fr4enf.default\searchplugins\lonely-planet-online.xml
[2008/06/06 20:46:13 | 00,001,961 | ---- | M] () -- C:\Documents and Settings\adie\Application Data\Mozilla\FireFox\Profiles\78fr4enf.default\searchplugins\technorati.xml
[2009/10/18 09:58:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 10:14:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/21 23:23:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 11:40:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 23:02:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/10 10:13:54 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 10:13:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/19 11:58:22 | 00,049,152 | ---- | M] () -- C:\Program Files\mozilla firefox\components\SiteVacuumXPCOM.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/09/10 01:09:32 | 00,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/10 10:13:57 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/05 21:59:06 | 00,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/10 13:27:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/10 13:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/10 13:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/10 13:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/10 13:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/10 13:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/10 13:27:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/03/10 01:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/07/25 08:46:05 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/25 08:46:05 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/24 22:37:33 | 00,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2007/07/26 13:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2009/07/25 08:46:05 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/25 08:46:06 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/25 08:46:06 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/24 15:58:57 | 00,002,817 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SiteVacuum.xml
[2009/07/25 08:46:06 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/25 08:46:06 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (344494 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 www.1800searchonline.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 11835 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Guard for Internet Explorer) - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll (Lavasoft AB)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - -{71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-73586283-706699826-854245398-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-73586283-706699826-854245398-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMCTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-73586283-706699826-854245398-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-73586283-706699826-854245398-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\adie\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
F3 - HKU\S-1-5-21-73586283-706699826-854245398-1003 WinNT: Load - (C:\DOCUME~1\adie\LOCALS~1\APPLIC~1\comrepl.exe) - C:\DOCUME~1\adie\LOCALS~1\APPLIC~1\comrepl.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-706699826-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-73586283-706699826-854245398-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-73586283-706699826-854245398-1003\..Trusted Domains: live.com ([login] http in Trusted sites)
O15 - HKU\S-1-5-21-73586283-706699826-854245398-1003\..Trusted Domains: orange.fr ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73586283-706699826-854245398-1003\..Trusted Domains: weborama.fr ([orange] http in Trusted sites)
O15 - HKU\S-1-5-21-73586283-706699826-854245398-1003\..Trusted Domains: 73 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe (CamfrogWEB Advanced Unicode Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop Components:1 () - http://www.ddbeautyproducts.com/
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{47ecdee0-fda9-11dc-a9cf-000cf13ca8b7}\Shell - "" = AutoRun
O33 - MountPoints2\{47ecdee0-fda9-11dc-a9cf-000cf13ca8b7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{47ecdee0-fda9-11dc-a9cf-000cf13ca8b7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/r) - File not found
O34 - HKLM BootExecute: (\??\E:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: AppMgmt - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/13 21:21:10 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BB36BADD-522D-4988-B24C-0D9C7F8078A1}
[2009/10/13 21:20:15 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/04 18:26:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/10/12 10:45:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/12 10:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\adie\Application Data\SUPERAntiSpyware.com
[2009/10/12 12:47:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\adie\Application Data\Thinstall
[2009/10/08 16:15:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\adie\Local Settings\Application Data\Runscanner.net
[2009/10/12 12:47:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\adie\Local Settings\Application Data\Thinstall
[2009/10/04 18:26:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/10/08 14:04:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/14 14:33:41 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/09 10:18:22 | 00,000,000 | ---D | C] -- C:\Program Files\Secunia
[2009/10/12 10:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/18 10:16:56 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\adie\Desktop\OTL.exe
[2009/10/15 11:13:09 | 00,559,976 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\adie\Desktop\autorunsc.exe
[2009/10/15 11:13:08 | 00,669,032 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\adie\Desktop\autoruns.exe
[2009/10/14 14:40:50 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/10/11 10:11:45 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\adie\Desktop\TFC.exe
[2009/10/08 14:05:24 | 00,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 14 Days ==========

[2009/10/18 10:17:05 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adie\Desktop\OTL.exe
[2009/10/18 09:55:20 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/18 09:16:10 | 43,179,769 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/18 09:08:38 | 00,011,242 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/10/17 22:01:00 | 00,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/10/17 21:48:08 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/17 21:38:54 | 00,011,242 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/10/17 21:36:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/17 21:34:57 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/17 21:34:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/17 21:34:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/17 21:32:17 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\adie\Local Settings\Application Data\IconCache.db
[2009/10/17 10:05:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/17 10:00:00 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\JkDefrag.job
[2009/10/16 08:51:39 | 00,033,037 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/15 20:48:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/14 23:02:50 | 00,628,542 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 23:02:50 | 00,532,310 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 23:02:50 | 00,103,410 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 14:35:01 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/14 10:50:50 | 00,344,494 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/13 20:24:29 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/10/13 10:20:20 | 00,669,032 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\adie\Desktop\autoruns.exe
[2009/10/13 10:20:20 | 00,559,976 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\adie\Desktop\autorunsc.exe
[2009/10/12 13:07:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/12 12:22:15 | 00,000,281 | ---- | M] () -- C:\WINDOWS\ImageInc.ini
[2009/10/12 10:45:13 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/11 11:17:53 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\adie\Local Settings\Application Data\housecall.guid.cache
[2009/10/11 10:11:47 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adie\Desktop\TFC.exe
[2009/10/10 10:47:54 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/09 10:18:57 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\adie\Start Menu\Programs\Startup\Secunia PSI.lnk
[2009/10/08 20:47:24 | 00,000,690 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/08 10:33:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\FOXIT_PDF
[2009/10/08 10:33:40 | 00,057,222 | ---- | M] () -- C:\Documents and Settings\adie\My Documents\TARIF GROSSISTE 2009.pdf
[2009/10/08 09:04:02 | 00,000,723 | ---- | M] () -- C:\Documents and Settings\adie\Desktop\Internet Explorer.lnk
[2009/10/07 16:38:43 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/10/07 14:01:33 | 02,477,617 | ---- | M] () -- C:\Documents and Settings\adie\My Documents\img051.jpg
[2009/10/07 13:58:02 | 01,795,406 | ---- | M] () -- C:\Documents and Settings\adie\My Documents\img050.jpg
[2009/10/06 19:58:06 | 00,853,416 | ---- | M] () -- C:\Documents and Settings\adie\My Documents\Shipping.jpg
[2009/10/06 13:50:29 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\adie\Desktop\CCleaner.lnk
[2009/10/04 23:59:21 | 02,265,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/04 20:31:27 | 00,110,592 | ---- | M] () -- C:\Documents and Settings\adie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files - No Company Name ==========
[2009/10/15 11:13:08 | 00,048,904 | ---- | C] () -- C:\Documents and Settings\adie\Desktop\autoruns.chm
[2009/10/14 14:35:01 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/12 10:45:13 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/11 11:17:53 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\housecall.guid.cache
[2009/10/10 10:47:54 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/09 10:18:57 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\adie\Start Menu\Programs\Startup\Secunia PSI.lnk
[2009/10/08 10:33:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\FOXIT_PDF
[2009/10/08 10:33:35 | 00,057,222 | ---- | C] () -- C:\Documents and Settings\adie\My Documents\TARIF GROSSISTE 2009.pdf
[2009/10/08 09:04:02 | 00,000,723 | ---- | C] () -- C:\Documents and Settings\adie\Desktop\Internet Explorer.lnk
[2009/10/07 13:59:34 | 02,477,617 | ---- | C] () -- C:\Documents and Settings\adie\My Documents\img051.jpg
[2009/10/07 13:58:01 | 01,795,406 | ---- | C] () -- C:\Documents and Settings\adie\My Documents\img050.jpg
[2009/10/06 19:58:06 | 00,853,416 | ---- | C] () -- C:\Documents and Settings\adie\My Documents\Shipping.jpg
[2009/10/01 14:11:43 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/09/02 14:42:20 | 00,000,011 | ---- | C] () -- C:\WINDOWS\3DShadow.INI
[2009/09/02 11:16:44 | 00,000,281 | ---- | C] () -- C:\WINDOWS\ImageInc.ini
[2009/08/07 22:34:45 | 00,000,209 | ---- | C] () -- C:\WINDOWS\WebPage.INI
[2009/07/24 13:33:10 | 00,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/06/19 09:37:41 | 00,000,040 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/05/29 11:10:01 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/05/29 11:10:01 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/05/29 11:09:37 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/05/29 11:09:36 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/05/29 11:09:35 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/05/29 11:09:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/05/12 22:01:04 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/12 22:00:59 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/12 22:00:57 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/12 22:00:57 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/02/17 00:03:24 | 00,000,017 | -H-- | C] () -- C:\Documents and Settings\adie\Application Data\mpdt294
[2009/02/17 00:03:15 | 00,000,350 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
[2009/01/31 19:11:28 | 00,000,107 | ---- | C] () -- C:\WINDOWS\ImgMap.INI
[2008/08/14 23:09:47 | 00,000,370 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2008/07/06 20:56:57 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\PUTTY.RND
[2008/07/06 13:20:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/07/05 12:25:28 | 00,115,712 | ---- | C] () -- C:\Documents and Settings\adie\Application Data\SharedSettings.ccs
[2008/07/05 12:25:08 | 00,000,208 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll
[2008/06/01 17:15:45 | 00,000,080 | ---- | C] () -- C:\WINDOWS\SiteSpiderforms.ini
[2008/04/17 13:33:39 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2008/02/19 14:58:59 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/02/14 11:26:04 | 00,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2007/11/19 13:13:28 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/17 13:49:01 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/11/15 13:50:36 | 00,000,690 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/09 10:33:18 | 00,000,045 | ---- | C] () -- C:\WINDOWS\SFEditorU.INI
[2007/04/07 18:14:00 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\fusioncache.dat
[2007/04/07 17:56:59 | 00,003,894 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/06 18:42:10 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2007/01/06 18:42:07 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2007/01/03 00:00:53 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/03 00:00:53 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/02 23:48:57 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys
[2006/12/23 07:53:49 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/02 04:13:01 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/02 04:10:09 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/12/02 04:08:48 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EP_CX5000.ini
[2006/11/05 21:24:04 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/04 19:00:05 | 00,103,424 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/25 22:25:44 | 00,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/12 18:33:17 | 00,000,382 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 18:01:51 | 00,110,592 | ---- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/09/12 00:26:54 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2006/09/11 21:01:57 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/09/11 20:11:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/09/11 18:58:40 | 06,291,456 | -H-- | C] () -- C:\Documents and Settings\adie\Local Settings\Application Data\IconCache.db
[2006/09/11 18:47:56 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\adie\Application Data\desktop.ini
[2006/01/04 11:12:04 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2004/01/09 10:10:48 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/09/10 02:17:24 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/09/10 02:17:24 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/07/16 18:45:02 | 00,000,932 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/16 18:41:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/07/16 18:26:11 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2003/07/16 18:26:11 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2003/07/16 18:26:11 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2003/07/16 18:26:11 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2003/07/16 18:26:11 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\ac6dli8.dll
[2003/07/16 18:26:11 | 00,000,340 | ---- | C] () -- C:\WINDOWS\System32\oq9x4m3.dll
[2003/07/16 18:26:11 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2003/07/16 18:26:11 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2003/07/16 18:26:11 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\tyngsze.dll
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/10/16 19:04:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\adie\Application Data
[2009/04/10 16:08:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Any Video Converter
[2009/05/31 18:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Any Video Converter Professional
[2008/04/06 18:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\ArcSoft
[2009/09/02 16:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\AV Bros Page Curl Pro 2.2 DEMO
[2009/09/04 00:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Blender Foundation
[2009/08/17 12:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\CamfrogWEB
[2009/09/04 13:33:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\com.adobe.ExMan
[2008/09/12 13:36:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/04 15:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\DAEMON Tools Lite
[2009/09/23 15:03:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Download Manager
[2008/02/14 12:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\EPSON
[2009/08/06 14:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\FileZilla
[2008/07/08 21:18:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\FireShot
[2009/09/04 00:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Foxit
[2007/12/02 12:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\GeoVid
[2006/12/23 03:57:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\GetRightToGo
[2008/02/06 16:06:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Grisoft
[2009/09/30 15:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\gtk-2.0
[2009/03/07 20:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\ImageThumbs
[2006/09/11 19:15:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\InterVideo
[2009/03/16 22:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\JGsoft
[2009/02/25 13:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Motive
[2007/01/10 03:58:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\MSN6
[2009/06/25 09:56:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Nokia
[2009/05/12 09:39:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\OpenOffice.org
[2009/05/18 12:41:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\PC Suite
[2008/01/15 12:38:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\SmartFTP
[2009/10/12 12:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Thinstall
[2009/05/04 21:13:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Trellian
[2009/10/08 18:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\uTorrent
[2009/09/05 10:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Viewpoint
[2009/04/21 23:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Windows Desktop Search
[2009/04/20 09:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adie\Application Data\Windows Search
[2009/10/13 21:21:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/16 10:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/13 21:21:10 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BB36BADD-522D-4988-B24C-0D9C7F8078A1}
[2009/10/14 14:18:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2007/11/14 17:26:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3D3
[2008/04/06 18:15:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/10/02 21:33:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/04/06 18:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2008/02/14 11:27:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/04/14 23:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/05/25 13:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/07/11 13:09:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/09/02 12:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/02/25 13:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2006/09/12 00:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/02/09 23:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/12/02 14:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/04/27 09:32:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/05/18 12:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/07/01 14:47:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stylus Studio
[2008/05/27 12:48:26 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2009/10/14 09:10:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/14 11:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/09/07 00:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2009/09/05 10:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/26 14:44:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009/06/25 20:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2006/09/11 18:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/10/17 21:48:08 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/17 10:05:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2003/07/16 18:31:17 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/17 21:34:57 | 00,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/18 09:55:20 | 00,000,884 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/17 10:00:00 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\JkDefrag.job
[2009/10/17 21:34:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/17 22:01:00 | 00,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 02:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 02:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\nvsvc32.exe:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5A61FDD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C1EFF69
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC3571BD
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
< End of report >

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:56 AM

Posted 18 October 2009 - 09:06 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    F3 - HKU\S-1-5-21-73586283-706699826-854245398-1003 WinNT: Load - (C:\DOCUME~1\adie\LOCALS~1\APPLIC~1\comrepl.exe) - C:\DOCUME~1\adie\LOCALS~1\APPLIC~1\comrepl.exe File not found
    O3 - HKLM\..\Toolbar: (no name) - -{71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/04 10:28:56 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/11 13:14:07 | 00,000,000 | ---D | M]
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


================


Can you tell me exactly what AVG is detecting?
Is there a log that you can post so I can see it?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 novice4

novice4
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 19 October 2009 - 08:18 AM

Hi Sam,
glad your sticking with me here :(
here is the lates OTL & Malwarebytes logs and Avg log of what its found hope all helps.
thanks










All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-73586283-706699826-854245398-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\-{71AAABE5-1F0F-11D7-BD6F-004854603DCE} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\defaults\preferences moved successfully.
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\defaults moved successfully.
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome moved successfully.
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com deleted successfully.
C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\content moved successfully.
C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components moved successfully.
C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: adie
File delete failed. C:\Documents and Settings\adie\Local Settings\Temp\Perflib_Perfdata_2dc.dat scheduled to be deleted on reboot.
->Temp folder emptied: 250880 bytes
File delete failed. C:\Documents and Settings\adie\Local Settings\Temporary Internet Files\VW7ESWTT\GE2ALKY1\Offline\HashFile.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\adie\Local Settings\Temporary Internet Files\Content.IE5\P9MN0BD8\index[1].php scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\adie\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1824276 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 83110959 bytes

User: All Users

User: DALLAWAY-78JOFZ

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33299 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1e8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_310.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 738733 bytes
RecycleBin emptied: 64955 bytes

Total Files Cleaned = 82.07 mb


OTL by OldTimer - Version 3.0.21.0 log created on 10182009_213455

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\adie\Local Settings\Temp\Perflib_Perfdata_2dc.dat not found!
C:\Documents and Settings\adie\Local Settings\Temporary Internet Files\VW7ESWTT\GE2ALKY1\Offline\HashFile.dat moved successfully.
C:\Documents and Settings\adie\Local Settings\Temporary Internet Files\Content.IE5\P9MN0BD8\index[1].php moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_1e8.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_310.dat not found!

Registry entries deleted on Reboot...

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Malwarebytes' Anti-Malware 1.41
Database version: 2981
Windows 5.1.2600 Service Pack 3

19/10/2009 11:11:46
mbam-log-2009-10-19 (11-11-46).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 323615
Time elapsed: 4 hour(s), 59 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Resident Shield detection
"Infection";"Object";"Result";"Detection time";"Object Type";"Process"
"Found Tracking cookie.Weborama";"C:\Documents and Settings\adie\Application Data\Mozilla\Firefox\Profiles\78fr4enf.default\cookies.sqlite";"Potentially dangerous object";"18/10/2009, 10:00:58";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
"Found Tracking cookie.Weborama";"C:\Documents and Settings\adie\Application Data\Mozilla\Firefox\Profiles\78fr4enf.default\cookies.sqlite";"Healed";"18/10/2009, 09:57:44";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\adie\Application Data\Mozilla\Firefox\Profiles\78fr4enf.default\cookies.sqlite";"Moved to Virus Vault";"18/10/2009, 09:24:17";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
"Found Tracking cookie.Weborama";"C:\Documents and Settings\adie\Application Data\Mozilla\Firefox\Profiles\78fr4enf.default\cookies.sqlite";"Healed";"17/10/2009, 22:27:49";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
"Found Tracking cookie.Weborama";"C:\Documents and Settings\adie\Application Data\Mozilla\Firefox\Profiles\78fr4enf.default\cookies.sqlite";"Moved to Virus Vault";"17/10/2009, 19:22:30";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
"Found Tracking cookie.Weborama";"C:\Documents and Settings\adie\Application Data\Mozilla\Firefox\Profiles\78fr4enf.default\cookies.sqlite";"Moved to Virus Vault";"17/10/2009, 17:58:31";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Found Tracking cookie.Yadro";"C:\Documents and Settings\adie\Application Data\Mozilla\Firefox\Profiles\78fr4enf.default\cookies.sqlite";"Moved to Virus Vault";"17/10/2009, 12:57:05";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:56 AM

Posted 19 October 2009 - 06:16 PM

Those are just cookies and not malicious in any way.
Here is what AVG says about cookies.

Tracking cookies are not viruses or malicious code. Cookies are only text files and therefore cannot be dangerous to your computer.

The main purpose of cookies is to identify users and possibly prepare customized web pages for them. When you enter a web site using cookies, you may be asked to fill in a form providing such information as your name and interests. This information is sent to your web browser as a cookie file. The next time you go to the same web site, your browser will send the cookie to the web server. The server can use this information to present you with custom web pages.

If you don’t want to use cookies you can check the settings of Internet Explorer browser to accept/deny the cookie file. More information can be found at:
http://www.microsoft.com/info/cookies.mspx
question "If You Want to Control Which Cookies You Accept"

If you are using a Mozilla Firefox browser, you can find more information at:
http://mozilla.gunnars.net/firefox_help_fi...e_tutorial.html

More information about cookie files can be found at:
http://en.wikipedia.org/wiki/HTTP_cookie

You can also set AVG to not detect cookies on your computer:

1. Resident Shield settings
- open AVG User Interface
- double-click on the AVG Resident Shield component
- unmark the "Scan for Tracking Cookies" option
- press "Save changes" button

2. AVG test settings
- launch AVG User Interface
- open Computer Scanner
- choose "Change scan settings" under "Scan whole computer" item
- in the newly opened window please unmark "Scan for Tracking Cookies"

3. Scheduled test settings
- open AVG User Interface
- choose "Advance settings" from Tools menu
- extend "Schedules" item and select "Scheduled scan"
- switch to "How to scan" tab
- please unmark "Scan for Tracking Cookies" option



Everything else looks pretty good to me.
Are you having any other problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 novice4

novice4
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 20 October 2009 - 03:00 AM

Hi Sam,
my computer is still very very slow on starting firefox browser.
When i double click on firefox shortcut,to the time it takes to load my home page is 4 mins.
i have got rid of add on's like you said,why is it taking so long to load?,also it seems to hang sometimes when browsing?
Is it anything to do with too many start up programmes?half of what is there i have no idea of if it is needed on start up,(see below)do i need to defrag? you mentioned also not enough memory!!!!
please help
thanks again.




"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "RDP Clip Monitor" "Microsoft Corporation" "c:\windows\system32\rdpclip.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" "" "" ""
+ "C:\WINDOWS\system32\userinit.exe" "Userinit Logon Application" "Microsoft Corporation" "c:\windows\system32\userinit.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" ""
+ "Explorer.exe" "Windows Explorer" "Microsoft Corporation" "c:\windows\explorer.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "AVG8_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgtray.exe"
+ "Dell QuickSet" "QuickSet MFC Application" "" "c:\program files\dell\quickset\quickset.exe"
+ "Malwarebytes Anti-Malware (reboot)" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbam.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 53.82 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
"C:\Documents and Settings\adie\Start Menu\Programs\Startup" "" "" ""
+ "Secunia PSI.lnk" "Secunia PSI" "Secunia" "c:\program files\secunia\psi\psi.exe"
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load" "" "" ""
+ "C:\DOCUME~1\adie\LOCALS~1\APPLIC~1\comrepl.exe" "" "" "File not found: C:\DOCUME~1\adie\LOCALS~1\APPLIC~1\comrepl.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" ""
+ "Cisvc" "" "" "File not found: C:\DOCUME~1\adie\LOCALS~1\APPLIC~1\cisvc.exe /waitservice"
+ "Mstsc" "" "" "File not found: C:\DOCUME~1\adie\APPLIC~1\mstsc.exe /waitservice"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" ""
+ "Cisvc" "" "" "File not found: C:\DOCUME~1\adie\APPLIC~1\MICROS~1\cisvc.exe /waitservice"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ctfmon.exe" "CTF Loader" "Microsoft Corporation" "c:\windows\system32\ctfmon.exe"
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "application/octet-stream" "Microsoft .NET Runtime Execution Engine" "Microsoft Corporation" "c:\windows\system32\mscoree.dll"
+ "application/x-complus" "Microsoft .NET Runtime Execution Engine" "Microsoft Corporation" "c:\windows\system32\mscoree.dll"
+ "application/x-msdownload" "Microsoft .NET Runtime Execution Engine" "Microsoft Corporation" "c:\windows\system32\mscoree.dll"
+ "Class Install Handler" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "deflate" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "gzip" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "lzdhtml" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "text/webviewhtml" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "about" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "cdl" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "dvd" "ActiveX control for streaming video" "Microsoft Corporation" "c:\windows\system32\msvidctl.dll"
+ "file" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "ftp" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "gopher" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "http" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "https" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "its" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\windows\system32\itss.dll"
+ "javascript" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgpp.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8064.0206.dll"
+ "local" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "mailto" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "mhtml" "Microsoft Internet Messaging API" "Microsoft Corporation" "c:\windows\system32\inetcomm.dll"
+ "mk" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "ms-its" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\windows\system32\itss.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8064.0206.dll"
+ "res" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
+ "sysimage" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "tv" "ActiveX control for streaming video" "Microsoft Corporation" "c:\windows\system32\msvidctl.dll"
+ "vbscript" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "wia" "WIA Scripting Layer" "Microsoft Corporation" "c:\windows\system32\wiascr.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
+ "1" "" "" "File not found: [url="http://www.ddbeautyproducts.com/""]http://www.ddbeautyproducts.com/"[/url]
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Browser Customizations" "IEAK branding" "Microsoft Corporation" "c:\windows\system32\iedkcs32.dll"
+ "Fax" "ADVPACK" "Microsoft Corporation" "c:\windows\system32\advpack.dll"
+ "IE Tour Reset Stub" "ADVPACK" "Microsoft Corporation" "c:\windows\system32\advpack.dll"
+ "Internet Explorer" "IE Per-User Initialization Utility" "Microsoft Corporation" "c:\windows\system32\ie4uinit.exe"
+ "Internet Explorer" "IE Per-User Initialization Utility" "Microsoft Corporation" "c:\windows\system32\ie4uinit.exe"
+ "Internet Explorer Version Update" "IE Per User Active Setup Uninstall Utility" "Microsoft Corporation" "c:\windows\system32\ieudinit.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Windows Media Player" "ADVPACK" "Microsoft Corporation" "c:\windows\system32\advpack.dll"
+ "n/a" "Microsoft .NET IE SECURITY REGISTRATION" "Microsoft Corporation" "c:\windows\system32\mscories.dll"
+ "NetMeeting 3.01" "ADVPACK" "Microsoft Corporation" "c:\windows\system32\advpack.dll"
+ "Outlook Express" "Windows NT User Data Migration Tool" "Microsoft Corporation" "c:\windows\system32\shmgrate.exe"
+ "Themes Setup" "Windows Theme API" "Microsoft Corporation" "c:\windows\system32\themeui.dll"
+ "Windows Desktop Update" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Windows Media Player" "Microsoft Windows Media Player Setup Utility" "Microsoft Corporation" "c:\windows\inf\unregmp2.exe"
+ "Windows Messenger 4.7" "ADVPACK" "Microsoft Corporation" "c:\windows\system32\advpack.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" ""
+ "Browseui preloader" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Component Categories cache daemon" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
+ "CDBurn" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "PostBootReminder" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "SysTray" "Systray shell service object" "Microsoft Corporation" "c:\windows\system32\stobject.dll"
+ "WebCheck" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "WPDShServiceObj" "Windows Portable Device Shell Service Object" "Microsoft Corporation" "c:\windows\system32\wpdshserviceobj.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
+ "URL Exec Hook" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Windows Desktop Search Namespace Manager" "Windows Search Namespace Manager" "Microsoft Corporation" "c:\program files\windows desktop search\msnlnamespacemgr.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG8 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgse.dll"
+ "EPPShellEx" "" "SEIKO EPSON CORPORATION" "c:\program files\epson\creativity suite\easy photo print\eppshell.dll"
+ "LavasoftShellExt" "Shell Extension" "" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "Offline Files" "Client Side Caching UI" "Microsoft Corporation" "c:\windows\system32\cscui.dll"
+ "Open With" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Open With EncryptionMenu" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "Start Menu Pin" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll"
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "Send To" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "CMenuExtender" "CMenuExtender" "Revenger inc." "c:\program files\icolorfolder\cmext.dll"
+ "EncryptionMenu" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Offline Files" "Client Side Caching UI" "Microsoft Corporation" "c:\windows\system32\cscui.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "Sharing" "Shell extensions for sharing" "Microsoft Corporation" "c:\windows\system32\ntshrui.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
+ "DfsShell Class" "Distributed File System shell extension" "Microsoft Corporation" "c:\windows\system32\dfsshlex.dll"
+ "Folder Customization Tab" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "IIS Shell Extension" "IIS W3ext Module" "Microsoft Corporation" "c:\windows\system32\inetsrv\w3ext.dll"
+ "Previous Versions Property Page" "Previous Versions property page" "Microsoft Corporation" "c:\windows\system32\twext.dll"
+ "Security Shell Extension" "Security Shell Extension" "Microsoft Corporation" "c:\windows\system32\rshx32.dll"
+ "Sharing" "Shell extensions for sharing" "Microsoft Corporation" "c:\windows\system32\ntshrui.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "CDF" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "FileSystem" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files\filezilla ftp client\fzshellext.dll"
+ "MyDocuments" "My Documents Folder UI" "Microsoft Corporation" "c:\windows\system32\mydocs.dll"
+ "Nokia" "Phone Browser" "Nokia" "c:\program files\nokia\nokia pc suite 7\phonebrowser.dll"
+ "Sharing" "Shell extensions for sharing" "Microsoft Corporation" "c:\windows\system32\ntshrui.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "{24F14F01-7B1C-11d1-838f-0000F80461CF}" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "{24F14F02-7B1C-11d1-838f-0000F80461CF}" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "{66742402-F9B9-11D1-A202-0000F81FEDEE}" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG8 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgse.dll"
+ "LavasoftShellExt" "Shell Extension" "" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll"
+ "New" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "nView" "NVIDIA Desktop Explorer, Version 53.82 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Offline Files" "Client Side Caching UI" "Microsoft Corporation" "c:\windows\system32\cscui.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" "" "" ""
+ "%DESC_PublishDropTarget%" "Photo Printing Wizard" "Microsoft Corporation" "c:\windows\system32\photowiz.dll"
+ "&Address" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "&Links" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ ".CAB file viewer" "Cabinet File Viewer Shell Extension" "Microsoft Corporation" "c:\windows\system32\cabview.dll"
+ "Accessible" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "ActiveX Cache Folder" "Object Control Viewer" "Microsoft Corporation" "c:\windows\system32\occache.dll"
+ "Address Bar Parser" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Address EditBox" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Administrative Tools" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Audio Media Properties Handler" "Media File Property Extractor Shell Extension" "Microsoft Corporation" "c:\windows\system32\shmedia.dll"
+ "Augmented Shell Folder" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Augmented Shell Folder 2" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Auto Update Property Sheet Extension" "Automatic Updates Control Panel" "Microsoft Corporation" "c:\windows\system32\wuaucpl.cpl"
+ "AVG8 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgse.dll"
+ "Avi Properties Handler" "Media File Property Extractor Shell Extension" "Microsoft Corporation" "c:\windows\system32\shmedia.dll"
+ "BandProxy" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Briefcase" "Windows Briefcase" "Microsoft Corporation" "c:\windows\system32\syncui.dll"
+ "CDF Extension Copy Hook" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "CMenuExtender" "CMenuExtender" "Revenger inc." "c:\program files\icolorfolder\cmext.dll"
+ "Code Download Agent" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "Compatibility Page" "Compatibility Tab Shell Extension DLL" "Microsoft Corporation" "c:\windows\system32\slayerxp.dll"
+ "Compressed (zipped) Folder" "Compressed (zipped) Folders" "Microsoft Corporation" "c:\windows\system32\zipfldr.dll"
+ "Compressed (zipped) Folder Right Drag Handler" "Compressed (zipped) Folders" "Microsoft Corporation" "c:\windows\system32\zipfldr.dll"
+ "Compressed (zipped) Folder SendTo Target" "Compressed (zipped) Folders" "Microsoft Corporation" "c:\windows\system32\zipfldr.dll"
+ "ConnectionAgent" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "Crypto PKO Extension" "Crypto Shell Extensions" "Microsoft Corporation" "c:\windows\system32\cryptext.dll"
+ "Crypto Sign Extension" "Crypto Shell Extensions" "Microsoft Corporation" "c:\windows\system32\cryptext.dll"
+ "Custom MRU AutoCompleted List" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Darwin App Publisher" "Shell Application Manager" "Microsoft Corporation" "c:\windows\system32\appwiz.cpl"
+ "Desktop Explorer" "NVIDIA Desktop Explorer, Version 53.82 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "Desktop Explorer Menu" "NVIDIA Desktop Explorer, Version 53.82 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "DfsShell" "Distributed File System shell extension" "Microsoft Corporation" "c:\windows\system32\dfsshlex.dll"
+ "Directory Context Menu Verbs" "Directory Service Common UI" "Microsoft Corporation" "c:\windows\system32\dsuiext.dll"
+ "Directory Object Find" "Directory Service Find" "Microsoft Corporation" "c:\windows\system32\dsquery.dll"
+ "Directory Property UI" "Directory Service Common UI" "Microsoft Corporation" "c:\windows\system32\dsuiext.dll"
+ "Directory Query UI" "Directory Service Find" "Microsoft Corporation" "c:\windows\system32\dsquery.dll"
+ "Directory Start/Search Find" "Directory Service Find" "Microsoft Corporation" "c:\windows\system32\dsquery.dll"
+ "Disk Copy Extension" "Windows DiskCopy" "Microsoft Corporation" "c:\windows\system32\diskcopy.dll"
+ "Disk Quota UI" "Windows Shell Disk Quota UI DLL" "Microsoft Corporation" "c:\windows\system32\dskquoui.dll"
+ "Display Adapter CPL Extension" "Advanced display adapter properties" "Microsoft Corporation" "c:\windows\system32\deskadp.dll"
+ "Display Monitor CPL Extension" "Advanced display monitor properties" "Microsoft Corporation" "c:\windows\system32\deskmon.dll"
+ "Display Panning CPL Extension" "" "" "File not found: deskpan.dll"
+ "Display TroubleShoot CPL Extension" "Advanced display performance properties" "Microsoft Corporation" "c:\windows\system32\deskperf.dll"
+ "Download Status" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "DS Security Page" "Directory Service Security UI" "Microsoft Corporation" "c:\windows\system32\dssec.dll"
+ "E-mail" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Explorer Band" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Extensions Manager Folder" "Extensions Manager" "Microsoft Corporation" "c:\windows\system32\extmgr.dll"
+ "Favorites Band" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Fonts" "Windows Font Folder" "Microsoft Corporation" "c:\windows\system32\fontext.dll"
+ "Fonts" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "For &People..." "Find People" "Microsoft Corporation" "c:\program files\outlook express\wabfind.dll"
+ "FTP Folders Webview" "Microsoft Internet Explorer FTP Folder Shell Extension" "Microsoft Corporation" "c:\windows\system32\msieftp.dll"
+ "Fusion Cache" "Microsoft .NET Runtime Execution Engine" "Microsoft Corporation" "c:\windows\system32\mscoree.dll"
+ "GDI+ file thumbnail extractor" "Windows Picture and Fax Viewer" "Microsoft Corporation" "c:\windows\system32\shimgvw.dll"
+ "Get a Passport Wizard" "Map Network Drives/Network Places Wizard" "Microsoft Corporation" "c:\windows\system32\netplwiz.dll"
+ "Global Folder Settings" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Help and Support" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Help and Support" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "History" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "History Band" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "HTML Document" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "HTML Thumbnail Extractor" "Windows Picture and Fax Viewer" "Microsoft Corporation" "c:\windows\system32\shimgvw.dll"
+ "HyperTerminal Icon Ext" "HyperTerminal Applet Library" "Hilgraeve, Inc." "c:\windows\system32\hticons.dll"
+ "ICC Profile" "Microsoft Color Matching System User Interface DLL" "Microsoft Corporation" "c:\windows\system32\icmui.dll"
+ "ICM Monitor Management" "Microsoft Color Matching System User Interface DLL" "Microsoft Corporation" "c:\windows\system32\icmui.dll"
+ "ICM Printer Management" "Microsoft Color Matching System User Interface DLL" "Microsoft Corporation" "c:\windows\system32\icmui.dll"
+ "ICM Scanner Management" "Microsoft Color Matching System User Interface DLL" "Microsoft Corporation" "c:\windows\system32\icmui.dll"
+ "IE AutoComplete" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE BandProxy" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Custom MRU AutoCompleted List" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Fade Task" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE History and Feeds Shell Data Source for Windows Search" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE IShellFolderBand" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Menu Band" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Menu Desk Bar" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Menu Site" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Microsoft BrowserBand" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Microsoft History AutoComplete List" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Microsoft Multiple AutoComplete List Container" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Microsoft Shell Folder AutoComplete List" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE MRU AutoComplete List" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Navigation Bar" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Registry Tree Options Utility" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE RSS Feeder Folder" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Search Band" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Shell Band Site Menu" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Shell Rebar BandSite" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Tracking Shell Menu" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE4 Suite Splash Screen" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "IIS Shell Extension" "IIS W3ext Module" "Microsoft Corporation" "c:\windows\system32\inetsrv\w3ext.dll"
+ "In-pane search" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Installed Apps Enumerator" "Shell Application Manager" "Microsoft Corporation" "c:\windows\system32\appwiz.cpl"
+ "Internet" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Internet Name Space" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "InternetShortcut" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "ISFBand OC" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Microsoft Agent Character Property Sheet Handler" "Microsoft Agent Property Sheet Handler" "Microsoft Corporation" "c:\windows\msagent\agentpsh.dll"
+ "Microsoft Browser Architecture" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Microsoft BrowserBand" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft Data Link" "Microsoft Data Access - OLE DB Core Services" "Microsoft Corporation" "c:\program files\common files\system\ole db\oledb32.dll"
+ "Microsoft DocProp Inplace Calendar Control" "Microsoft DocProp Shell Ext" "Microsoft Corporation" "c:\windows\system32\docprop2.dll"
+ "Microsoft DocProp Inplace Droplist Combo Control" "Microsoft DocProp Shell Ext" "Microsoft Corporation" "c:\windows\system32\docprop2.dll"
+ "Microsoft DocProp Inplace Edit Box Control" "Microsoft DocProp Shell Ext" "Microsoft Corporation" "c:\windows\system32\docprop2.dll"
+ "Microsoft DocProp Inplace ML Edit Box Control" "Microsoft DocProp Shell Ext" "Microsoft Corporation" "c:\windows\system32\docprop2.dll"
+ "Microsoft DocProp Inplace Time Control" "Microsoft DocProp Shell Ext" "Microsoft Corporation" "c:\windows\system32\docprop2.dll"
+ "Microsoft DocProp Shell Ext" "Microsoft DocProp Shell Ext" "Microsoft Corporation" "c:\windows\system32\docprop2.dll"
+ "Microsoft History AutoComplete List" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft Internet Toolbar" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft Multiple AutoComplete List Container" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft Shell Folder AutoComplete List" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft Url History Service" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Microsoft Url Search Hook" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Microsoft Web Browser" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Microsoft.XPS.Shell.Metadata.1" "Package Document Shell Extension Handler" "Microsoft Corporation" "c:\windows\system32\xpsshhdr.dll"
+ "Microsoft.XPS.Shell.Thumbnail.1" "Package Document Shell Extension Handler" "Microsoft Corporation" "c:\windows\system32\xpsshhdr.dll"
+ "Midi Properties Handler" "Media File Property Extractor Shell Extension" "Microsoft Corporation" "c:\windows\system32\shmedia.dll"
+ "MMC Icon Handler" "MMC Shell Extension DLL" "Microsoft Corporation" "c:\windows\system32\mmcshext.dll"
+ "MRU AutoComplete List" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "MSHTML Document" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "Multimedia File Property Sheet" "Control Panel Drivers Applet" "Microsoft Corporation" "c:\windows\system32\mmsys.cpl"
+ "MyDocs Copy Hook" "My Documents Folder UI" "Microsoft Corporation" "c:\windows\system32\mydocs.dll"
+ "MyDocs Drop Target" "My Documents Folder UI" "Microsoft Corporation" "c:\windows\system32\mydocs.dll"
+ "MyDocs Properties" "My Documents Folder UI" "Microsoft Corporation" "c:\windows\system32\mydocs.dll"
+ "Network Connections" "Network Connections Shell" "Microsoft Corporation" "c:\windows\system32\netshell.dll"
+ "Network Connections" "Network Connections Shell" "Microsoft Corporation" "c:\windows\system32\netshell.dll"
+ "Nokia Phone Browser" "Phone Browser" "Nokia" "c:\program files\nokia\nokia pc suite 7\phonebrowser.dll"
+ "NTFS Security Page" "Security Shell Extension" "Microsoft Corporation" "c:\windows\system32\rshx32.dll"
+ "nView Desktop Context Menu" "NVIDIA Desktop Explorer, Version 53.82 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "Office Document Property Handler" "Microsoft Property System" "Microsoft Corporation" "c:\windows\system32\propsys.dll"
+ "Offline Files Folder" "Client Side Caching UI" "Microsoft Corporation" "c:\windows\system32\cscui.dll"
+ "Offline Files Folder Options" "Client Side Caching UI" "Microsoft Corporation" "c:\windows\system32\cscui.dll"
+ "Offline Files Menu" "Client Side Caching UI" "Microsoft Corporation" "c:\windows\system32\cscui.dll"
+ "OLE Docfile Property Page" "OLE DocFile Property Page" "Microsoft Corporation" "c:\windows\system32\docprop.dll"
+ "OpenOffice.org Column Handler" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
+ "OpenOffice.org Infotip Handler" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
+ "OpenOffice.org Property Sheet Handler" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
+ "OpenOffice.org Thumbnail Viewer" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
+ "PlusPack CPL Extension" "Windows Theme API" "Microsoft Corporation" "c:\windows\system32\themeui.dll"
+ "Portable Devices" "Portable Devices Shell Extension" "Microsoft Corporation" "c:\windows\system32\wpdshext.dll"
+ "Portable Devices Menu" "Portable Devices Shell Extension" "Microsoft Corporation" "c:\windows\system32\wpdshext.dll"
+ "Portable Media Devices" "Portable Media Devices Shell Extension" "Microsoft Corporation" "c:\windows\system32\audiodev.dll"
+ "PostAgent" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "Previous Versions" "Previous Versions property page" "Microsoft Corporation" "c:\windows\system32\twext.dll"
+ "Previous Versions Property Page" "Previous Versions property page" "Microsoft Corporation" "c:\windows\system32\twext.dll"
+ "Print Ordering via the Web" "Map Network Drives/Network Places Wizard" "Microsoft Corporation" "c:\windows\system32\netplwiz.dll"
+ "Printers Security Page" "Security Shell Extension" "Microsoft Corporation" "c:\windows\system32\rshx32.dll"
+ "Registry Tree Options Utility" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Remote Sessions CPL Extension" "Remote Sessions CPL Extension" "Microsoft Corporation" "c:\windows\system32\remotepg.dll"
+ "Run..." "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Scanners & Cameras" "Imaging Devices Shell Folder UI" "Microsoft Corporation" "c:\windows\system32\wiashext.dll"
+ "Scanners & Cameras" "Imaging Devices Shell Folder UI" "Microsoft Corporation" "c:\windows\system32\wiashext.dll"
+ "Scanners & Cameras" "Imaging Devices Shell Folder UI" "Microsoft Corporation" "c:\windows\system32\wiashext.dll"
+ "Scanners & Cameras" "Imaging Devices Shell Folder UI" "Microsoft Corporation" "c:\windows\system32\wiashext.dll"
+ "Scanners & Cameras" "Imaging Devices Shell Folder UI" "Microsoft Corporation" "c:\windows\system32\wiashext.dll"
+ "Scheduled Tasks" "Task Scheduler interface DLL" "Microsoft Corporation" "c:\windows\system32\mstask.dll"
+ "Search" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Search Assistant OC" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Sendmail service" "Send Mail" "Microsoft Corporation" "c:\windows\system32\sendmail.dll"
+ "Sendmail service" "Send Mail" "Microsoft Corporation" "c:\windows\system32\sendmail.dll"
+ "Set Program Access and Defaults" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Shell Application Manager" "Shell Application Manager" "Microsoft Corporation" "c:\windows\system32\appwiz.cpl"
+ "Shell Automation Inproc Service" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Shell Band Site Menu" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Shell DeskBar" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Shell DeskBarApp" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Shell DocObject Viewer" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Shell extensions for Microsoft Windows Network objects" "Network object shell UI" "Microsoft Corporation" "c:\windows\system32\ntlanui2.dll"
+ "Shell extensions for sharing" "Shell extensions for sharing" "Microsoft Corporation" "c:\windows\system32\ntshrui.dll"
+ "Shell extensions for sharing" "Shell extensions for sharing" "Microsoft Corporation" "c:\windows\system32\ntshrui.dll"
+ "Shell extensions for Windows Script Host" "Microsoft ® Shell Extension for Windows Script Host" "Microsoft Corporation" "c:\windows\system32\wshext.dll"
+ "Shell Icon Handler for Application References" "Application Deployment Support Library" "Microsoft Corporation" "c:\windows\system32\dfshim.dll"
+ "Shell Image Data Factory" "Windows Picture and Fax Viewer" "Microsoft Corporation" "c:\windows\system32\shimgvw.dll"
+ "Shell Image Property Handler" "Windows Picture and Fax Viewer" "Microsoft Corporation" "c:\windows\system32\shimgvw.dll"
+ "Shell Image Verbs" "Windows Picture and Fax Viewer" "Microsoft Corporation" "c:\windows\system32\shimgvw.dll"
+ "Shell Microsoft AutoComplete" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Shell properties for a DS object" "Directory Service Find" "Microsoft Corporation" "c:\windows\system32\dsquery.dll"
+ "Shell Publishing Wizard Object" "Map Network Drives/Network Places Wizard" "Microsoft Corporation" "c:\windows\system32\netplwiz.dll"
+ "Shell Rebar BandSite" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Shell Scrap DataHandler" "Shell scrap object handler" "Microsoft Corporation" "c:\windows\system32\shscrap.dll"
+ "Shell Search Band" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "ShellLink for Application References" "Application Deployment Support Library" "Microsoft Corporation" "c:\windows\system32\dfshim.dll"
+ "Subscription Folder" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "Subscription Mgr" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "Summary Info Thumbnail handler (DOCFILES)" "Windows Picture and Fax Viewer" "Microsoft Corporation" "c:\windows\system32\shimgvw.dll"
+ "Taskbar and Start Menu" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Tasks Folder Icon Handler" "Task Scheduler interface DLL" "Microsoft Corporation" "c:\windows\system32\mstask.dll"
+ "Tasks Folder Shell Extension" "Task Scheduler interface DLL" "Microsoft Corporation" "c:\windows\system32\mstask.dll"
+ "Temporary Internet Files" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Temporary Internet Files" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "The Internet" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Track Popup Bar" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "TrayAgent" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "TridentImageExtractor" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "User Accounts" "Map Network Drives/Network Places Wizard" "Microsoft Corporation" "c:\windows\system32\netplwiz.dll"
+ "User Assist" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Video Media Properties Handler" "Media File Property Extractor Shell Extension" "Microsoft Corporation" "c:\windows\system32\shmedia.dll"
+ "Video Thumbnail Extractor" "Media File Property Extractor Shell Extension" "Microsoft Corporation" "c:\windows\system32\shmedia.dll"
+ "Wav Properties Handler" "Media File Property Extractor Shell Extension" "Microsoft Corporation" "c:\windows\system32\shmedia.dll"
+ "Web Folders" "Windows executable" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web folders\msonsext.dll"
+ "Web Printer Shell Extension" "Print UI DLL" "Microsoft Corporation" "c:\windows\system32\printui.dll"
+ "Web Publishing Wizard" "Map Network Drives/Network Places Wizard" "Microsoft Corporation" "c:\windows\system32\netplwiz.dll"
+ "Web Search" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "WebCheck" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "WebCheck SyncMgr Handler" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "WebCheckChannelAgent" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "WebCheckWebCrawler" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "Windows Desktop Search" "Windows Search Results View" "Microsoft Corporation" "c:\program files\windows desktop search\msnlext.dll"
+ "Windows Live Photo Gallery Autoplay Drop Target Shim" "Windows Live Drop Target Shim" "Microsoft Corporation" "c:\program files\windows live\photo gallery\photoviewershim.dll"
+ "Windows Live Photo Gallery Editor Drop Target Shim" "Windows Live Drop Target Shim" "Microsoft Corporation" "c:\program files\windows live\photo gallery\photoviewershim.dll"
+ "Windows Live Photo Gallery Viewer Autoplay Shim" "Windows Live Drop Target Shim" "Microsoft Corporation" "c:\program files\windows live\photo gallery\photoviewershim.dll"
+ "Windows Live Photo Gallery Viewer Drop Target Shim" "Windows Live Drop Target Shim" "Microsoft Corporation" "c:\program files\windows live\photo gallery\photoviewershim.dll"
+ "Windows Media Player Add to Playlist Context Menu Handler" "Windows Media Player Launcher" "Microsoft Corporation" "c:\windows\system32\wmpshell.dll"
+ "Windows Media Player Burn Audio CD Context Menu Handler" "Windows Media Player Launcher" "Microsoft Corporation" "c:\windows\system32\wmpshell.dll"
+ "Windows Media Player Play as Playlist Context Menu Handler" "Windows Media Player Launcher" "Microsoft Corporation" "c:\windows\system32\wmpshell.dll"
+ "Windows Search Deskbar" "Windows Search Deskbar extension" "Microsoft Corporation" "c:\program files\windows desktop search\deskbar.dll"
+ "WinRAR shell extension" "" "" "c:\program files\winrar\rarext.dll"
+ "WLMD Message Handler" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgssie.dll"
+ "ContributeBHO Class" "Contribute IE Plugin" "Adobe Systems Incorporated." "c:\program files\adobe\adobe contribute cs4\contributeieplugin.dll"
+ "Download Guard for Internet Explorer" "Enables Ad-Aware scanning for IE" "Lavasoft AB" "c:\program files\lavasoft\download guard for internet explorer\downloadguardbho.dll"
+ "EpsonToolBandKicker Class" "EPSON Web-To-Page" "SEIKO EPSON CORPORATION" "c:\program files\epson\epson web-to-page\epson web-to-page.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Search Helper" "Search Helper for Internet Explorer" "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
+ "Skype add-on (mastermind)" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Toolbar Helper" "Windows Live Toolbar Core" "Microsoft Corporation" "c:\program files\windows live\toolbar\wltcore.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "Microsoft Url Search Hook" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "&Windows Live Toolbar" "Windows Live Toolbar Core" "Microsoft Corporation" "c:\program files\windows live\toolbar\wltcore.dll"
+ "EPSON Web-To-Page" "EPSON Web-To-Page" "SEIKO EPSON CORPORATION" "c:\program files\epson\epson web-to-page\epson web-to-page.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Diagnose Connection Problems..." "Network Diagnostic for Windows XP" "Microsoft Corporation" "c:\windows\network diagnostic\xpnetdiag.exe"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Ad-Aware Update (Weekly).job" "Ad-Aware Admin Application" "Lavasoft" "c:\program files\lavasoft\ad-aware\ad-awareadmin.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "JkDefrag.job" "" "" "File not found: C:\Documents and Settings\adie\Desktop\JkDefrag.exe"
+ "Scheduled Update for Ask Toolbar.job" "" "" "File not found: C:\Program Files\Ask.com\UpdateTask.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Adobe Version Cue CS4" "Adobe Version Cue CS4" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe"
+ "ALG" "Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall." "Microsoft Corporation" "c:\windows\system32\alg.exe"
X "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
+ "aspnet_state" "Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe"
+ "AudioSrv" "Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\audiosrv.dll"
+ "avg8emc" "AVG E-Mail Scanner" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgemc.exe"
+ "avg8wd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgwdsvc.exe"
+ "BITS" "Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled." "Microsoft Corporation" "c:\windows\system32\qmgr.dll"
X "Bonjour Service" "Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "Browser" "Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\browser.dll"
X "C-DillaSrv" "C-Dilla RTS Service" "C-Dilla Ltd" "c:\windows\system32\drivers\cdantsrv.exe"
X "cisvc" "Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language." "Microsoft Corporation" "c:\windows\system32\cisvc.exe"
+ "clr_optimization_v2.0.50727_32" "Microsoft .NET Framework NGEN" "Microsoft Corporation" "c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe"
+ "CryptSvc" "Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\cryptsvc.dll"
+ "DcomLaunch" "Provides launch functionality for DCOM services." "Microsoft Corporation" "c:\windows\system32\rpcss.dll"
+ "Dhcp" "Manages network configuration by registering and updating IP addresses and DNS names." "Microsoft Corporation" "c:\windows\system32\dhcpcsvc.dll"
+ "dmadmin" "Configures hard disk drives and volumes. The service only runs for configuration processes and then stops." "Microsoft Corp., Veritas Software" "c:\windows\system32\dmadmin.exe"
+ "dmserver" "Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corp." "c:\windows\system32\dmserver.dll"
+ "Dnscache" "Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\dnsrslvr.dll"
+ "Dot3svc" "This service performs IEEE 802.1X authentication on Ethernet interfaces" "Microsoft Corporation" "c:\windows\system32\dot3svc.dll"
+ "EapHost" "Provides windows clients Extensible Authentication Protocol Service" "Microsoft Corporation" "c:\windows\system32\eapsvc.dll"
+ "Eventlog" "Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped." "Microsoft Corporation" "c:\windows\system32\services.exe"
+ "EventSystem" "Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\es.dll"
+ "FastUserSwitchingCompatibility" "Provides management for applications that require assistance in a multiple user environment." "Microsoft Corporation" "c:\windows\system32\shsvcs.dll"
+ "Fax" "Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network." "Microsoft Corporation" "c:\windows\system32\fxssvc.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "FontCache3.0.0.0" "Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications." "Microsoft Corporation" "c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files\windows live\family safety\fsssvc.exe"
+ "FTRTSVC" "Allow protected access to routing table" "France Telecom SA" "c:\program files\common files\france telecom\shared modules\ftrtsvc\0\ftrtsvc.exe"
+ "gupdate1c98a0a4221bac0" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "helpsvc" "Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\pchealth\helpctr\binaries\pchsvc.dll"
+ "hkmsvc" "Manages health certificates and keys (used by NAP)" "Microsoft Corporation" "c:\windows\system32\kmsvc.dll"
+ "HTTPFilter" "This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\w3ssl.dll"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe"
+ "idsvc" "Securely enables the creation, management, and disclosure of digital identities." "Microsoft Corporation" "c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe"
+ "IISADMIN" "Allows administration of Web and FTP services through the Internet Information Services snap-in" "Microsoft Corporation" "c:\windows\system32\inetsrv\inetinfo.exe"
+ "ImapiService" "Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\imapi.exe"
+ "lanmanserver" "Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\srvsvc.dll"
+ "lanmanworkstation" "Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\wkssvc.dll"
+ "Lavasoft Ad-Aware Service" "Ad-Aware Service" "Lavasoft" "c:\program files\lavasoft\ad-aware\aawservice.exe"
+ "LmHosts" "Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution." "Microsoft Corporation" "c:\windows\system32\lmhsvc.dll"
+ "LPDSVC" "Provides a TCP/IP-based printing service that uses the Line Printer protocol." "Microsoft Corporation" "c:\windows\system32\tcpsvcs.exe"
+ "McciCMService" "mcci+McciCMService" "Motive Communications, Inc." "c:\program files\common files\motive\mccicmservice.exe"
+ "MSDTC" "Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. " "Microsoft Corporation" "c:\windows\system32\msdtc.exe"
+ "MSIServer" "Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\msiexec.exe"
+ "napagent" "Allows windows clients to participate in Network Access Protection" "Microsoft Corporation" "c:\windows\system32\qagentrt.dll"
+ "Netlogon" "Supports pass-through authentication of account logon events for computers in a domain." "Microsoft Corporation" "c:\windows\system32\lsass.exe"
+ "Netman" "Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections." "Microsoft Corporation" "c:\windows\system32\netman.dll"
+ "NetSvc" "NetSvc Module" "Intel® Corporation" "c:\program files\intel\ncs\sync\netsvc.exe"
+ "Nla" "Collects and stores network configuration and location information, and notifies applications when this information changes." "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "NtmsSvc" "Removable Storage Manager" "Microsoft Corporation" "c:\windows\system32\ntmssvc.dll"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "PLFlash DeviceIoControl Service" "PLFlash DeviceIoControl Service" "Prolific Technology Inc." "c:\windows\system32\ioctlsvc.exe"
+ "PlugPlay" "Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability." "Microsoft Corporation" "c:\windows\system32\services.exe"
+ "Pml Driver HPZ12" "PML Driver" "HP" "c:\windows\system32\hpzipm12.exe"
+ "PolicyAgent" "Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver." "Microsoft Corporation" "c:\windows\system32\lsass.exe"
+ "ProtectedStorage" "Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users." "Microsoft Corporation" "c:\windows\system32\lsass.exe"
+ "RasAuto" "Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address." "Microsoft Corporation" "c:\windows\system32\rasauto.dll"
+ "RasMan" "Creates a network connection." "Microsoft Corporation" "c:\windows\system32\rasmans.dll"
+ "RDSessMgr" "Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box." "Microsoft Corporation" "c:\windows\system32\sessmgr.exe"
+ "RegSrvc" "RegSrvc Module" "Intel Corporation" "c:\windows\system32\regsrvc.exe"
+ "RpcLocator" "Manages the RPC name service database." "Microsoft Corporation" "c:\windows\system32\locator.exe"
+ "RpcSs" "Provides the endpoint mapper and other miscellaneous RPC services." "Microsoft Corporation" "c:\windows\system32\rpcss.dll"
+ "S24EventMonitor" "Event Monitor - Supports driver extensions to NIC Driver for wireless adapters." "Intel Corporation " "c:\windows\system32\s24evmon.exe"
+ "SamSs" "Stores security information for local user accounts." "Microsoft Corporation" "c:\windows\system32\lsass.exe"
+ "SCardSvr" "Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\scardsvr.exe"
+ "Schedule" "Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\schedsvc.dll"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly." "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\seaport\seaport.exe"
+ "seclogon" "Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\seclogon.dll"
+ "SENS" "Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events." "Microsoft Corporation" "c:\windows\system32\sens.dll"
+ "ServiceLayer" "ServiceLayer Module" "Nokia." "c:\program files\pc connectivity solution\servicelayer.exe"
+ "SharedAccess" "Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network." "Microsoft Corporation" "c:\windows\system32\ipnathlp.dll"
+ "ShellHWDetection" "Windows Shell Services Dll" "Microsoft Corporation" "c:\windows\system32\shsvcs.dll"
+ "SMTPSVC" "Transports electronic mail across the network" "Microsoft Corporation" "c:\windows\system32\inetsrv\inetinfo.exe"
+ "SNMP" "Includes agents that monitor the activity in network devices and report to the network console workstation." "Microsoft Corporation" "c:\windows\system32\snmp.exe"
+ "SNMPTRAP" "Receives trap messages generated by local or remote SNMP agents and forwards the messages to SNMP management programs running on this computer." "Microsoft Corporation" "c:\windows\system32\snmptrap.exe"
+ "Spooler" "Loads files to memory for later printing." "Microsoft Corporation" "c:\windows\system32\spoolsv.exe"
+ "srservice" "Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties" "Microsoft Corporation" "c:\windows\system32\srsvc.dll"
+ "SSDPSRV" "Enables discovery of UPnP devices on your home network." "Microsoft Corporation" "c:\windows\system32\ssdpsrv.dll"
+ "stisvc" "Provides image acquisition services for scanners and cameras." "Microsoft Corporation" "c:\windows\system32\wiaservc.dll"
+ "SwPrv" "Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\dllhost.exe"
+ "TapiSrv" "Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service." "Microsoft Corporation" "c:\windows\system32\tapisrv.dll"
+ "TermService" "Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server." "Microsoft Corporation" "c:\windows\system32\termsrv.dll"
+ "Themes" "Provides user experience theme management." "Microsoft Corporation" "c:\windows\system32\shsvcs.dll"
+ "TrkWks" "Maintains links between NTFS files within a computer or across computers in a network domain." "Microsoft Corporation" "c:\windows\system32\trkwks.dll"
+ "upnphost" "Provides support to host Universal Plug and Play devices." "Microsoft Corporation" "c:\windows\system32\upnphost.dll"
+ "UPS" "Manages an uninterruptible power supply (UPS) connected to the computer." "Microsoft Corporation" "c:\windows\system32\ups.exe"
+ "Viewpoint Service" "Ensures Viewpoint 3D and Rich Media Technologies are up to date" "Viewpoint Corporation" "c:\program files\viewpoint\common\viewpointservice.exe"
+ "VSS" "Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\vssvc.exe"
+ "W32Time" "Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\w32time.dll"
+ "W3SVC" "Provides Web connectivity and administration through the Internet Information Services snap-in" "Microsoft Corporation" "c:\windows\system32\inetsrv\inetinfo.exe"
+ "WebClient" "Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\webclnt.dll"
+ "winmgmt" "Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\wbem\wmisvc.dll"
+ "WLTRYSVC" "" "" "c:\windows\system32\wltrysvc.exe"
+ "Wmi" "Provides systems management information to and from drivers." "Microsoft Corporation" "c:\windows\system32\advapi32.dll"
+ "WmiApSrv" "Provides performance library information from WMI HiPerf providers." "Microsoft Corporation" "c:\windows\system32\wbem\wmiapsrv.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "wscsvc" "Monitors system security settings and configurations." "Microsoft Corporation" "c:\windows\system32\wscsvc.dll"
+ "wuauserv" "Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site." "Microsoft Corporation" "c:\windows\system32\wuauserv.dll"
+ "WudfSvc" "Manages user-mode driver host processes" "Microsoft Corporation" "c:\windows\system32\wudfsvc.dll"
+ "WZCSVC" "Provides automatic configuration for the 802.11 adapters" "Microsoft Corporation" "c:\windows\system32\wzcsvc.dll"
+ "xmlprov" "Manages XML configuration files on a domain basis for automatic network provisioning." "Microsoft Corporation" "c:\windows\system32\xmlprov.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACPI" "ACPI Driver for NT" "Microsoft Corporation" "c:\windows\system32\drivers\acpi.sys"
+ "adfs" "Adobe Drive File System Driver" "Adobe Systems, Inc." "c:\windows\system32\drivers\adfs.sys"
+ "aec" "Microsoft Acoustic Echo Canceller" "Microsoft Corporation" "c:\windows\system32\drivers\aec.sys"
+ "Afc" "Arcsoft® ASPI Shell" "Arcsoft, Inc." "c:\windows\system32\drivers\afc.sys"
+ "AFD" "AFD Networking Support Environment" "Microsoft Corporation" "c:\windows\system32\drivers\afd.sys"
+ "agp440" "440 NT AGP Filter" "Microsoft Corporation" "c:\windows\system32\drivers\agp440.sys"
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "Arp1394" "1394 ARP Client Protocol" "Microsoft Corporation" "c:\windows\system32\drivers\arp1394.sys"
+ "AsyncMac" "RAS Asynchronous Media Driver" "Microsoft Corporation" "c:\windows\system32\drivers\asyncmac.sys"
+ "atapi" "IDE/ATAPI Port Driver" "Microsoft Corporation" "c:\windows\system32\drivers\atapi.sys"
+ "Atmarpc" "ATM ARP Client Protocol" "Microsoft Corporation" "c:\windows\system32\drivers\atmarpc.sys"
+ "audstub" "AudStub Driver" "Microsoft Corporation" "c:\windows\system32\drivers\audstub.sys"
+ "AVG Anti-Rootkit" "" "" "File not found: System32\DRIVERS\avgarkt.sys"
+ "AvgArCln" "" "" "File not found: System32\DRIVERS\AvgArCln.sys"
+ "AvgLdx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "AvgMfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "AvgTdiX" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "awbx3spx" "IDE/ATAPI Port Driver" "Microsoft Corporation" "c:\windows\system32\drivers\awbx3spx.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "Beep" "BEEP Driver" "Microsoft Corporation" "c:\windows\system32\drivers\beep.sys"
+ "Bridge" "MAC Bridge Driver" "Microsoft Corporation" "c:\windows\system32\drivers\bridge.sys"
+ "BridgeMP" "MAC Bridge Driver" "Microsoft Corporation" "c:\windows\system32\drivers\bridge.sys"
+ "bvrp_pci" "" "" "c:\windows\system32\drivers\bvrp_pci.sys"
+ "C-Dilla" "C-Dilla Windows NT RTS" "Macrovision" "c:\windows\system32\drivers\cdant.sys"
+ "catchme" "" "" "File not found: C:\DOCUME~1\adie\LOCALS~1\Temp\catchme.sys"
+ "CCDECODE" "WDM Closed Caption VBI Codec" "Microsoft Corporation" "c:\windows\system32\drivers\ccdecode.sys"
+ "Cdaudio" "CD-ROM Audio Filter Driver" "Microsoft Corporation" "c:\windows\system32\drivers\cdaudio.sys"
+ "Cdrom" "SCSI CD-ROM Driver" "Microsoft Corporation" "c:\windows\system32\drivers\cdrom.sys"
+ "Changer" "SCSI CD-ROM Driver" "Microsoft Corporation" "c:\windows\system32\drivers\changer.sys"
+ "CmBatt" "Control Method Battery Driver" "Microsoft Corporation" "c:\windows\system32\drivers\cmbatt.sys"
+ "Compbatt" "Composite Battery Driver" "Microsoft Corporation" "c:\windows\system32\drivers\compbatt.sys"
+ "cpuz132" "" "" "File not found: F:\Liberkey\LiberKey\Apps\PCWizard\App\PCWizard\pcwiz32.sys"
+ "DCamUSBSQTECH" "Universal Serial Bus Camera Driver" "Service & Quality Technology." "c:\windows\system32\drivers\sqcaptur.sys"
+ "DevUpper" "tiumflt.sys" "Texas Instruments Inc." "c:\windows\system32\drivers\tiumflt.sys"
+ "Disk" "PnP Disk Driver" "Microsoft Corporation" "c:\windows\system32\drivers\disk.sys"
+ "DMusic" "Microsoft Kernel DLS Synthesizer" "Microsoft Corporation" "c:\windows\system32\drivers\dmusic.sys"
+ "drmkaud" "Microsoft Kernel DRM Audio Descrambler Filter" "Microsoft Corporation" "c:\windows\system32\drivers\drmkaud.sys"
+ "Fdc" "Floppy Disk Controller Driver" "Microsoft Corporation" "c:\windows\system32\drivers\fdc.sys"
+ "Fips" "FIPS Crypto Driver" "Microsoft Corporation" "c:\windows\system32\drivers\fips.sys"
+ "Flpydisk" "Floppy Driver" "Microsoft Corporation" "c:\windows\system32\drivers\flpydisk.sys"
+ "FltMgr" "File System Filter Manager Driver" "Microsoft Corporation" "c:\windows\system32\drivers\fltmgr.sys"
+ "fssfltr" "Family Safety Filter Driver (TDI)" "Microsoft Corporation" "c:\windows\system32\drivers\fssfltr_tdi.sys"
+ "Ftdisk" "FT Disk Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ftdisk.sys"
+ "Gpc" "Generic Packet Classifier" "Microsoft Corporation" "c:\windows\system32\drivers\msgpc.sys"
+ "GTICARD" "Texas Instruments GemCore IFD Handler" "Texas Instruments" "c:\windows\system32\drivers\gticard.sys"
+ "gv3" "Processor Device Driver" "Microsoft Corporation" "c:\windows\system32\drivers\gv3.sys"
+ "HidUsb" "USB Miniport Driver for Input Devices" "Microsoft Corporation" "c:\windows\system32\drivers\hidusb.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "HSF_DP" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dp.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWICH" "HSFHWICH WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwich.sys"
+ "HTTP" "This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\drivers\http.sys"
+ "i2omgmt" "I2O Utility Filter" "Microsoft Corporation" "c:\windows\system32\drivers\i2omgmt.sys"
+ "i8042prt" "i8042 Port Driver" "Microsoft Corporation" "c:\windows\system32\drivers\i8042prt.sys"
+ "Imapi" "IMAPI Kernel Driver" "Microsoft Corporation" "c:\windows\system32\drivers\imapi.sys"
+ "IntelIde" "Intel PCI IDE Driver" "Microsoft Corporation" "c:\windows\system32\drivers\intelide.sys"
+ "intelppm" "Processor Device Driver" "Microsoft Corporation" "c:\windows\system32\drivers\intelppm.sys"
+ "ip6fw" "Provides intrusion prevention service for a home or small office network." "Microsoft Corporation" "c:\windows\system32\drivers\ip6fw.sys"
+ "IpFilterDriver" "IP Traffic Filter Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ipfltdrv.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ipinip.sys"
+ "IpNat" "IP Network Address Translator" "Microsoft Corporation" "c:\windows\system32\drivers\ipnat.sys"
+ "IPSec" "IPSEC driver" "Microsoft Corporation" "c:\windows\system32\drivers\ipsec.sys"
+ "IRENUM" "Infra-Red Bus Enumerator" "Microsoft Corporation" "c:\windows\system32\drivers\irenum.sys"
+ "irglpc" "" "" "File not found: system32\drivers\qtji.sys"
+ "isapnp" "PNP ISA Bus Driver" "Microsoft Corporation" "c:\windows\system32\drivers\isapnp.sys"
+ "Kbdclass" "Keyboard Class Driver" "Microsoft Corporation" "c:\windows\system32\drivers\kbdclass.sys"
+ "kmixer" "Kernel Mode Audio Mixer" "Microsoft Corporation" "c:\windows\system32\drivers\kmixer.sys"
+ "KSecDD" "Kernel Security Support Provider Interface" "Microsoft Corporation" "c:\windows\system32\drivers\ksecdd.sys"
+ "Lbd" "Ad-Aware mini-filter driver" "Lavasoft AB" "c:\windows\system32\drivers\lbd.sys"
+ "lbrtfdc" "Toshiba Libretto floppy controller" "Toshiba Corp." "c:\windows\system32\drivers\lbrtfdc.sys"
+ "MDC8021X" "AEGIS Protocol (IEEE 802.1x) v2.2.1.0" "Meetinghouse Data Communications" "c:\windows\system32\drivers\mdc8021x.sys"
+ "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "mnmdd" "Frame buffer simulator" "Microsoft Corporation" "c:\windows\system32\drivers\mnmdd.sys"
+ "Modem" "Modem Device Driver" "Microsoft Corporation" "c:\windows\system32\drivers\modem.sys"
+ "Mouclass" "Mouse Class Driver" "Microsoft Corporation" "c:\windows\system32\drivers\mouclass.sys"
+ "mouhid" "HID Mouse Filter Driver" "Microsoft Corporation" "c:\windows\system32\drivers\mouhid.sys"
+ "MountMgr" "Mount Manager" "Microsoft Corporation" "c:\windows\system32\drivers\mountmgr.sys"
+ "MREMP50" "PCAUSA NDIS 5.0 MPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\program files\common files\motive\mremp50.sys"
+ "MREMP50a64" "" "" "File not found: C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS"
+ "MREMPR5" "" "" "File not found: C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS"
+ "MRENDIS5" "" "" "File not found: C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS"
+ "MRESP50" "PCAUSA NDIS 5.0 SPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\program files\common files\motive\mresp50.sys"
+ "MRESP50a64" "" "" "File not found: C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS"
+ "MRxDAV" "WebDav Client Redirector" "Microsoft Corporation" "c:\windows\system32\drivers\mrxdav.sys"
+ "MRxSmb" "MRXSMB" "Microsoft Corporation" "c:\windows\system32\drivers\mrxsmb.sys"
+ "Msfs" "Mailslot driver" "Microsoft Corporation" "c:\windows\system32\drivers\msfs.sys"
+ "MSKSSRV" "MS KS Server" "Microsoft Corporation" "c:\windows\system32\drivers\mskssrv.sys"
+ "MSPCLOCK" "MS Proxy Clock" "Microsoft Corporation" "c:\windows\system32\drivers\mspclock.sys"
+ "MSPQM" "MS Proxy Quality Manager" "Microsoft Corporation" "c:\windows\system32\drivers\mspqm.sys"
+ "mssmbios" "System Management BIOS Driver" "Microsoft Corporation" "c:\windows\system32\drivers\mssmbios.sys"
+ "MSTEE" "WDM Tee/Communication Transform Filter " "Microsoft Corporation" "c:\windows\system32\drivers\mstee.sys"
+ "Mup" "Multiple UNC Provider driver" "Microsoft Corporation" "c:\windows\system32\drivers\mup.sys"
+ "NABTSFEC" "WDM NABTS/FEC VBI Codec" "Microsoft Corporation" "c:\windows\system32\drivers\nabtsfec.sys"
+ "NAL" "Intel® Network Adapter Diagnostic Driver" "Intel Corporation " "c:\windows\system32\drivers\iqvw32.sys"
+ "NDIS" "NDIS 5.1 wrapper driver" "Microsoft Corporation" "c:\windows\system32\drivers\ndis.sys"
+ "NdisIP" "Microsoft IP Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ndisip.sys"
+ "NdisTapi" "Remote Access NDIS TAPI Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ndistapi.sys"
+ "Ndisuio" "NDIS Usermode I/O Protocol" "Microsoft Corporation" "c:\windows\system32\drivers\ndisuio.sys"
+ "NdisWan" "Remote Access NDIS WAN Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ndiswan.sys"
+ "NDProxy" "NDIS Proxy" "Microsoft Corporation" "c:\windows\system32\drivers\ndproxy.sys"
+ "NetBIOS" "NetBIOS Interface" "Microsoft Corporation" "c:\windows\system32\drivers\netbios.sys"
+ "NetBT" "NetBios over Tcpip" "Microsoft Corporation" "c:\windows\system32\drivers\netbt.sys"
+ "NIC1394" "IEEE1394 Ndis Miniport and Call Manager" "Microsoft Corporation" "c:\windows\system32\drivers\nic1394.sys"
+ "nmwcd" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\ccdcmb.sys"
+ "nmwcdc" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\ccdcmbo.sys"
+ "Npfs" "NPFS Driver" "Microsoft Corporation" "c:\windows\system32\drivers\npfs.sys"
+ "NSNDIS5" "" "" "File not found: C:\WINDOWS\System32\Drivers\NSNDIS5.sys"
+ "ntiomin" "" "" "File not found: C:\WINDOWS\System32\Drivers\ntiomin.sys"
+ "Null" "NULL Driver" "Microsoft Corporation" "c:\windows\system32\drivers\null.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 53.82 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "Microsoft Corporation" "c:\windows\system32\drivers\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "Microsoft Corporation" "c:\windows\system32\drivers\nwlnkfwd.sys"
+ "ohci1394" "1394 OpenHCI Port Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ohci1394.sys"
+ "OMCI" "OMCI Device Driver" "Dell Inc" "c:\windows\system32\drivers\omci.sys"
+ "Parport" "Parallel Port Driver" "Microsoft Corporation" "c:\windows\system32\drivers\parport.sys"
+ "PartMgr" "Partition Manager" "Microsoft Corporation" "c:\windows\system32\drivers\partmgr.sys"
+ "ParVdm" "VDM Parallel Driver" "Microsoft Corporation" "c:\windows\system32\drivers\parvdm.sys"
+ "PCAMPR5" "PCAUSA NDIS 5.0 MPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\windows\system32\pcampr5.sys"
+ "PCANDIS5" "PCAUSA NDIS 5.0 Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\windows\system32\pcandis5.sys"
+ "pccsmcfd" "PCCS Mode Change Filter Driver" "Nokia" "c:\windows\system32\drivers\pccsmcfd.sys"
+ "PCI" "NT Plug and Play PCI Enumerator" "Microsoft Corporation" "c:\windows\system32\drivers\pci.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PCIIde" "Generic PCI IDE Bus Driver" "Microsoft Corporation" "c:\windows\system32\drivers\pciide.sys"
+ "Pcmcia" "PCMCIA Bus Driver" "Microsoft Corporation" "c:\windows\system32\drivers\pcmcia.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "PptpMiniport" "WAN Miniport (PPTP)" "Microsoft Corporation" "c:\windows\system32\drivers\raspptp.sys"
+ "Processor" "Processor Device Driver" "Microsoft Corporation" "c:\windows\system32\drivers\processr.sys"
+ "PSched" "QoS Packet Scheduler" "Microsoft Corporation" "c:\windows\system32\drivers\psched.sys"
+ "PSI" "PSI mini-filter driver" "Secunia" "c:\windows\system32\drivers\psi_mf.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RasAcd" "Remote Access Auto Connection Driver" "Microsoft Corporation" "c:\windows\system32\drivers\rasacd.sys"
+ "Rasl2tp" "WAN Miniport (L2TP)" "Microsoft Corporation" "c:\windows\system32\drivers\rasl2tp.sys"
+ "RasPppoe" "Remote Access PPPOE Driver" "Microsoft Corporation" "c:\windows\system32\drivers\raspppoe.sys"
+ "Raspti" "Direct Parallel" "Microsoft Corporation" "c:\windows\system32\drivers\raspti.sys"
+ "Rdbss" "Rdbss" "Microsoft Corporation" "c:\windows\system32\drivers\rdbss.sys"
+ "RDPCDD" "RDP Miniport" "Microsoft Corporation" "c:\windows\system32\drivers\rdpcdd.sys"
+ "rdpdr" "Microsoft RDP Device redirector" "Microsoft Corporation" "c:\windows\system32\drivers\rdpdr.sys"
+ "RDPWD" "RDP Terminal Stack Driver (US/Canada Only, Not for Export)" "Microsoft Corporation" "c:\windows\system32\drivers\rdpwd.sys"
+ "redbook" "Redbook Audio Filter Driver" "Microsoft Corporation" "c:\windows\system32\drivers\redbook.sys"
+ "s24trans" "WLAN Transport" "Intel Corporation" "c:\windows\system32\drivers\s24trans.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASENUM" "SuperAntiSpyware" "SuperAdBlocker, Inc." "c:\program files\superantispyware\sasenum.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "serenum" "Serial Port Enumerator" "Microsoft Corporation" "c:\windows\system32\drivers\serenum.sys"
+ "Serial" "Serial Device Driver" "Microsoft Corporation" "c:\windows\system32\drivers\serial.sys"
+ "Sfloppy" "SCSI Floppy Driver" "Microsoft Corporation" "c:\windows\system32\drivers\sfloppy.sys"
+ "SLIP" "Microsoft Slip Deframing Filter Minidriver" "Microsoft Corporation" "c:\windows\system32\drivers\slip.sys"
+ "splitter" "Microsoft Kernel Audio Splitter" "Microsoft Corporation" "c:\windows\system32\drivers\splitter.sys"
+ "sptd" "" "" "c:\windows\system32\drivers\sptd.sys"
+ "sr" "System Restore Filesystem Filter Driver" "Microsoft Corporation" "c:\windows\system32\drivers\sr.sys"
+ "Srv" "Srv" "Microsoft Corporation" "c:\windows\system32\drivers\srv.sys"
+ "STAC97" "SigmaTel Audio Driver (WDM)" "SigmaTel, Inc." "c:\windows\system32\drivers\stac97.sys"
+ "StillCam" "Serial Imaging Device Driver" "Microsoft Corporation" "c:\windows\system32\drivers\serscan.sys"
+ "streamip" "Microsoft IP Test Driver" "Microsoft Corporation" "c:\windows\system32\drivers\streamip.sys"
+ "swenum" "Plug and Play Software Device Enumerator" "Microsoft Corporation" "c:\windows\system32\drivers\swenum.sys"
+ "swmidi" "Microsoft GS Wavetable Synthesizer" "Microsoft Corporation" "c:\windows\system32\drivers\swmidi.sys"
+ "sysaudio" "System Audio WDM Filter" "Microsoft Corporation" "c:\windows\system32\drivers\sysaudio.sys"
+ "Tcpip" "TCP/IP Protocol Driver" "Microsoft Corporation" "c:\windows\system32\drivers\tcpip.sys"
+ "TDPIPE" "Named Pipe Transport Driver" "Microsoft Corporation" "c:\windows\system32\drivers\tdpipe.sys"
+ "TDTCP" "TCP Transport Driver" "Microsoft Corporation" "c:\windows\system32\drivers\tdtcp.sys"
+ "TermDD" "Terminal Server Driver" "Microsoft Corporation" "c:\windows\system32\drivers\termdd.sys"
+ "tiumfwl" "tiumfwl.sys" "Texas Instruments Inc." "c:\windows\system32\drivers\tiumfwl.sys"
+ "Update" "Update Driver" "Microsoft Corporation" "c:\windows\system32\drivers\update.sys"
+ "upperdev" "Filter Driver for Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\usbser_lowerflt.sys"
+ "usbccgp" "USB Common Class Generic Parent Driver" "Microsoft Corporation" "c:\windows\system32\drivers\usbccgp.sys"
+ "usbehci" "EHCI eUSB Miniport Driver" "Microsoft Corporation" "c:\windows\system32\drivers\usbehci.sys"
+ "usbhub" "Default Hub Driver for USB" "Microsoft Corporation" "c:\windows\system32\drivers\usbhub.sys"
+ "usbprint" "USB Printer driver" "Microsoft Corporation" "c:\windows\system32\drivers\usbprint.sys"
+ "usbscan" "USB Scanner Driver" "Microsoft Corporation" "c:\windows\system32\drivers\usbscan.sys"
+ "usbser" "USB Modem Driver" "Microsoft Corporation" "c:\windows\system32\drivers\usbser.sys"
+ "UsbserFilt" "Filter Driver for Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\usbser_lowerfltj.sys"
+ "USBSTOR" "USB Mass Storage Class Driver" "Microsoft Corporation" "c:\windows\system32\drivers\usbstor.sys"
+ "usbuhci" "UHCI USB Miniport Driver" "Microsoft Corporation" "c:\windows\system32\drivers\usbuhci.sys"
+ "VBoxNetAdp" "VirtualBox Host-Only Network Adapter Driver" "Sun Microsystems, Inc." "c:\windows\system32\drivers\vboxnetadp.sys"
+ "VBoxNetFlt" "" "" "File not found: system32\DRIVERS\VBoxNetFlt.sys"
+ "VBoxUSB" "VirtualBox USB Driver" "Sun Microsystems, Inc." "c:\windows\system32\drivers\vboxusb.sys"
+ "vcdrom" "" "" "File not found: F:\XPortableAppsVCDRom\VCdRom.sys"
+ "VgaSave" "Controls the VGA display adapter to provide basic display capabilities." "Microsoft Corporation" "c:\windows\system32\drivers\vga.sys"
+ "VolSnap" "Volume Shadow Copy Driver" "Microsoft Corporation" "c:\windows\system32\drivers\volsnap.sys"
+ "w70n51" "Intel® PRO/Wireless LAN Driver" "Intel® Corporation" "c:\windows\system32\drivers\w70n51.sys"
+ "Wanarp" "Remote Access IP ARP Driver" "Microsoft Corporation" "c:\windows\system32\drivers\wanarp.sys"
+ "Wdf01000" "WDF Dynamic" "Microsoft Corporation" "c:\windows\system32\drivers\wdf01000.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "wdmaud" "MMSYSTEM Wave/Midi API mapper" "Microsoft Corporation" "c:\windows\system32\drivers\wdmaud.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
+ "WpdUsb" "WPD USB Driver" "Microsoft Corporation" "c:\windows\system32\drivers\wpdusb.sys"
+ "WSTCODEC" "WDM WST Codec Driver" "Microsoft Corporation" "c:\windows\system32\drivers\wstcodec.sys"
+ "WudfPf" "Provide communciation services for UMDF components." "Microsoft Corporation" "c:\windows\system32\drivers\wudfpf.sys"
+ "WudfRd" "Reflect device requests to user-mode driver drivers" "Microsoft Corporation" "c:\windows\system32\drivers\wudfrd.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "midi" "WDM Audio driver mapper" "Microsoft Corporation" "c:\windows\system32\wdmaud.drv"
+ "midimapper" "Microsoft MIDI Mapper" "Microsoft Corporation" "c:\windows\system32\midimap.dll"
+ "mixer" "WDM Audio driver mapper" "Microsoft Corporation" "c:\windows\system32\wdmaud.drv"
+ "msacm.ac3acm" "AC-3 ACM Codec" "fccHandler" "c:\windows\system32\ac3acm.acm"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.imaadpcm" "IMA ADPCM CODEC for MSACM" "Microsoft Corporation" "c:\windows\system32\imaadp32.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.acm"
+ "msacm.lameacm" "Lame MP3 codec engine" "http://www.mp3dev.org/" "c:\windows\system32\lameacm.acm"
+ "msacm.msadpcm" "Microsoft ADPCM CODEC for MSACM" "Microsoft Corporation" "c:\windows\system32\msadp32.acm"
+ "msacm.msaudio1" "Windows Media Audio" "Microsoft Corporation" "c:\windows\system32\msaud32.acm"
+ "msacm.msg711" "Microsoft CCITT G.711 (A-Law and u-Law) CODEC for MSACM" "Microsoft Corporation" "c:\windows\system32\msg711.acm"
+ "msacm.msg723" "Microsoft G.723.1 CODEC for MSACM" "Microsoft Corporation" "c:\windows\system32\msg723.acm"
+ "msacm.msgsm610" "Microsoft GSM 6.10 Audio CODEC for MSACM" "Microsoft Corporation" "c:\windows\system32\msgsm32.acm"
+ "msacm.siren" "Messenger Audio Codec" "Microsoft Corporation" "c:\windows\system32\sirenacm.dll"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "MSVideo8" "VfW MM Driver for WDM Video Capture Devices" "Microsoft Corporation" "c:\windows\system32\vfwwdm32.dll"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "VIDC.FFDS" "" "" "c:\windows\system32\ff_vfw.dll"
+ "VIDC.I420" "Microsoft H.263 ICM Driver" "Microsoft Corporation" "c:\windows\system32\msh263.drv"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "VIDC.IYUV" "Intel Indeo® Video YUV Codec" "Microsoft Corporation" "c:\windows\system32\iyuv_32.dll"
+ "vidc.M261" "Microsoft H.261 ICM Driver" "Microsoft Corporation" "c:\windows\system32\msh261.drv"
+ "vidc.M263" "Microsoft H.263 ICM Driver" "Microsoft Corporation" "c:\windows\system32\msh263.drv"
+ "vidc.mrle" "Microsoft RLE Compressor" "Microsoft Corporation" "c:\windows\system32\msrle32.dll"
+ "vidc.msvc" "Microsoft Video 1 Compressor" "Microsoft Corporation" "c:\windows\system32\msvidc32.dll"
+ "VIDC.UYVY" "Microsoft UYVY Video Decompressor" "Microsoft Corporation" "c:\windows\system32\msyuv.dll"
+ "VIDC.WMV3" "Windows Media Video 9 VCM" "Microsoft Corporation" "c:\windows\system32\wmv9vcm.dll"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "VIDC.YUY2" "Microsoft UYVY Video Decompressor" "Microsoft Corporation" "c:\windows\system32\msyuv.dll"
+ "VIDC.YV12" "Helix YV12 YUV Codec" "www.helixcommunity.org" "c:\windows\system32\yv12vfw.dll"
+ "VIDC.YVU9" "Toshiba Video Codec" "Microsoft Corporation" "c:\windows\system32\tsbyuv.dll"
+ "VIDC.YVYU" "Microsoft UYVY Video Decompressor" "Microsoft Corporation" "c:\windows\system32\msyuv.dll"
+ "wave" "WDM Audio driver mapper" "Microsoft Corporation" "c:\windows\system32\wdmaud.drv"
+ "wavemapper" "Microsoft Sound Mapper" "Microsoft Corporation" "c:\windows\system32\msacm32.drv"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ ""MainConcept (Adobe2) AAC Decoder"" "AAC audio decoder filter" "MainConcept AG" "c:\program files\adobe\adobe premiere pro cs4\ad2daac.ax"
+ ""MainConcept (Adobe2) AAC Encoder"" "AAC audio encoder filter" "MainConcept AG" "c:\program files\adobe\adobe premiere pro cs4\ad2eaac.ax"
+ ""MainConcept (Adobe2) H.264 Encoder"" "DirectShow H.264/AVC Encoder Filter" "MainConcept AG" "c:\program files\adobe\adobe premiere pro cs4\ad2esh264.ax"
+ ""MainConcept (Adobe2) H.264/AVC Decoder"" "DirectShow H.264/AVC Decoder Filter" "MainConcept AG" "c:\program files\adobe\adobe premiere pro cs4\ad2dsh264.ax"
+ ""MainConcept (Adobe2) H.264/AVC Video Encoder"" "DirectShow H.264/AVC Video Encoder Filter" "MainConcept AG" "c:\program files\adobe\adobe premiere pro cs4\ad2evh264.ax"
+ ""MainConcept (Adobe2) MPEG Audio Decoder"" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\adobe\adobe premiere pro cs4\ad2mcdsmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Audio Encoder"" "MPEG Audio Encoder" "MainConcept AG" "c:\program files\adobe\adobe premiere pro cs4\ad2mceampeg.ax"
+ ""MainConcept (Adobe2) MPEG Encoder"" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files\adobe\adobe premiere pro cs4\ad2mcesmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Multiplexer"" "MPEG Multiplexer" "" "c:\program files\adobe\adobe premiere pro cs4\ad2mcmuxmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Splitter"" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files\adobe\adobe premiere pro cs4\ad2mcspmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Video Decoder"" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\adobe\adobe premiere pro cs4\ad2mcdsmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Video Encoder"" "MPEG Video Encoder" "MainConcept AG" "c:\program files\adobe\adobe premiere pro cs4\ad2mcevmpeg.ax"
+ ".RAM Parser" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3 Parser Filter" "DirectShow MPEG-2 Splitter." "Microsoft Corporation" "c:\windows\system32\mpg2splt.ax"
+ "AC3File" "" "" "c:\program files\k-lite codec pack\filters\ac3file.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "ACM Wrapper" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ASF ACM Handler" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "ASF Animation Handler" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "ASF DIB Handler" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "ASF DJPEG Handler" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "ASF ICM Handler" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "ASF JPEG Handler" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "ASF URL Handler" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "ASX File Parser" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "ASX v.2 File Parser" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "AVI Decompressor" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "AVI Draw Filter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "AVI mux" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qcap.dll"
+ "AVI Splitter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "AVI/WAV File Source" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "BDA MPEG2 Transport Information Filter" "Microsoft Transport Information Filter for MPEG2 based networks." "Microsoft Corporation" "c:\windows\system32\psisrndr.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Color Space Converter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "CoreVorbis Audio Decoder" "CoreVorbis" "-" "c:\program files\k-lite codec pack\filters\corevorbis.ax"
+ "CyberLink Video/SP Decoder (PDVD9)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\k-lite codec pack\filters\clvsd.ax"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files\k-lite codec pack\filters\dcbasssource.ax"
+ "Default Video Renderer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DV Muxer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qdv.dll"
+ "DV Splitter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qdv.dll"
+ "DV Video Decoder" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qdv.dll"
+ "DVD Navigator" "DirectShow DVD PlayBack Runtime." "Microsoft Corporation" "c:\windows\system32\qdvd.dll"
+ "Emuzed AAC/AAC+ Decoder TFilter" "Emuzed AAC/AAC+ Decoder Filter" "Emuzed Inc. " "c:\program files\common files\nokia\codecs\emzaacdecfilter.dll"
+ "Emuzed AMR/3GPP/MP4/MP3 Multiplexer-Filter" "Emuzed MP4/3GP2/AMR/QCP Multiplexer/Sink Filter" "Emuzed Inc. " "c:\program files\common files\nokia\codecs\ezdmp4muxfilter.dll"
+ "Emuzed AMR/QCP/3GPP/MP4/3G2 Source Filter" "Emuzed MP4/3GP2/AMR/QCP Source Filter" "Emuzed Inc. " "c:\program files\common files\nokia\codecs\emzmp4source.dll"
+ "Emuzed H264 Video Decoder-Filter" "Emuzed H.264 Video Transform Filter" "Emuzed Inc. " "c:\program files\common files\nokia\codecs\ezdh264dectfilter.dll"
+ "Emuzed MP3 Source/Decoder Filter" "Emuzed MP3 Source/Decoder Filter" "Emuzed Inc. " "c:\program files\common files\nokia\codecs\emzmp3sourcefilter.dll"
+ "Emuzed MP4SP/H263 Video Decoder-Filter" "Emuzed MP4SP/H.263 Video Transform Filter" "Emuzed Inc. " "c:\program files\common files\nokia\codecs\emzdecmp4_h263.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "File Source (Async.)" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "File Source (Monkey Audio)" "" "" "c:\program files\k-lite codec pack\filters\monkeysource.ax"
+ "File Source (URL)" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "File stream renderer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "File Writer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qcap.dll"
+ "FLV Source" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "FLV Splitter" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "FLV4 Video Decoder" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Full Screen Renderer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "G.711 Codec" "Intel G711 CODEC" "Microsoft Corporation" "c:\windows\system32\g711codc.ax"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Infinite Pin Tee Filter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qcap.dll"
+ "Internal Text Renderer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Line 21 Decoder" "DirectShow DVD PlayBack Runtime." "Microsoft Corporation" "c:\windows\system32\qdvd.dll"
+ "Line 21 Decoder 2" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "Microsoft MPEG-4 Video Decompressor" "Microsoft MPEG-4 Video Decompressor" "Microsoft Corporation" "c:\windows\system32\mpg4ds32.ax"
+ "Microsoft Screen Video Decompressor" "Microsoft Screen Video Decompressor" "Microsoft Corporation" "c:\windows\system32\msscds32.ax"
+ "MIDI Parser" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "MJPEG Decompressor" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "MONOGRAM AMR Decoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Encoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Mux" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Splitter" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM Musepack Decoder" "mmmpcdec" "" "c:\program files\k-lite codec pack\filters\mmmpcdec.ax"
+ "MONOGRAM Musepack Splitter" "mmmpcdmx" "" "c:\program files\k-lite codec pack\filters\mmmpcdmx.ax"
+ "MP4 Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MP4 Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPEG Audio Codec" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "MPEG Video Codec" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "MPEG-2 Demultiplexer" "DirectShow MPEG-2 Splitter." "Microsoft Corporation" "c:\windows\system32\mpg2splt.ax"
+ "MPEG-2 Sections and Tables" "Microsoft MPEG-2 Section and Table Acquisition Module" "Microsoft Corporation" "c:\windows\system32\mpeg2data.ax"
+ "MPEG-2 Splitter" "DirectShow MPEG-2 Splitter." "Microsoft Corporation" "c:\windows\system32\mpg2splt.ax"
+ "Mpeg-2 Video Stream Analysis" "DirectShow Stream Buffer Filter." "Microsoft Corporation" "c:\windows\system32\sbe.dll"
+ "MPEG-I Stream Splitter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "MPEG4 Video Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPEG4 Video Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "Multi-file Parser" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "NSC File Parser" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "Null Renderer" "DirectShow Editing." "Microsoft Corporation" "c:\windows\system32\qedit.dll"
+ "Overlay Mixer" "DirectShow DVD PlayBack Runtime." "Microsoft Corporation" "c:\windows\system32\qdvd.dll"
+ "Overlay Mixer2" "DirectShow DVD PlayBack Runtime." "Microsoft Corporation" "c:\windows\system32\qdvd.dll"
+ "QT Decompressor" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "QuickTime Movie Parser" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Render Dib" "Special Effects Sample" "ArcSoft" "c:\program files\arcsoft\photoimpression 4\ezrgb24.ax"
+ "SAMI (CC) Reader" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Sample Grabber" "DirectShow Editing." "Microsoft Corporation" "c:\windows\system32\qedit.dll"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Simple Text Reader" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Smart Tee Filter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qcap.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "StreamBufferSink" "DirectShow Stream Buffer Filter." "Microsoft Corporation" "c:\windows\system32\sbe.dll"
+ "StreamBufferSource" "DirectShow Stream Buffer Filter." "Microsoft Corporation" "c:\windows\system32\sbe.dll"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "VBI Surface Allocator" "VBI Surface Allocator Filter" "Microsoft Corporation" "c:\windows\system32\vbisurf.ax"
+ "VGA 16 color ditherer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Video Mixing Renderer 9" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Video Port Manager" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Video Renderer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Wave Parser" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files\k-lite codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files\k-lite codec pack\filters\wavpackdssplitter.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Audio Decoder" "Windows Media Audio Decoder" "Microsoft Corporation" "c:\windows\system32\msadds32.ax"
+ "Windows Media Multiplexer" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "Windows Media splitter" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "Windows Media Update" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "Windows Media URL File Source" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "Windows Media Video Decoder" "Windows Media Video Decoder" "Microsoft Corporation" "c:\windows\system32\wmvds32.ax"
+ "Windows Media Video Decoder" "Windows Media Video Decoder V8" "Microsoft Corporation" "c:\windows\system32\wmv8ds32.ax"
+ "WM ASF Reader" "DirectShow ASF Support" "Microsoft Corporation" "c:\windows\system32\qasf.dll"
+ "WM ASF Writer" "DirectShow ASF Support" "Microsoft Corporation" "c:\windows\system32\qasf.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMEnc Screen Capture Filter" "WMPSrcWp Module" "Microsoft Corporation" "c:\windows\system32\wmpsrcwp.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "World Standard Teletext Decoder" "WST Decoder Filter" "Microsoft Corporation" "c:\windows\system32\wstdecod.dll"
+ "XML-based ASX Parser" "Windows Media Player Filter Shim" "Microsoft Corporation" "c:\windows\system32\wmpasf.dll"
+ "XviD MPEG-4 Video Decoder" "" "" "c:\program files\common files\geovid\xvid\xvid.ax"
"HKLM\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
+ "{0131BE10-2001-4C5F-A9B0-CC88FAB64CE8}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{114F5598-0B22-40A0-86A1-C83EA495ADBD}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{1A34F5C1-4A5A-46DC-B644-1F4567E7A676}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{27949969-876A-41D7-9447-568F6A35A4DC}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{69BE8BB4-D66D-47C8-865A-ED1589433782}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}" "Windows Media Photo Codec" "Microsoft Corporation" "c:\windows\system32\wmphoto.dll"
"HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
+ "{381DDA3C-9CE9-4834-A23E-1F98F8FC52BE}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{389EA17B-5078-4CDE-B6EF-25C15175C751}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{6B462062-7CBF-400D-9FDB-813DD10F2778}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{9456A480-E88B-43EA-9E73-0B2D9B71B1CA}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{A26CEC36-234C-4950-AE16-E34AACE71D0D}" "Windows Media Photo Codec" "Microsoft Corporation" "c:\windows\system32\wmphoto.dll"
+ "{B54E85D9-FE23-499F-8B88-6ACEA713752B}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{C61BFCDF-2E0F-4AAD-A8D7-E06BAFEBCDFE}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
"HKLM\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
+ "{00108226-EE41-44A2-9E9C-4BE4D5B1D2CD}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{076C2A6C-F78F-4C46-A723-3583E70876EA}" "Microsoft Windows Codecs Extended Library" "Microsoft Corporation" "c:\windows\system32\windowscodecsext.dll"
+ "{122EC645-CD7E-44D8-B186-2C8C20C3B50F}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{1249B20C-5DD0-44FE-B0B3-8F92C8E6D080}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{1765E14E-1BD4-462E-B6B1-590BF1262AC6}" "Microsoft Windows Codecs Extended Library" "Microsoft Corporation" "c:\windows\system32\windowscodecsext.dll"
+ "{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}" "Microsoft Windows Codecs Extended Library" "Microsoft Corporation" "c:\windows\system32\windowscodecsext.dll"
+ "{5C5C1935-0235-4434-80BC-251BC1EC39C6}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{6D68D1DE-D432-4B0F-923A-091183A9BDA7}" "Microsoft Windows Codecs Extended Library" "Microsoft Corporation" "c:\windows\system32\windowscodecsext.dll"
+ "{7B19A919-A9D6-49E5-BD45-02C34E4E4CD5}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{8ADE5386-8E9B-4F4C-ACF2-F0008706B238}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{A09CCA86-27BA-4F39-9053-121FA4DC08FC}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{B1EBFC28-C9BD-47A2-8D33-B948769777A7}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{B5EBAFB9-253E-4A72-A744-0762D2685683}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{C9A14CDA-C339-460B-9078-D4DEBCFABE91}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{CB8C13E4-62B5-4C96-A48B-6BA6ACE39C76}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{D049B20C-5DD0-44FE-B0B3-8F92C8E6D080}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{ED822C8C-D6BE-4301-A631-0E1416BAD28F}" "Microsoft Windows Codecs Extended Library" "Microsoft Corporation" "c:\windows\system32\windowscodecsext.dll"
+ "{EE366069-1832-420F-B381-0479AD066F19}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
+ "{F3C633A2-46C8-498E-8FBB-CC6F721BBCDE}" "Microsoft Windows Codecs Library" "Microsoft Corporation" "c:\windows\system32\windowscodecs.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "autocheck autochk *" "Auto Check Utility" "Microsoft Corporation" "c:\windows\system32\autochk.exe"
+ "autocheck autochk /r \??\E:" "Auto Check Utility" "Microsoft Corporation" "c:\windows\system32\autochk.exe"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
+ "Your Image File Name Here without a path" "Symbolic Debugger for Windows 2000" "Microsoft Corporation" "c:\windows\system32\ntsd.exe"
"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls" "" "" ""
+ "advapi32" "Advanced Windows 32 Base API" "Microsoft Corporation" "c:\windows\system32\advapi32.dll"
+ "comdlg32" "Common Dialogs DLL" "Microsoft Corporation" "c:\windows\system32\comdlg32.dll"
+ "gdi32" "GDI Client DLL" "Microsoft Corporation" "c:\windows\system32\gdi32.dll"
+ "imagehlp" "Windows NT Image Helper" "Microsoft Corporation" "c:\windows\system32\imagehlp.dll"
+ "kernel32" "Windows NT BASE API Client DLL" "Microsoft Corporation" "c:\windows\system32\kernel32.dll"
+ "lz32" "LZ Expand/Compress API DLL" "Microsoft Corporation" "c:\windows\system32\lz32.dll"
+ "ole32" "Microsoft OLE for Windows" "Microsoft Corporation" "c:\windows\system32\ole32.dll"
+ "oleaut32" "" "Microsoft Corporation" "c:\windows\system32\oleaut32.dll"
+ "olecli32" "Object Linking and Embedding Client Library" "Microsoft Corporation" "c:\windows\system32\olecli32.dll"
+ "olecnv32" "Microsoft OLE for Windows" "Microsoft Corporation" "c:\windows\system32\olecnv32.dll"
+ "olesvr32" "Object Linking and Embedding Server Library" "Microsoft Corporation" "c:\windows\system32\olesvr32.dll"
+ "olethk32" "Microsoft OLE for Windows" "Microsoft Corporation" "c:\windows\system32\olethk32.dll"
+ "rpcrt4" "Remote Procedure Call Runtime" "Microsoft Corporation" "c:\windows\system32\rpcrt4.dll"
+ "shell32" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "url" "Internet Shortcut Shell Extension DLL" "Microsoft Corporation" "c:\windows\system32\url.dll"
+ "urlmon" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "user32" "Windows XP USER API Client DLL" "Microsoft Corporation" "c:\windows\system32\user32.dll"
+ "version" "Version Checking and File Installation Libraries" "Microsoft Corporation" "c:\windows\system32\version.dll"
+ "wininet" "Internet Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\wininet.dll"
+ "wldap32" "Win32 LDAP API DLL" "Microsoft Corporation" "c:\windows\system32\wldap32.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost" "" "" ""
+ "logonui.exe" "Windows Logon UI" "Microsoft Corporation" "c:\windows\system32\logonui.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
+ "avgrsstarter" "AVG Resident Shield Starter" "AVG Technologies CZ, s.r.o." "c:\windows\system32\avgrsstx.dll"
+ "crypt32chain" "Crypto API32" "Microsoft Corporation" "c:\windows\system32\crypt32.dll"
+ "cryptnet" "Crypto Network Related API" "Microsoft Corporation" "c:\windows\system32\cryptnet.dll"
+ "cscdll" "Offline Network Agent" "Microsoft Corporation" "c:\windows\system32\cscdll.dll"
+ "dimsntfy" "DIMS Notification Handler" "Microsoft Corporation" "c:\windows\system32\dimsntfy.dll"
+ "ScCertProp" "Common DLL to receive Winlogon notifications" "Microsoft Corporation" "c:\windows\system32\wlnotify.dll"
+ "Schedule" "Common DLL to receive Winlogon notifications" "Microsoft Corporation" "c:\windows\system32\wlnotify.dll"
+ "sclgntfy" "Secondary Logon Service Notification DLL" "Microsoft Corporation" "c:\windows\system32\sclgntfy.dll"
+ "SensLogn" "Common DLL to receive Winlogon notifications" "Microsoft Corporation" "c:\windows\system32\wlnotify.dll"
+ "termsrv" "Common DLL to receive Winlogon notifications" "Microsoft Corporation" "c:\windows\system32\wlnotify.dll"
+ "WgaLogon" "Windows Genuine Advantage Notifications" "Microsoft Corporation" "c:\windows\system32\wgalogon.dll"
+ "wlballoon" "Common DLL to receive Winlogon notifications" "Microsoft Corporation" "c:\windows\system32\wlnotify.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "C:\WINDOWS\System32\ssmypics.scr" "My Pictures Slideshow Screensaver" "Microsoft Corporation" "c:\windows\system32\ssmypics.scr"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "000000000001" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000002" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000003" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000004" "Microsoft Windows Rsvp 1.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\rsvpsp.dll"
+ "000000000005" "Microsoft Windows Rsvp 1.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\rsvpsp.dll"
+ "000000000006" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000007" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000008" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000009" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000010" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000011" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000012" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000013" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000014" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000015" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000016" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000017" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000018" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000019" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000020" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "000000000021" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "Network Location Awareness (NLA) Namespace" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "NTDS" "LDAP RnR Provider DLL" "Microsoft Corporation" "c:\windows\system32\winrnr.dll"
+ "Tcpip" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "BJ Language Monitor" "Langage Monitor for Canon Bubble-Jet Printer" "Microsoft Corporation" "c:\windows\system32\cnbjmon.dll"
+ "EPSON Stylus CX5000 Series 32MonitorBA" "EPSON Bi-directional Monitor" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbbva.dll"
+ "EPSON Stylus DX4400 Series 32MonitorBE" "EPSON Bi-directional Monitor" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbcae.dll"
+ "HP Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Hewlett Packard" "c:\windows\system32\hptcpmon.dll"
+ "Local Port" "Local Spooler DLL" "Microsoft Corporation" "c:\windows\system32\localspl.dll"
+ "LPR Port" "LPR Print Monitor" "Microsoft Corporation" "c:\windows\system32\lprmon.dll"
+ "PCL hpz3l054" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l054.dll"
+ "PDFConverter" "" "" "c:\windows\system32\pdfmonnt.dll"
+ "PJL Language Monitor" "PJL Language monitor" "Microsoft Corporation" "c:\windows\system32\pjlmon.dll"
+ "Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Microsoft Corporation" "c:\windows\system32\tcpmon.dll"
+ "USB Monitor" "Standard Dynamic Printing Port Monitor DLL" "Microsoft Corporation" "c:\windows\system32\usbmon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders" "" "" ""
+ "digest.dll" "Digest SSPI Authentication Package" "Microsoft Corporation" "c:\windows\system32\digest.dll"
+ "msapsspc.dll" "DPA Client for 32 bit platforms" "Microsoft Corporation" "c:\windows\system32\msapsspc.dll"
+ "msnsspc.dll" "MSN Internet Access" "Microsoft Corporation" "c:\windows\system32\msnsspc.dll"
+ "schannel.dll" "TLS / SSL Security Provider" "Microsoft Corporation" "c:\windows\system32\schannel.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" ""
+ "msv1_0" "Microsoft Authentication Package v1.0" "Microsoft Corporation" "c:\windows\system32\msv1_0.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ "scecli" "Windows Security Configuration Editor Client Engine" "Microsoft Corporation" "c:\windows\system32\scecli.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages" "" "" ""
+ "kerberos" "Kerberos Security Package" "Microsoft Corporation" "c:\windows\system32\kerberos.dll"
+ "msv1_0" "Microsoft Authentication Package v1.0" "Microsoft Corporation" "c:\windows\system32\msv1_0.dll"
+ "schannel" "TLS / SSL Security Provider" "Microsoft Corporation" "c:\windows\system32\schannel.dll"
+ "wdigest" "Microsoft Digest Access" "Microsoft Corporation" "c:\windows\system32\wdigest.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "AdobeDriveCS4_NP" "Adobe Drive CS4 Network" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adobedrivecs4_np.dll"
+ "BCMLogon" "Broadcom Logon Provider" "Broadcom Corporation" "c:\windows\system32\bcmlogon.dll"
+ "LanmanWorkstation" "Microsoft Windows Network" "Microsoft Corporation" "c:\windows\system32\ntlanman.dll"
+ "RDPNP" "Microsoft Terminal Services" "Microsoft Corporation" "c:\windows\system32\drprov.dll"
+ "WebClient" "Web Client Network" "Microsoft Corporation" "c:\windows\system32\davclnt.dll"

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:56 AM

Posted 20 October 2009 - 07:29 AM

Firefox is just one program and not integrated into Windows. While many of the things you are suggesting may speed up your computer overall, it's not going to help Firefox if there's a problem with the program.

First let's take a look at your startups.
Download Hijackthis and create a log file. Please post this log in your next reply.

http://www.bleepingcomputer.com/files/hijackthis.php


Specific to your Firefox issue, which does not seem to be related to malware at this point, check out these links for some suggestions.

https://support.mozilla.com/tiki-view_forum...4&forumId=1

http://www.wikihow.com/Troubleshoot-Firefox
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 novice4

novice4
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 20 October 2009 - 01:08 PM

Hello Sam,
i tried all the things you gave me links to.
recommended to clear temp files here.

but can't delete IE8 temp folder WPDNSE & Perflib_Perfdata_bcc.dat
from here:
C:\DOCUME~1\adie\LOCALS~1\Temp



ALSO SAW THIS TODAY AND TRIED THIS :"C:\Program Files\Mozilla Firefox\firefox.exe" /Prefetch:1

started a little quicker
also there is a link to download firefox preloader but have not installed this yet that maybe my next option.

here is the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:56, on 20/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\adie\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - 08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - 0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DownloadGuardBHO - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\adie\APPLIC~1\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\adie\LOCALS~1\APPLIC~1\cisvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\adie\APPLIC~1\MICROS~1\cisvc.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\adie\APPLIC~1\MICROS~1\dllhst3g.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\adie\APPLIC~1\MICROS~1\dllhst3g.exe /waitservice (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://login.live.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Update Service (gupdate1c98a0a4221bac0) (gupdate1c98a0a4221bac0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 1: (no name) - http://www.ddbeautyproducts.com/

--
End of file - 10794 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users