Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure what infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 samoyed

samoyed

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 29 October 2009 - 08:27 AM

Hi,

I hope someone can assist.

I dont know what infected my notebook.
It freezes and lags and makes a lot of noise.

Cheers

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:18 AM

Posted 04 November 2009 - 10:21 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 06 November 2009 - 07:39 PM

Hi

How is it going.

Pls see below.

Cheers

Logfile of random's system information tool 1.06 (written by random/random)
Run by Adelene at 2009-11-07 10:34:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (11%) free of 38 GB
Total RAM: 510 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:41 AM, on 7/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8.5\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8.5\avgrsx.exe
C:\PROGRA~1\AVG\AVG8.5\avgnsx.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\PROGRA~1\AVG\AVG8.5\avgemc.exe
C:\Program Files\AVG\AVG8.5\avgcsrvx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\PROGRA~1\AVG\AVG8.5\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Adelene\Desktop\RSIT.exe
C:\Program Files\trend micro\Adelene.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/5meen_us/107?Plcid=0409&a...amp;Version=8.0
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8.5\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8.5\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: AutorunsDisabled
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153894173578
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client...bex/ieatgpc.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8.5\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8.5\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8.5\avgwdsvc.exe
O23 - Service: IntelŪ PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c99489d7662a4) (gupdate1c99489d7662a4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IntelŪ PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: IntelŪ PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 13322 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8.5\avgssie.dll [2009-09-01 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-03 725082]
"S3Hotkey"=C:\WINDOWS\system32\s3hotkey.exe [2005-05-19 40960]
"FJUPDNV_Chitose"=C:\Program Files\Fujitsu\updnavi\updnavi.exe [2005-11-19 331776]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"DispSwitchLauncher"=C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe [2005-07-21 90112]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-07-01 88201]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2005-08-10 81920]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2008-10-16 1191936]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-06 14850560]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2008-10-16 1368064]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8.5\avgtray.exe [2009-11-07 2028312]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-23 180269]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
AutorunsDisabled
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Adelene\Start Menu\Programs\Startup
AutorunsDisabled
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-10-10 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2005-08-27 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Palm\HOTSYNC.EXE"="C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSyncŪ Manager Application"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\NextUp-Acapela\bin\acatel_srv.exe"="C:\Program Files\NextUp-Acapela\bin\acatel_srv.exe:*:Disabled:Acapela Telecom HQ TTS Server"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Pennytel\Pennytel.exe"="C:\Program Files\Pennytel\Pennytel.exe:*:Enabled:Pennytel"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8.5\avgemc.exe"="C:\Program Files\AVG\AVG8.5\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8.5\avgupd.exe"="C:\Program Files\AVG\AVG8.5\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8.5\avgnsx.exe"="C:\Program Files\AVG\AVG8.5\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Disabled:Remote Assistance - Windows Messenger and Voice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-11-07 10:34:41 ----D---- C:\Program Files\trend micro
2009-11-07 10:34:34 ----D---- C:\rsit
2009-11-07 07:58:48 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-07 07:58:48 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-07 07:58:48 ----A---- C:\WINDOWS\system32\java.exe
2009-10-31 00:51:02 ----D---- C:\Documents and Settings\Adelene\Application Data\DTLink Software
2009-10-30 23:55:47 ----A---- C:\Program Files\StockStreamer973CI_install.exe
2009-10-29 23:12:31 ----A---- C:\RootRepeal report 10-29-09 (23-12-31).txt
2009-10-25 10:21:36 ----A---- C:\Program Files\97znclm6.exe
2009-10-21 23:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-21 23:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-21 23:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-21 23:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-21 23:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-21 23:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-21 22:59:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-21 22:59:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-21 22:59:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

======List of files/folders modified in the last 1 months======

2009-11-07 10:34:41 ----RD---- C:\Program Files
2009-11-07 10:33:43 ----D---- C:\WINDOWS\Internet Logs
2009-11-07 10:20:44 ----D---- C:\Program Files\Mozilla Firefox
2009-11-07 10:18:05 ----D---- C:\WINDOWS\Temp
2009-11-07 10:18:02 ----D---- C:\WINDOWS\system32\Lang
2009-11-07 10:16:16 ----D---- C:\WINDOWS
2009-11-07 10:15:52 ----D---- C:\Program Files\WinPoET Broadband Connection
2009-11-07 10:15:09 ----D---- C:\WINDOWS\system32
2009-11-07 10:14:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-07 09:59:39 ----HD---- C:\WINDOWS\inf
2009-11-07 09:59:27 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-07 09:59:22 ----D---- C:\WINDOWS\ie8updates
2009-11-07 09:57:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-07 09:57:39 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-07 08:21:53 ----SHD---- C:\WINDOWS\Installer
2009-11-07 07:58:58 ----SHD---- C:\Config.Msi
2009-11-07 07:58:16 ----D---- C:\Program Files\Java
2009-11-07 07:44:00 ----D---- C:\Program Files\Google
2009-11-02 23:53:09 ----D---- C:\WINDOWS\Prefetch
2009-10-31 00:23:09 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-30 23:52:53 ----D---- C:\Program Files\QuoteTracker
2009-10-30 23:34:20 ----D---- C:\Jts
2009-10-30 23:18:13 ----A---- C:\WINDOWS\ib.ini
2009-10-30 20:45:03 ----D---- C:\WINDOWS\Help
2009-10-29 23:03:56 ----D---- C:\WINDOWS\system32\drivers
2009-10-25 17:30:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-25 17:30:20 ----D---- C:\Program Files\SpywareBlaster
2009-10-23 22:41:07 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-22 19:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-21 23:12:11 ----A---- C:\WINDOWS\imsins.BAK
2009-10-21 23:12:00 ----D---- C:\Program Files\Internet Explorer
2009-10-21 23:11:20 ----D---- C:\WINDOWS\WinSxS
2009-10-11 04:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-10 20:57:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-01 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-01 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-04 108552]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-08 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-08 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-08-03 1094853]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-08-23 116669]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-06 132352]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-07 3959296]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 S3G700;S3G700; C:\WINDOWS\system32\DRIVERS\S3G700m.sys [2005-12-24 667648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-03 190080]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
R3 WRSWanDD;iVasion PoET Adapter; C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 65604]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 ADVNTDRV;ADVNTDRV; C:\WINDOWS\System32\drivers\ADVNTDRV.SYS [1999-11-19 3872]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-08 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-06 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-06 21488]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2003-07-29 16509]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WrKPoET2000;WrKPoET2000; \??\C:\Program Files\WinPoET Broadband Connection\WrKPoET2000.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8.5\avgemc.exe [2009-09-01 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8.5\avgwdsvc.exe [2009-09-01 297752]
R2 EvtEng;IntelŪ PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2005-08-27 32768]
R2 RegSrvc;IntelŪ PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 S24EventMonitor;IntelŪ PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-10-16 905216]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WinPPPoverEthernet;WinPPPoverEthernet; C:\Program Files\WinPoET Broadband Connection\WrOS.EXE [2002-10-28 94255]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 gupdate1c99489d7662a4;Google Update Service (gupdate1c99489d7662a4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-26 138168]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-01-06 65795]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496]
S4 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-31 143360]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-11-07 10:35:47

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->"C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe GoLive CS2 English-->msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
Adobe InDesign CS2-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoStudio 2000\Uninst.isu"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG 8.5-->C:\Program Files\AVG\AVG8.5\setup.exe /UNINSTALL
BitComet 1.07-->C:\Program Files\BitComet\uninst.exe
BlueSoleil-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
Broadcom Gigabit Ethernet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC502085-5F63-41A2-A290-41F9F9574270}\setup.exe" -l0x9 REMOVE
Canon S100SP-->C:\WINDOWS\system32\CNMS100S.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S100SP Installer\Inst\DeIsL1.isu" -pCanon S100SP-c"C:\BJPrinter\CNMWINDOWS\Canon S100SP Installer\Inst\bjinst.dll
Canon ScanGear Toolbox CS 2.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanGear Toolbox CS\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox CS\uninst.dll"
Cedocida DV Codec-->rundll32.exe setupapi.dll,InstallHinfSection UnInstall_NT 132 C:\WINDOWS\INF\cedocida.inf
Chinese (Simplified) Language Support-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\cn.inf, Uninstall
Chinese (Traditional) Language Support-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tw.inf, Uninstall
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Corel VideoStudio 12-->C:\Program Files\InstallShield Installation Information\{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}\setup.exe -runfromtemp -l0x0409
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Fingerprint Sensor Minimum Install-->MsiExec.exe /I{D1C6BA81-14FF-4331-8350-350D159A50F4}
Free 3GP Video Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe"
Fujitsu Display Manager-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3703B471-08F1-40F6-9DBF-DACFE74DBFCC}
Fujitsu Hardware Diagnostics Tool-->C:\Program Files\Fujitsu Hardware Diagnostics Tool\uninst.exe
Fujitsu Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{805BDB3F-6803-45F7-B959-4FE5B921BC55}\setup.exe"
Fujitsu System Extension Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D48CCDB0-5EAB-4ED9-8D3E-8653EFFBFB84}\setup.exe"
Google Gears-->MsiExec.exe /I{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
ImageMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8539FF43-C430-4BBF-A600-73081D9D9214}\setup.exe"
Intel PROSet Wireless-->Intel PROSet Wireless
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
K-Lite Codec Pack 4.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LifeBook Application Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F403DD9-5A80-46DC-AAEC-9C743121E8B8}\setup.exe"
Loquendo TTS: Kenneth (American English)-->"C:\Program Files\Loquendo\LTTS\unins001.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medved QuoteTracker-->"C:\Program Files\QuoteTracker\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN Money Investment Toolbox-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NextUp-Acapela Brightspeech Heather22 US English Voice-->MsiExec.exe /X{511ECAD8-3F08-4A16-A808-E20E5C44D93B}
NextUp-Acapela Elan Aaron22 US English Voice-->MsiExec.exe /X{CFE0FD61-98C7-4CEE-9E59-149D861A361B}
NextUp-ScanSoft Jennifer US English Voice-->MsiExec.exe /I{799EFFD9-5A62-49D1-A6EA-AF058C5209EB}
Noki v1.7-->"C:\Program Files\Noki\unins000.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng.exe
Nokia PC Suite-->MsiExec.exe /I{3D39E775-DDDA-4327-B747-0BDC5F191331}
O2Micro Flash Memory Card Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3BB2AA79-6623-48F4-B288-0CE1C88D40D6} /l1033
OmniPage Pro 9.0-->C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f"C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu"
OmniPass-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe" -l0x9
Palm Desktop-->MsiExec.exe /X{F9126934-A42B-4C3F-9FA6-3B308D739375}
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
Pennytel-->MsiExec.exe /I{69B67E57-9AD1-4CA4-AF18-E73712E7D2E9}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
S3 Graphics Chrome Family WinXP/2K Display Driver and Utilities-->C:\PROGRA~1\S3\Chrome\s3minset.exe /u Chrome.uns
Scan Manager 5.2-->MsiExec.exe /I{E0A1559B-9886-11D4-8D06-0050DA284A39}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TextAloud-->"C:\Program Files\TextAloud\unins000.exe"
Trader Workstation 4.0-->C:\Jts\UNWISE.EXE C:\Jts\INSTALL.LOG
TWS Interoperability Components-->C:\Jts\UNWISE.EXE C:\Jts\INSTALL.LOG
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Navi-->MsiExec.exe /X{E0FAA0BA-874E-47C8-9ECA-BB333006CF16}
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows Driver Package - Nokia Modem (06/01/2009 4.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_C08496D7A0050438DFE13C55799AE2D4157A8E7A\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_9C48E34C57B7D4AAE5FFF5FB9B476B538394FD30\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Photos Easy Upload Tool 1v7-->C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropperSG.dll"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall

======System event log======

Computer Name: YOUR-D490A4A453
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Record Number: 65595
Source Name: DCOM
Time Written: 20090913110203.000000+600
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: YOUR-D490A4A453
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Record Number: 65594
Source Name: DCOM
Time Written: 20090913110154.000000+600
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: YOUR-D490A4A453
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Record Number: 65572
Source Name: DCOM
Time Written: 20090912142155.000000+600
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: YOUR-D490A4A453
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Record Number: 65571
Source Name: DCOM
Time Written: 20090912142155.000000+600
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: YOUR-D490A4A453
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Record Number: 65570
Source Name: DCOM
Time Written: 20090912142154.000000+600
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: YOUR-D490A4A453
Event Code: 10
Message: Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL. Error = The specified module could not be found.
.

Record Number: 14194
Source Name: WrOS
Time Written: 20090503015703.000000+600
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-D490A4A453
Event Code: 10
Message: Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL. Error = The specified module could not be found.
.

Record Number: 14182
Source Name: WrOS
Time Written: 20090502161857.000000+600
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-D490A4A453
Event Code: 10
Message: Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL. Error = The specified module could not be found.
.

Record Number: 14170
Source Name: WrOS
Time Written: 20090429084202.000000+600
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-D490A4A453
Event Code: 10
Message: Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL. Error = The specified module could not be found.
.

Record Number: 14158
Source Name: WrOS
Time Written: 20090427101555.000000+600
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-D490A4A453
Event Code: 10
Message: Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL. Error = The specified module could not be found.
.

Record Number: 14146
Source Name: WrOS
Time Written: 20090426100951.000000+600
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"devmgr_show_nonpresent_devices"=true
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Softex\OmniPass;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Ulead Systems\MPEG
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0d08
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:18 AM

Posted 07 November 2009 - 02:48 PM

Hi samoyed,

I don't see much wrong in you logs, but will will do a couple more checks. One thing I did notice is that your Hard drive has very little space left, this could
be causing the freezing and lagging, you could do with trying to free up some space by removing anything that is unneeded.

System drive C: has 4 GB (11%) free of 38 GB

I see that you have disable some startups using autoruns, please can you enable all of these as I need to see if any of these are bad, you can disable
them again when we are done.


Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitComet). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#5 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 09 November 2009 - 04:21 AM

Hi Syler,

Pls see below. Cheers

Malwarebytes' Anti-Malware 1.41
Database version: 3123
Windows 5.1.2600 Service Pack 3

8/11/2009 9:24:30 PM
mbam-log-2009-11-08 (21-24-30).txt

Scan type: Quick Scan
Objects scanned: 111703
Time elapsed: 10 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-08 22:45:21
Windows 5.1.2600 Service Pack 3
Running: qyipgqtg.exe; Driver: C:\DOCUME~1\Adelene\LOCALS~1\Temp\pfadqkow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF6FE9FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF6FE6C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF7001170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF6FEA580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF6FFE900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF6FFEB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF7002B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF6FEA670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF6FE7210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF70019F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF70017A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF6FFE280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF7001F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF7001F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF6FE7070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF7000180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF6FFFF40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF70026F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF7002150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF6FE9BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF7002540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF6FEA190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF6FE7440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF70014E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF6FFF200]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF6F8A0B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 12 Bytes [80, A5, FE, F6, 00, E9, FF, ...]
? srescan.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F6FEEB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F6FEE930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F6FEF260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F6FECE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F6FECE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F6FEEB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F6FEE930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F6FEF260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F6FEEB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F6FECE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F6FEF260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F6FEE930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F6FEF260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F6FEE930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F6FEEB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F6FECE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F6FEEB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F6FEE930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F6FEF260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F6FEF260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F6FEE930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F6FECE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F6FEEB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F6FEEB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F6FECE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F6FEF260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F6FEE930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----



Logfile of random's system information tool 1.06 (written by random/random)
Run by Adelene at 2009-11-08 22:46:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (11%) free of 38 GB
Total RAM: 510 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:07 PM, on 8/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8.5\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\AVG\AVG8.5\avgrsx.exe
C:\PROGRA~1\AVG\AVG8.5\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\PROGRA~1\AVG\AVG8.5\avgemc.exe
C:\Program Files\AVG\AVG8.5\avgcsrvx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\PROGRA~1\AVG\AVG8.5\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Adelene\Desktop\RSIT.exe
C:\Program Files\trend micro\Adelene.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/5meen_us/107?Plcid=0409&a...amp;Version=8.0
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8.5\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8.5\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: AutorunsDisabled
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Adelene\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153894173578
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client...bex/ieatgpc.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8.5\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8.5\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8.5\avgwdsvc.exe
O23 - Service: IntelŪ PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c99489d7662a4) (gupdate1c99489d7662a4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IntelŪ PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: IntelŪ PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 13561 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8.5\avgssie.dll [2009-09-01 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-03 725082]
"S3Hotkey"=C:\WINDOWS\system32\s3hotkey.exe [2005-05-19 40960]
"FJUPDNV_Chitose"=C:\Program Files\Fujitsu\updnavi\updnavi.exe [2005-11-19 331776]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"DispSwitchLauncher"=C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe [2005-07-21 90112]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-07-01 88201]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2005-08-10 81920]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2008-10-16 1191936]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-06 14850560]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8.5\avgtray.exe [2009-11-07 2028312]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-23 180269]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"a-winpoet-service"=C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe [2002-11-14 294912]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe []
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2005-03-25 61440]
"LoadFUJ02E3"=C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2005-02-26 69632]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2005-03-25 242688]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-07-14 1961984]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
AutorunsDisabled
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Adelene\Start Menu\Programs\Startup
AutorunsDisabled
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe
YouTube Uploader.lnk - C:\Documents and Settings\Adelene\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-10-10 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2005-08-27 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Palm\HOTSYNC.EXE"="C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSyncŪ Manager Application"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\NextUp-Acapela\bin\acatel_srv.exe"="C:\Program Files\NextUp-Acapela\bin\acatel_srv.exe:*:Disabled:Acapela Telecom HQ TTS Server"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Pennytel\Pennytel.exe"="C:\Program Files\Pennytel\Pennytel.exe:*:Enabled:Pennytel"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8.5\avgemc.exe"="C:\Program Files\AVG\AVG8.5\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8.5\avgupd.exe"="C:\Program Files\AVG\AVG8.5\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8.5\avgnsx.exe"="C:\Program Files\AVG\AVG8.5\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Disabled:Remote Assistance - Windows Messenger and Voice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-11-07 10:34:41 ----D---- C:\Program Files\trend micro
2009-11-07 10:34:34 ----D---- C:\rsit
2009-11-07 07:58:48 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-07 07:58:48 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-07 07:58:48 ----A---- C:\WINDOWS\system32\java.exe
2009-10-31 00:51:02 ----D---- C:\Documents and Settings\Adelene\Application Data\DTLink Software
2009-10-30 23:55:47 ----A---- C:\Program Files\StockStreamer973CI_install.exe
2009-10-29 23:12:31 ----A---- C:\RootRepeal report 10-29-09 (23-12-31).txt
2009-10-25 10:21:36 ----A---- C:\Program Files\97znclm6.exe
2009-10-21 23:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-21 23:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-21 23:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-21 23:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-21 23:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-21 23:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-21 22:59:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-21 22:59:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-21 22:59:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

======List of files/folders modified in the last 1 months======

2009-11-08 21:28:59 ----D---- C:\WINDOWS\Internet Logs
2009-11-08 21:25:36 ----D---- C:\WINDOWS\Temp
2009-11-08 20:04:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-08 19:17:13 ----RD---- C:\Program Files
2009-11-08 18:45:28 ----D---- C:\Program Files\Mozilla Firefox
2009-11-08 18:43:47 ----D---- C:\WINDOWS\system32\Lang
2009-11-08 18:39:35 ----D---- C:\Program Files\WinPoET Broadband Connection
2009-11-07 10:43:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-07 10:16:16 ----D---- C:\WINDOWS
2009-11-07 10:15:09 ----D---- C:\WINDOWS\system32
2009-11-07 09:59:39 ----HD---- C:\WINDOWS\inf
2009-11-07 09:59:27 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-07 09:59:22 ----D---- C:\WINDOWS\ie8updates
2009-11-07 09:57:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-07 08:21:53 ----SHD---- C:\WINDOWS\Installer
2009-11-07 07:58:58 ----SHD---- C:\Config.Msi
2009-11-07 07:58:16 ----D---- C:\Program Files\Java
2009-11-07 07:44:00 ----D---- C:\Program Files\Google
2009-11-02 23:53:09 ----D---- C:\WINDOWS\Prefetch
2009-10-31 00:23:09 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-30 23:52:53 ----D---- C:\Program Files\QuoteTracker
2009-10-30 23:34:20 ----D---- C:\Jts
2009-10-30 23:18:13 ----A---- C:\WINDOWS\ib.ini
2009-10-30 20:45:03 ----D---- C:\WINDOWS\Help
2009-10-29 23:03:56 ----D---- C:\WINDOWS\system32\drivers
2009-10-25 17:30:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-25 17:30:20 ----D---- C:\Program Files\SpywareBlaster
2009-10-23 22:41:07 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-22 19:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-21 23:12:11 ----A---- C:\WINDOWS\imsins.BAK
2009-10-21 23:12:00 ----D---- C:\Program Files\Internet Explorer
2009-10-21 23:11:20 ----D---- C:\WINDOWS\WinSxS
2009-10-11 04:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-10 20:57:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-01 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-01 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-04 108552]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-08 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-08 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-08-03 1094853]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-08-23 116669]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-06 132352]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-07 3959296]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 S3G700;S3G700; C:\WINDOWS\system32\DRIVERS\S3G700m.sys [2005-12-24 667648]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-03 190080]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
R3 WRSWanDD;iVasion PoET Adapter; C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 65604]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 ADVNTDRV;ADVNTDRV; C:\WINDOWS\System32\drivers\ADVNTDRV.SYS [1999-11-19 3872]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-08 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-06 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-06 21488]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2003-07-29 16509]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pfadqkow;pfadqkow; \??\C:\DOCUME~1\Adelene\LOCALS~1\Temp\pfadqkow.sys []
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WrKPoET2000;WrKPoET2000; \??\C:\Program Files\WinPoET Broadband Connection\WrKPoET2000.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8.5\avgemc.exe [2009-09-01 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8.5\avgwdsvc.exe [2009-09-01 297752]
R2 EvtEng;IntelŪ PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2005-08-27 32768]
R2 RegSrvc;IntelŪ PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 S24EventMonitor;IntelŪ PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-10-16 905216]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WinPPPoverEthernet;WinPPPoverEthernet; C:\Program Files\WinPoET Broadband Connection\WrOS.EXE [2002-10-28 94255]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 gupdate1c99489d7662a4;Google Update Service (gupdate1c99489d7662a4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-26 138168]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-01-06 65795]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496]
S4 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-31 143360]

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:18 AM

Posted 09 November 2009 - 05:07 AM

samoyed,

I see that you still have the startups disabled by autorun can you please enable them before posting the next log, also can you tell me what problems
you are currently having, if any?


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post back here with the following logs:
  • OTListIt.txt
  • Extra.txt
  • Kaspersky report
Thanks

unite.jpg


#7 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 10 November 2009 - 07:27 AM

Hi Syler,

I have enabled startups I can see on Autorun.
How do I determine that I have enabled all. I thought I did.

Cheers

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:18 AM

Posted 10 November 2009 - 11:58 AM

Hey samoyed,

If you have enabled them all, you shouldn't see any of the following kind of entries in your log.

O4 - Startup: AutorunsDisabled

If you still have them, click on the User tab in autoruns and make sure nothing is disabled for other users. If the entries are still there then
just leave it and go on with my instructions.

Edited by syler, 10 November 2009 - 11:58 AM.

unite.jpg


#9 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 13 November 2009 - 06:49 AM

Hi Syler

Kindly see below. Cheers



OTL logfile created on: 13/11/2009 9:14:07 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Adelene\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

510.05 Mb Total Physical Memory | 95.09 Mb Available Physical Memory | 18.64% Memory free
1.22 Gb Paging File | 0.69 Gb Available in Paging File | 56.58% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.28 Gb Total Space | 3.93 Gb Free Space | 10.54% Space Free | Partition Type: NTFS
Drive D: | 37.25 Gb Total Space | 8.20 Gb Free Space | 22.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D490A4A453
Current User Name: Adelene
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/13 18:50:25 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/11 21:46:14 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adelene\Desktop\OTL.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/01 15:58:04 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgrsx.exe
PRC - [2009/09/01 15:58:02 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgcsrvx.exe
PRC - [2009/09/01 15:57:53 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgnsx.exe
PRC - [2009/09/01 15:57:28 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgemc.exe
PRC - [2009/09/01 15:57:22 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgwdsvc.exe
PRC - [2009/02/22 11:00:21 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/06 20:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/10/16 17:26:20 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 17:05:38 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/10/16 16:54:34 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/06/09 10:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/14 10:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/14 10:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/06 21:39:08 | 14,850,560 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/08/27 08:45:22 | 00,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2005/07/01 17:58:00 | 00,088,201 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2005/06/03 09:15:54 | 00,725,082 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/05/19 21:21:00 | 00,040,960 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\s3hotkey.exe
PRC - [2002/10/28 17:36:12 | 00,094,255 | R--- | M] (iVasion, a Routerware Company) -- C:\Program Files\WinPoET Broadband Connection\WROS.exe


========== Modules (SafeList) ==========

MOD - [2009/11/11 21:46:14 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adelene\Desktop\OTL.exe
MOD - [2008/04/14 10:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 10:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/01 15:57:28 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgemc.exe -- (avg8emc)
SRV - [2009/09/01 15:57:22 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgwdsvc.exe -- (avg8wd)
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/22 11:00:21 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c99489d7662a4)
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/10/16 17:26:20 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 17:05:38 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/10/16 16:54:34 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/06/09 10:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2008/04/14 10:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/09/26 16:12:42 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/07/09 18:46:50 | 00,106,496 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/24 11:32:01 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/08/27 08:45:22 | 00,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2005/04/06 18:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2005/01/31 12:41:00 | 00,143,360 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/01/06 00:27:12 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/10/28 17:36:12 | 00,094,255 | R--- | M] (iVasion, a Routerware Company) -- C:\Program Files\WinPoET Broadband Connection\WROS.exe -- (WinPPPoverEthernet)


========== Driver Services (SafeList) ==========

DRV - [2009/10/10 20:04:08 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/10 20:04:08 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/09/01 15:58:03 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/01 15:58:03 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/04 11:25:22 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/09 08:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 08:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 08:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/01/15 16:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/21 05:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/08/26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/13 16:23:56 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/14 04:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 04:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 04:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/14 04:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/14 04:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 04:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 02:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/20 17:07:58 | 00,033,292 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/01/07 13:36:16 | 02,216,064 | ---- | M] (IntelŪ Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2007/11/13 20:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/12/24 01:52:00 | 00,667,648 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\drivers\S3G700m.sys -- (S3G700)
DRV - [2005/09/07 01:25:06 | 03,959,296 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/08/23 12:07:56 | 00,116,669 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV)
DRV - [2005/08/03 19:21:00 | 01,094,853 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/08/01 22:10:00 | 00,092,700 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 22:10:00 | 00,087,004 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 22:10:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 22:10:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 22:10:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 22:10:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 22:10:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/28 20:30:00 | 00,088,704 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/07/09 08:06:50 | 00,034,176 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2005/07/08 02:03:34 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/08 02:02:56 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 22:10:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/08 14:07:00 | 01,050,140 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/06/03 09:02:22 | 00,190,080 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/31 17:40:20 | 00,020,480 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/31 11:42:28 | 00,023,000 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 16:50:20 | 00,011,860 | ---- | M] () -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 16:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 16:48:58 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/04/08 10:28:04 | 00,023,168 | ---- | M] (O2 Micro ) -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2005/04/06 09:38:32 | 00,132,352 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/25 19:18:48 | 00,082,148 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005/03/25 07:41:56 | 00,021,120 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
DRV - [2005/01/08 10:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/12/16 18:32:54 | 00,013,304 | ---- | M] () -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/10/19 15:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/08/04 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 23:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/04 08:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/03/02 19:37:50 | 00,125,184 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2004/03/02 19:37:48 | 00,005,504 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2004/01/17 22:15:00 | 00,004,864 | R--- | M] (FUJITSU LIMITED) -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2004/01/06 00:27:14 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/01/06 00:27:12 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2004/01/06 00:27:12 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/07/29 23:22:38 | 00,016,509 | ---- | M] (Palm, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/01/15 12:35:56 | 00,007,808 | ---- | M] (FUJITSU LIMITED) -- C:\WINDOWS\system32\drivers\FJGPNV.SYS -- (FJGPNV)
DRV - [2002/10/28 17:42:56 | 00,065,604 | R--- | M] () -- C:\WINDOWS\system32\drivers\WrKPoETNic2000.sys -- (WRSWanDD)
DRV - [2002/10/28 17:42:34 | 00,053,046 | R--- | M] () -- C:\Program Files\WinPoET Broadband Connection\WrKPoET2000.sys -- (WrKPoET2000)
DRV - [2001/08/18 07:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 07:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 07:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 07:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 07:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 06:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 06:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 06:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 06:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 06:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 06:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 06:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 06:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 06:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 06:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:05:16 | 00,028,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1)
DRV - [2001/08/01 08:00:22 | 00,005,248 | ---- | M] (FUJITSU LIMITED) -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [1999/11/19 11:20:00 | 00,003,872 | ---- | M] (FUJITSU LIMITED.) -- C:\WINDOWS\System32\drivers\ADVNTDRV.SYS -- (ADVNTDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pc-ap.fujitsu.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pc-ap.fujitsu.com/

IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\S-1-5-21-2027938200-1536541407-2194037050-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2|http://www.backtothebible.org/index.php/Bible-Studies-and-Devotions.html"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8.5\Firefox [2009/11/07 07:45:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8.5\Toolbar\Firefox\avg@igeared [2009/10/10 14:52:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/09/25 10:07:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/07 07:44:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 19:33:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/13 18:50:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/13 18:50:33 | 00,000,000 | ---D | M]

[2009/03/10 19:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Mozilla\Extensions
[2009/03/10 19:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/10 19:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Mozilla\Firefox\Profiles\ytfmcmf0.default\extensions
[2009/11/07 09:57:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/13 18:50:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/07 07:58:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/13 18:50:25 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/13 18:50:25 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/13 18:50:27 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/09/21 19:34:19 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/21 19:34:19 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/10 14:53:19 | 00,001,497 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/09/21 19:34:19 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/21 19:34:19 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/21 19:34:19 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/21 19:34:19 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/21 19:34:19 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8.5\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [a-winpoet-service] C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe (Fine Point Technologies, Inc.)
O4 - HKLM..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe File not found
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [S3Hotkey] C:\WINDOWS\System32\s3hotkey.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\Adelene\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O4 - Startup: C:\Documents and Settings\Adelene\Start Menu\Programs\Startup\YouTube Uploader.lnk = C:\Documents and Settings\Adelene\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1153894173578 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://interactivebrokers.webex.com/client...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll File not found
O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8.5\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () -
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/01 05:42:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/11 21:46:07 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adelene\Desktop\OTL.exe
[2009/11/10 22:30:07 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/11/07 10:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/11/07 10:34:34 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/07 10:20:21 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Adelene\Recent
[2009/11/07 07:58:48 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/07 07:58:48 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/07 07:58:48 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/31 00:51:10 | 00,393,216 | ---- | C] (Prophet.Net) -- C:\WINDOWS\System32\ProphetConnect4.ocx
[2009/10/31 00:51:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adelene\Application Data\DTLink Software
[2009/10/29 23:02:54 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Adelene\Desktop\RootRepeal.exe
[2009/10/25 10:57:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adelene\DoctorWeb
[2009/10/25 10:21:36 | 19,506,128 | ---- | C] (Doctor Web, Ltd.) -- C:\Program Files\97znclm6.exe
[2009/10/25 10:21:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adelene\My Documents\Downloads
[2009/08/15 15:01:39 | 08,050,536 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.2.exe
[2009/08/01 11:37:53 | 14,100,376 | ---- | C] ( ) -- C:\Program Files\klcodec495f.exe
[2009/06/11 10:11:18 | 03,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup42.exe
[2009/06/08 11:54:26 | 00,860,471 | ---- | C] (6XGate Incorporated ) -- C:\Program Files\FirefoxPreloaderSetup.exe
[2009/04/22 14:58:33 | 63,049,904 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_285a1462.exe
[2009/02/24 10:55:02 | 01,707,190 | ---- | C] (hz ) -- C:\Program Files\noki-v1.7-setup.exe
[2009/02/22 10:46:03 | 00,547,472 | ---- | C] (Google Inc.) -- C:\Program Files\GearsSetup.exe
[2009/02/02 11:16:43 | 03,171,208 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup216.exe
[2009/01/26 17:10:58 | 03,131,928 | ---- | C] (Piriform Ltd) -- C:\Program Files\rcsetup122.exe
[2009/01/11 14:43:08 | 05,969,801 | ---- | C] (DVD Video Soft Limited. ) -- C:\Program Files\Free3GPVideoConverter.exe
[2009/01/10 19:02:45 | 01,851,544 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2008/12/15 11:11:13 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF-Cleaner.exe
[2008/12/05 12:50:18 | 02,538,616 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2008/10/27 11:47:06 | 07,824,960 | ---- | C] (Google Inc.) -- C:\Program Files\picasa3-setup.exe
[2008/05/25 18:31:45 | 02,228,534 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe
[2008/02/25 14:12:23 | 00,224,264 | ---- | C] (Google Inc.) -- C:\Program Files\YouTubeUploaderSetup.exe
[2006/08/01 13:43:23 | 15,272,744 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Install_Messenger_nous.exe

========== Files - Modified Within 30 Days ==========

[2009/11/13 19:22:13 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Marketing Proposal - Monte Carlo & Platinum.doc
[2009/11/13 18:47:24 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/13 18:47:12 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/11/13 18:46:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/13 18:46:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/12 23:42:49 | 10,223,616 | ---- | M] () -- C:\Documents and Settings\Adelene\ntuser.dat
[2009/11/12 23:42:49 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Adelene\ntuser.ini
[2009/11/12 23:38:30 | 00,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/12 22:58:28 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Virgin.bmp
[2009/11/12 22:57:57 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Jetstar.bmp
[2009/11/12 20:36:12 | 01,093,350 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\OpQuestInst.pdf
[2009/11/11 21:46:14 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adelene\Desktop\OTL.exe
[2009/11/11 20:33:52 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/11 20:33:52 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/11 19:17:47 | 00,063,764 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\JB Hifi Post Paid Summary.pdf
[2009/11/11 19:17:03 | 00,114,346 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\JB Hifi Post Paid 6 Mobile Phone Scenario.pdf
[2009/11/11 18:49:28 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/11/10 20:28:27 | 00,033,539 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Recipes - Shrimp Crystal Spring Rolls Recipe (Banh Cuon Tom Viet Nam).pdf
[2009/11/08 20:00:37 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\qyipgqtg.exe
[2009/11/07 10:34:16 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\RSIT.exe
[2009/11/07 09:59:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/07 07:43:12 | 44,760,983 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/07 07:43:12 | 00,086,225 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/06 03:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/31 00:23:09 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/31 00:03:02 | 10,677,776 | ---- | M] () -- C:\Program Files\StockStreamer973CI_install.exe
[2009/10/30 23:18:13 | 00,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trader Workstation 4.0.LNK
[2009/10/30 23:18:13 | 00,000,042 | ---- | M] () -- C:\WINDOWS\ib.ini
[2009/10/29 23:04:37 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\settings.dat
[2009/10/29 23:03:06 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Adelene\Desktop\RootRepeal.exe
[2009/10/29 22:58:56 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\dds.scr
[2009/10/25 16:12:59 | 00,194,048 | ---- | M] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/25 10:36:36 | 19,506,128 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\97znclm6.exe
[2009/10/22 19:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 19:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2009/11/12 22:58:27 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Virgin.bmp
[2009/11/12 22:57:56 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Jetstar.bmp
[2009/11/12 22:25:23 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Marketing Proposal - Monte Carlo & Platinum.doc
[2009/11/12 20:36:10 | 01,093,350 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\OpQuestInst.pdf
[2009/11/11 19:17:47 | 00,063,764 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\JB Hifi Post Paid Summary.pdf
[2009/11/11 19:17:03 | 00,114,346 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\JB Hifi Post Paid 6 Mobile Phone Scenario.pdf
[2009/11/10 20:26:28 | 00,033,539 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Recipes - Shrimp Crystal Spring Rolls Recipe (Banh Cuon Tom Viet Nam).pdf
[2009/11/08 20:00:33 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\qyipgqtg.exe
[2009/11/07 10:34:00 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\RSIT.exe
[2009/10/30 23:55:47 | 10,677,776 | ---- | C] () -- C:\Program Files\StockStreamer973CI_install.exe
[2009/10/29 23:03:19 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\settings.dat
[2009/10/29 22:58:50 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\dds.scr
[2009/08/01 12:33:21 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/01 12:33:20 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/01 12:33:16 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/01 12:33:15 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/01 12:33:14 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/08/01 12:33:11 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/01 12:33:11 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/10 10:23:39 | 08,679,338 | ---- | C] () -- C:\Program Files\qtsetup.exe
[2009/04/10 14:44:21 | 00,015,293 | ---- | C] () -- C:\Documents and Settings\Adelene\Application Data\NMM-MetaData.db
[2009/03/21 11:49:09 | 01,053,744 | ---- | C] () -- C:\Program Files\revosetup.exe
[2009/02/24 21:23:45 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\keyfile3.drm
[2009/02/17 16:18:10 | 00,000,436 | ---- | C] () -- C:\WINDOWS\cedocida.ini
[2009/02/12 12:40:27 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\cedocida.dll
[2009/02/03 10:15:26 | 05,966,368 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/01/13 20:09:31 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL
[2009/01/13 20:06:15 | 00,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/01/13 20:06:15 | 00,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/01/13 20:06:15 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/01/13 20:06:15 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/01/13 20:06:15 | 00,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/01/13 20:06:15 | 00,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/01/13 17:11:01 | 05,300,208 | ---- | C] () -- C:\Program Files\bitcomet_setup.exe
[2008/12/22 14:43:08 | 00,267,152 | ---- | C] () -- C:\Program Files\zaSetup_en.exe
[2008/12/13 10:13:49 | 01,529,241 | ---- | C] () -- C:\Program Files\SDFix.exe
[2008/09/23 16:46:41 | 00,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2008/09/23 15:59:11 | 35,960,912 | ---- | C] () -- C:\Program Files\Nokia_PC_Suite_rel_7_0_8_2_eng_web.exe
[2008/07/21 16:24:45 | 00,001,850 | ---- | C] () -- C:\WINDOWS\System32\MSMINI.DLL
[2008/02/28 15:26:59 | 00,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2007/11/15 18:58:47 | 00,065,604 | R--- | C] () -- C:\WINDOWS\System32\drivers\WrKPoETNic2000.sys
[2007/11/13 14:44:59 | 00,245,760 | ---- | C] () -- C:\WINDOWS\ddedll.dll
[2007/11/13 14:42:32 | 03,201,772 | ---- | C] () -- C:\Program Files\InstallAX.exe
[2007/11/09 16:38:09 | 02,221,056 | ---- | C] () -- C:\Program Files\Pennytel_Setup.msi
[2007/10/25 10:26:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/19 12:59:52 | 02,788,800 | ---- | C] () -- C:\Program Files\FCSetup.exe
[2007/08/06 12:45:28 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2007/08/06 12:36:21 | 00,001,946 | R--- | C] () -- C:\WINDOWS\System32\D064UFW.INI
[2007/05/20 21:55:28 | 00,475,790 | ---- | C] () -- C:\Program Files\Autoruns.zip
[2007/04/13 02:00:21 | 00,132,847 | ---- | C] () -- C:\Program Files\customess1[1].0-rc2(www.mess.be).zip
[2006/12/30 14:34:13 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/12/30 09:25:44 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\fusioncache.dat
[2006/12/04 20:32:45 | 00,087,160 | ---- | C] () -- C:\Documents and Settings\Adelene\Application Data\GDIPFONTCACHEV1.DAT
[2006/10/17 02:46:04 | 00,000,091 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/08 21:08:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NokiaContentCopier.INI
[2006/10/02 18:42:51 | 00,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2006/09/27 21:46:24 | 00,194,048 | ---- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/13 16:26:26 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/08 10:33:20 | 00,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/09/08 10:31:27 | 00,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2006/09/08 10:27:13 | 00,001,359 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2006/09/08 10:27:13 | 00,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2006/09/08 10:27:13 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2006/08/29 11:46:56 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/28 23:50:04 | 04,135,298 | -H-- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\IconCache.db
[2006/08/23 13:35:49 | 00,905,728 | ---- | C] () -- C:\Program Files\iview398.exe
[2006/08/11 23:48:04 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/08/11 21:08:31 | 00,027,136 | ---- | C] () -- C:\WINDOWS\toFront.dll
[2006/08/11 21:08:31 | 00,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2006/08/11 20:31:39 | 10,904,644 | ---- | C] () -- C:\Program Files\tws40_install.exe
[2006/08/04 18:30:02 | 00,087,160 | ---- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/08/04 18:30:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Adelene\Application Data\desktop.ini
[2006/07/27 16:48:53 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/26 21:02:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/07/26 16:15:19 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006/07/26 16:15:19 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2006/07/26 00:35:57 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/07 02:13:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/07 01:43:40 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2006/01/07 01:35:20 | 02,406,912 | ---- | C] () -- C:\WINDOWS\System32\s3gcil_clb.dll
[2005/10/08 13:50:29 | 00,000,379 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/08 13:46:49 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/10/08 13:39:53 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2005/10/01 10:13:22 | 00,002,869 | ---- | C] () -- C:\WINDOWS\System32\FJSaver.ini
[2005/09/30 22:33:44 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/24 19:57:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/19 23:58:39 | 00,000,720 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/19 23:58:10 | 00,024,621 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/19 23:58:06 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/05/16 09:38:40 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/05/04 23:19:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2001/11/05 10:41:20 | 00,000,101 | ---- | C] () -- C:\Program Files\Setup.ini
[2001/11/05 10:39:52 | 00,431,605 | ---- | C] () -- C:\Program Files\DATA1.CAB
[2001/11/05 10:39:52 | 00,075,181 | ---- | C] () -- C:\Program Files\DATA2.CAB
[2001/11/05 10:39:52 | 00,011,149 | ---- | C] () -- C:\Program Files\DATA1.HDR
[2001/11/05 10:39:52 | 00,000,417 | ---- | C] () -- C:\Program Files\LAYOUT.BIN
[2001/10/19 10:38:38 | 00,129,990 | ---- | C] () -- C:\Program Files\Setup.inx
[2001/04/12 08:29:16 | 00,340,866 | ---- | C] () -- C:\Program Files\IKERNEL.EX_

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >



OTL Extras logfile created on: 13/11/2009 9:14:07 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Adelene\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

510.05 Mb Total Physical Memory | 95.09 Mb Available Physical Memory | 18.64% Memory free
1.22 Gb Paging File | 0.69 Gb Available in Paging File | 56.58% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.28 Gb Total Space | 3.93 Gb Free Space | 10.54% Space Free | Partition Type: NTFS
Drive D: | 37.25 Gb Total Space | 8.20 Gb Free Space | 22.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D490A4A453
Current User Name: Adelene
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"15164:TCP" = 15164:TCP:*:Enabled:BitComet 15164 TCP
"15164:UDP" = 15164:UDP:*:Enabled:BitComet 15164 UDP
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSyncŪ Manager Application -- (Palm, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\NextUp-Acapela\bin\acatel_srv.exe" = C:\Program Files\NextUp-Acapela\bin\acatel_srv.exe:*:Disabled:Acapela Telecom HQ TTS Server -- (Acapela Group)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Pennytel\Pennytel.exe" = C:\Program Files\Pennytel\Pennytel.exe:*:Enabled:Pennytel -- File not found
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8.5\avgemc.exe" = C:\Program Files\AVG\AVG8.5\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8.5\avgupd.exe" = C:\Program Files\AVG\AVG8.5\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8.5\avgnsx.exe" = C:\Program Files\AVG\AVG8.5\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Disabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F403DD9-5A80-46DC-AAEC-9C743121E8B8}" = LifeBook Application Panel
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3703B471-08F1-40F6-9DBF-DACFE74DBFCC}" = Fujitsu Display Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BB2AA79-6623-48F4-B288-0CE1C88D40D6}" = O2Micro Flash Memory Card Windows Driver
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{511ECAD8-3F08-4A16-A808-E20E5C44D93B}" = NextUp-Acapela Brightspeech Heather22 US English Voice
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69B67E57-9AD1-4CA4-AF18-E73712E7D2E9}" = Pennytel
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{763E8D6C-0098-4FF4-801A-3F311D2D9D80}" = Apple Mobile Device Support
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{799EFFD9-5A62-49D1-A6EA-AF058C5209EB}" = NextUp-ScanSoft Jennifer US English Voice
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{805BDB3F-6803-45F7-B959-4FE5B921BC55}" = Fujitsu Hotkey Utility
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8539FF43-C430-4BBF-A600-73081D9D9214}" = ImageMixer
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CFE0FD61-98C7-4CEE-9E59-149D861A361B}" = NextUp-Acapela Elan Aaron22 US English Voice
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D1C6BA81-14FF-4331-8350-350D159A50F4}" = Fingerprint Sensor Minimum Install
"{D48CCDB0-5EAB-4ED9-8D3E-8653EFFBFB84}" = Fujitsu System Extension Utility
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E0FAA0BA-874E-47C8-9ECA-BB333006CF16}" = Update Navi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EC502085-5F63-41A2-A290-41F9F9574270}" = Broadcom Gigabit Ethernet
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9126934-A42B-4C3F-9FA6-3B308D739375}" = Palm Desktop
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe GoLive CS2 English" = Adobe GoLive CS2 English
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CANONBJ_Deinstall_CNMS100S.CPD" = Canon S100SP
"cedocida" = Cedocida DV Codec
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3703B471-08F1-40F6-9DBF-DACFE74DBFCC}" = Fujitsu Display Manager
"InstallShield_{3BB2AA79-6623-48F4-B288-0CE1C88D40D6}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"LoqTTS-Kenneth_is1" = Loquendo TTS: Kenneth (American English)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Medved QuoteTracker_is1" = Medved QuoteTracker
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006a" = MSN Money Investment Toolbox
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Noki_is1" = Noki v1.7
"Nokia PC Suite" = Nokia PC Suite
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"PC-Doctor 5 for Windows" = Fujitsu Hardware Diagnostics Tool
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"ProInst" = Intel PROSet Wireless
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"S3 Graphics Chrome Family WinXP/2K Display" = S3 Graphics Chrome Family WinXP/2K Display Driver and Utilities
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TextAloud MP3_is1" = TextAloud
"Trader Workstation 4.0" = Trader Workstation 4.0
"TWS Interoperability Components" = TWS Interoperability Components
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"YInstHelper" = Yahoo! Install Manager
"ZHCIELangPack" = Chinese (Simplified) Language Support
"ZHTIELangPack" = Chinese (Traditional) Language Support
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2009 8:15:53 PM | Computer Name = YOUR-D490A4A453 | Source = WrOS | ID = 10
Description = Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL.
Error = The specified module could not be found. .

Error - 8/11/2009 4:39:35 AM | Computer Name = YOUR-D490A4A453 | Source = WrOS | ID = 10
Description = Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL.
Error = The specified module could not be found. .

Error - 9/11/2009 5:06:11 AM | Computer Name = YOUR-D490A4A453 | Source = WrOS | ID = 10
Description = Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL.
Error = The specified module could not be found. .

Error - 10/11/2009 5:51:24 AM | Computer Name = YOUR-D490A4A453 | Source = WrOS | ID = 10
Description = Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL.
Error = The specified module could not be found. .

Error - 11/11/2009 4:46:15 AM | Computer Name = YOUR-D490A4A453 | Source = WrOS | ID = 10
Description = Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL.
Error = The specified module could not be found. .

Error - 12/11/2009 6:06:54 AM | Computer Name = YOUR-D490A4A453 | Source = WrOS | ID = 10
Description = Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL.
Error = The specified module could not be found. .

Error - 12/11/2009 6:06:55 AM | Computer Name = YOUR-D490A4A453 | Source = Google Update | ID = 20
Description =

Error - 12/11/2009 9:39:17 AM | Computer Name = YOUR-D490A4A453 | Source = WrOS | ID = 10
Description = Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL.
Error = The specified module could not be found. .

Error - 13/11/2009 4:46:52 AM | Computer Name = YOUR-D490A4A453 | Source = WrOS | ID = 10
Description = Error: Can't load initializer C:\Program Files\WinPoET Broadband Connection\WrPoETDynamicBind.DLL.
Error = The specified module could not be found. .

Error - 13/11/2009 4:46:54 AM | Computer Name = YOUR-D490A4A453 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 10/11/2009 5:54:52 AM | Computer Name = YOUR-D490A4A453 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 11/11/2009 4:49:45 AM | Computer Name = YOUR-D490A4A453 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 11/11/2009 4:49:48 AM | Computer Name = YOUR-D490A4A453 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 11/11/2009 4:49:48 AM | Computer Name = YOUR-D490A4A453 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 12/11/2009 6:11:01 AM | Computer Name = YOUR-D490A4A453 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 12/11/2009 6:11:01 AM | Computer Name = YOUR-D490A4A453 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 12/11/2009 6:11:01 AM | Computer Name = YOUR-D490A4A453 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 13/11/2009 4:51:52 AM | Computer Name = YOUR-D490A4A453 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 13/11/2009 4:51:52 AM | Computer Name = YOUR-D490A4A453 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 13/11/2009 4:51:52 AM | Computer Name = YOUR-D490A4A453 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:18 AM

Posted 13 November 2009 - 05:23 PM

Did you do the Kaspersky scan? I don't see the log.

unite.jpg


#11 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 13 November 2009 - 07:30 PM

Hi Syler,

I let it run overnight. Here's the log.

The notebook is constantly making a noise. It freezes and lags. After all the scans, it is still the same.

Cheers


KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, November 14, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, November 13, 2009 13:42:04
Records in database: 3203466

Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes
Scan area My Computer C:\
D:\
E:\
H:\
L:\
Scan statistics Objects scanned 71643 Threats found 0 Infected objects found 0 Suspicious objects found 0 Scan duration 03:21:47
No threats found. Scanned area is clean. Selected area has been scanned.

Edited by samoyed, 13 November 2009 - 07:34 PM.


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:18 AM

Posted 15 November 2009 - 07:01 PM

Hi samoyed,

Like I said before, your computer will start slowing and lagging because you have little hard drive space left, you could try going through the steps here to see if this helps.



Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe File not found
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe File not found
    O4 - Startup: C:\Documents and Settings\Adelene\Start Menu\Programs\Startup\YouTube Uploader.lnk = C:\Documents and Settings\Adelene\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=-
    "C:\Program Files\BitComet\BitComet.exe"=-
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Program Files\Grisoft\AVG7\avginet.exe"=-
    "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"=-
    "C:\Program Files\Grisoft\AVG7\avgcc.exe"=-
    "C:\Program Files\Pennytel\Pennytel.exe"=-
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Then please post back here with the OTL logs.

Thanks

unite.jpg


#13 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 20 November 2009 - 06:41 AM

Hi Syler,

See below. Cheers

All processes killed
Error: Unable to interpret <IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe File not found> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Adelene\Start Menu\Programs\Startup\YouTube Uploader.lnk = C:\Documents and Settings\Adelene\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe File not found> in the current context!
Error: Unable to interpret <O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!
Error: Unable to interpret <O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)> in the current context!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Pennytel\Pennytel.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adelene
->Temp folder emptied: 320207956 bytes
->Temporary Internet Files folder emptied: 9250908 bytes
->Java cache emptied: 23638155 bytes
->FireFox cache emptied: 52967332 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: [YOUR WINDOWS USERNAME]

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 859152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 181581 bytes
RecycleBin emptied: 19155439 bytes

Total Files Cleaned = 406.55 mb


OTL by OldTimer - Version 3.1.5.0 log created on 11202009_210112

Files\Folders moved on Reboot...
C:\Documents and Settings\Adelene\Local Settings\Temp\~DF22BC.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT01f50.TMP not found!

Registry entries deleted on Reboot...





OTL logfile created on: 20/11/2009 9:15:48 PM - Run 2
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Adelene\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

510.05 Mb Total Physical Memory | 69.79 Mb Available Physical Memory | 13.68% Memory free
1.22 Gb Paging File | 0.63 Gb Available in Paging File | 51.90% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.28 Gb Total Space | 4.35 Gb Free Space | 11.67% Space Free | Partition Type: NTFS
Drive D: | 37.25 Gb Total Space | 8.20 Gb Free Space | 22.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 488.83 Mb Total Space | 53.53 Mb Free Space | 10.95% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D490A4A453
Current User Name: Adelene
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/20 21:14:27 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/11/13 18:50:25 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/11 21:46:14 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adelene\Desktop\OTL.exe
PRC - [2009/11/07 07:42:26 | 02,028,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgtray.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/01 15:58:04 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgrsx.exe
PRC - [2009/09/01 15:58:02 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgcsrvx.exe
PRC - [2009/09/01 15:57:53 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgnsx.exe
PRC - [2009/09/01 15:57:28 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgemc.exe
PRC - [2009/09/01 15:57:22 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgwdsvc.exe
PRC - [2009/06/25 15:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/05/28 13:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/03/30 10:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/02/22 11:00:21 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/06 20:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/02/06 20:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/10/16 17:26:20 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 17:05:38 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/10/16 16:55:42 | 01,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/10/16 16:54:34 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/06/09 10:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 10:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/14 10:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/20 17:05:37 | 00,217,088 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2006/08/23 19:36:55 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/11/19 14:19:00 | 00,331,776 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\updnavi\updnavi.exe
PRC - [2005/09/06 21:39:08 | 14,850,560 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/08/27 08:45:22 | 00,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2005/08/10 03:53:06 | 00,081,920 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2005/08/01 22:10:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/21 08:23:56 | 00,090,112 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
PRC - [2005/07/01 17:58:00 | 00,088,201 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2005/06/06 15:23:08 | 01,183,744 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2005/06/03 09:15:54 | 00,725,082 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/05/19 21:21:00 | 00,040,960 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\s3hotkey.exe
PRC - [2005/03/25 07:43:28 | 00,242,688 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2005/03/25 07:41:56 | 00,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2005/02/26 03:13:54 | 00,069,632 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2004/08/04 23:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2002/11/14 17:08:42 | 00,294,912 | ---- | M] (Fine Point Technologies, Inc.) -- C:\Program Files\WinPoET Broadband Connection\WinPPPoverEthernet.exe
PRC - [2002/10/28 17:36:12 | 00,094,255 | R--- | M] (iVasion, a Routerware Company) -- C:\Program Files\WinPoET Broadband Connection\WROS.exe


========== Modules (SafeList) ==========

MOD - [2009/11/11 21:46:14 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adelene\Desktop\OTL.exe
MOD - [2008/04/14 10:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 10:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/01 15:57:28 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgemc.exe -- (avg8emc)
SRV - [2009/09/01 15:57:22 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8.5\avgwdsvc.exe -- (avg8wd)
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/22 11:00:21 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c99489d7662a4)
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/10/16 17:26:20 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 17:05:38 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/10/16 16:54:34 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/06/09 10:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2008/04/14 10:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/09/26 16:12:42 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/07/09 18:46:50 | 00,106,496 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/24 11:32:01 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/08/27 08:45:22 | 00,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2005/04/06 18:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2005/01/31 12:41:00 | 00,143,360 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/01/06 00:27:12 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/10/28 17:36:12 | 00,094,255 | R--- | M] (iVasion, a Routerware Company) -- C:\Program Files\WinPoET Broadband Connection\WROS.exe -- (WinPPPoverEthernet)


========== Driver Services (SafeList) ==========

DRV - [2009/10/10 20:04:08 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/10 20:04:08 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/09/01 15:58:03 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/01 15:58:03 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/04 11:25:22 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/09 08:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 08:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 08:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/01/15 16:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/21 05:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/08/26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/13 16:23:56 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/14 04:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 04:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 04:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/14 04:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/14 04:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 04:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 02:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/20 17:07:58 | 00,033,292 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/01/07 13:36:16 | 02,216,064 | ---- | M] (IntelŪ Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2007/11/13 20:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/12/24 01:52:00 | 00,667,648 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\drivers\S3G700m.sys -- (S3G700)
DRV - [2005/09/07 01:25:06 | 03,959,296 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/08/23 12:07:56 | 00,116,669 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV)
DRV - [2005/08/03 19:21:00 | 01,094,853 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/08/01 22:10:00 | 00,092,700 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 22:10:00 | 00,087,004 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 22:10:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 22:10:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 22:10:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 22:10:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 22:10:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/28 20:30:00 | 00,088,704 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/07/09 08:06:50 | 00,034,176 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2005/07/08 02:03:34 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/08 02:02:56 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 22:10:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/08 14:07:00 | 01,050,140 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/06/03 09:02:22 | 00,190,080 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/31 17:40:20 | 00,020,480 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/31 11:42:28 | 00,023,000 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 16:50:20 | 00,011,860 | ---- | M] () -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 16:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 16:48:58 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/04/08 10:28:04 | 00,023,168 | ---- | M] (O2 Micro ) -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2005/04/06 09:38:32 | 00,132,352 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/25 19:18:48 | 00,082,148 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005/03/25 07:41:56 | 00,021,120 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
DRV - [2005/01/08 10:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/12/16 18:32:54 | 00,013,304 | ---- | M] () -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/10/19 15:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/08/04 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 23:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/04 08:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/03/02 19:37:50 | 00,125,184 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2004/03/02 19:37:48 | 00,005,504 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2004/01/17 22:15:00 | 00,004,864 | R--- | M] (FUJITSU LIMITED) -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2004/01/06 00:27:14 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/01/06 00:27:12 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2004/01/06 00:27:12 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/07/29 23:22:38 | 00,016,509 | ---- | M] (Palm, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/01/15 12:35:56 | 00,007,808 | ---- | M] (FUJITSU LIMITED) -- C:\WINDOWS\system32\drivers\FJGPNV.SYS -- (FJGPNV)
DRV - [2002/10/28 17:42:56 | 00,065,604 | R--- | M] () -- C:\WINDOWS\system32\drivers\WrKPoETNic2000.sys -- (WRSWanDD)
DRV - [2002/10/28 17:42:34 | 00,053,046 | R--- | M] () -- C:\Program Files\WinPoET Broadband Connection\WrKPoET2000.sys -- (WrKPoET2000)
DRV - [2001/08/18 07:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 07:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 07:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 07:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 07:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 06:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 06:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 06:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 06:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 06:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 06:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 06:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 06:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 06:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 06:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:05:16 | 00,028,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1)
DRV - [2001/08/01 08:00:22 | 00,005,248 | ---- | M] (FUJITSU LIMITED) -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [1999/11/19 11:20:00 | 00,003,872 | ---- | M] (FUJITSU LIMITED.) -- C:\WINDOWS\System32\drivers\ADVNTDRV.SYS -- (ADVNTDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2|http://www.backtothebible.org/index.php/Bible-Studies-and-Devotions.html"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8.5\Firefox [2009/11/07 07:45:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8.5\Toolbar\Firefox\avg@igeared [2009/10/10 14:52:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/09/25 10:07:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/07 07:44:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 19:33:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/19 23:47:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/13 18:50:33 | 00,000,000 | ---D | M]

[2009/03/10 19:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Mozilla\Extensions
[2009/03/10 19:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/19 23:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Mozilla\Firefox\Profiles\ytfmcmf0.default\extensions
[2009/11/19 23:58:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Mozilla\Firefox\Profiles\ytfmcmf0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/19 23:58:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/13 18:50:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/07 07:58:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/13 18:50:25 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/13 18:50:25 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/13 18:50:27 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/09/21 19:34:19 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/21 19:34:19 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/10 14:53:19 | 00,001,497 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/09/21 19:34:19 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/21 19:34:19 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/21 19:34:19 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/21 19:34:19 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/21 19:34:19 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8.5\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8.5\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [a-winpoet-service] C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe (Fine Point Technologies, Inc.)
O4 - HKLM..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe File not found
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [S3Hotkey] C:\WINDOWS\System32\s3hotkey.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\Adelene\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O4 - Startup: C:\Documents and Settings\Adelene\Start Menu\Programs\Startup\YouTube Uploader.lnk = C:\Documents and Settings\Adelene\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1153894173578 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://interactivebrokers.webex.com/client...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll File not found
O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8.5\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () -
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/01 05:42:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/20 21:01:12 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/19 23:44:40 | 02,959,376 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35setup.exe
[2009/11/19 23:19:22 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Adelene\PrivacIE
[2009/11/11 21:46:07 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adelene\Desktop\OTL.exe
[2009/11/10 22:30:07 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/11/07 10:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/11/07 10:34:34 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/07 10:20:21 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Adelene\Recent
[2009/11/07 07:58:48 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/07 07:58:48 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/07 07:58:48 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/31 00:51:10 | 00,393,216 | ---- | C] (Prophet.Net) -- C:\WINDOWS\System32\ProphetConnect4.ocx
[2009/10/31 00:51:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adelene\Application Data\DTLink Software
[2009/10/29 23:02:54 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Adelene\Desktop\RootRepeal.exe
[2009/10/25 10:57:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adelene\DoctorWeb
[2009/10/25 10:21:36 | 19,506,128 | ---- | C] (Doctor Web, Ltd.) -- C:\Program Files\97znclm6.exe
[2009/10/25 10:21:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adelene\My Documents\Downloads
[2009/08/15 15:01:39 | 08,050,536 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.2.exe
[2009/08/01 11:37:53 | 14,100,376 | ---- | C] ( ) -- C:\Program Files\klcodec495f.exe
[2009/06/11 10:11:18 | 03,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup42.exe
[2009/06/08 11:54:26 | 00,860,471 | ---- | C] (6XGate Incorporated ) -- C:\Program Files\FirefoxPreloaderSetup.exe
[2009/04/22 14:58:33 | 63,049,904 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_285a1462.exe
[2009/02/24 10:55:02 | 01,707,190 | ---- | C] (hz ) -- C:\Program Files\noki-v1.7-setup.exe
[2009/02/22 10:46:03 | 00,547,472 | ---- | C] (Google Inc.) -- C:\Program Files\GearsSetup.exe
[2009/02/02 11:16:43 | 03,171,208 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup216.exe
[2009/01/26 17:10:58 | 03,131,928 | ---- | C] (Piriform Ltd) -- C:\Program Files\rcsetup122.exe
[2009/01/11 14:43:08 | 05,969,801 | ---- | C] (DVD Video Soft Limited. ) -- C:\Program Files\Free3GPVideoConverter.exe
[2009/01/10 19:02:45 | 01,851,544 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2008/12/15 11:11:13 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF-Cleaner.exe
[2008/12/05 12:50:18 | 02,538,616 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2008/10/27 11:47:06 | 07,824,960 | ---- | C] (Google Inc.) -- C:\Program Files\picasa3-setup.exe
[2008/05/25 18:31:45 | 02,228,534 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe
[2008/02/25 14:12:23 | 00,224,264 | ---- | C] (Google Inc.) -- C:\Program Files\YouTubeUploaderSetup.exe
[2006/08/01 13:43:23 | 15,272,744 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Install_Messenger_nous.exe

========== Files - Modified Within 30 Days ==========

[2009/11/20 21:08:38 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/11/20 21:07:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/20 21:04:56 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/11/20 21:04:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/20 21:04:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/20 21:03:10 | 10,223,616 | ---- | M] () -- C:\Documents and Settings\Adelene\ntuser.dat
[2009/11/20 21:02:50 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Adelene\ntuser.ini
[2009/11/20 20:31:14 | 45,484,683 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/20 20:31:14 | 00,095,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/19 23:46:15 | 02,959,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\dotnetfx35setup.exe
[2009/11/19 20:28:20 | 00,130,777 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Pennytel 19-11-2009.JPG
[2009/11/19 20:10:04 | 00,093,265 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Naturalis Receipt.JPG
[2009/11/19 20:09:05 | 00,103,308 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Naturalis Order.JPG
[2009/11/14 10:33:11 | 00,064,512 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Project Administrator PD.doc
[2009/11/14 10:20:07 | 00,002,667 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Kaspersky.html
[2009/11/13 19:22:13 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Marketing Proposal - Monte Carlo & Platinum.doc
[2009/11/12 23:38:30 | 00,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/12 20:36:12 | 01,093,350 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\OpQuestInst.pdf
[2009/11/11 21:46:14 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adelene\Desktop\OTL.exe
[2009/11/11 20:33:52 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/11 20:33:52 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/10 20:28:27 | 00,033,539 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Recipes - Shrimp Crystal Spring Rolls Recipe (Banh Cuon Tom Viet Nam).pdf
[2009/11/08 20:00:37 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\qyipgqtg.exe
[2009/11/07 10:34:16 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\RSIT.exe
[2009/11/07 09:59:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/06 03:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/31 00:23:09 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/31 00:03:02 | 10,677,776 | ---- | M] () -- C:\Program Files\StockStreamer973CI_install.exe
[2009/10/30 23:18:13 | 00,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trader Workstation 4.0.LNK
[2009/10/30 23:18:13 | 00,000,042 | ---- | M] () -- C:\WINDOWS\ib.ini
[2009/10/29 23:04:37 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\settings.dat
[2009/10/29 23:03:06 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Adelene\Desktop\RootRepeal.exe
[2009/10/29 22:58:56 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\dds.scr
[2009/10/25 16:12:59 | 00,194,048 | ---- | M] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/25 10:36:36 | 19,506,128 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\97znclm6.exe
[2009/10/22 19:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 19:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2009/11/19 20:28:20 | 00,130,777 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Pennytel 19-11-2009.JPG
[2009/11/19 20:10:04 | 00,093,265 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Naturalis Receipt.JPG
[2009/11/19 20:09:05 | 00,103,308 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Naturalis Order.JPG
[2009/11/14 10:33:00 | 00,064,512 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Project Administrator PD.doc
[2009/11/14 10:20:07 | 00,002,667 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Kaspersky.html
[2009/11/12 22:25:23 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Marketing Proposal - Monte Carlo & Platinum.doc
[2009/11/12 20:36:10 | 01,093,350 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\OpQuestInst.pdf
[2009/11/10 20:26:28 | 00,033,539 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Recipes - Shrimp Crystal Spring Rolls Recipe (Banh Cuon Tom Viet Nam).pdf
[2009/11/08 20:00:33 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\qyipgqtg.exe
[2009/11/07 10:34:00 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\RSIT.exe
[2009/10/30 23:55:47 | 10,677,776 | ---- | C] () -- C:\Program Files\StockStreamer973CI_install.exe
[2009/10/29 23:03:19 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\settings.dat
[2009/10/29 22:58:50 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\dds.scr
[2009/08/01 12:33:21 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/01 12:33:20 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/01 12:33:16 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/01 12:33:15 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/01 12:33:14 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/08/01 12:33:11 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/01 12:33:11 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/10 10:23:39 | 08,679,338 | ---- | C] () -- C:\Program Files\qtsetup.exe
[2009/04/10 14:44:21 | 00,015,293 | ---- | C] () -- C:\Documents and Settings\Adelene\Application Data\NMM-MetaData.db
[2009/03/21 11:49:09 | 01,053,744 | ---- | C] () -- C:\Program Files\revosetup.exe
[2009/02/24 21:23:45 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\keyfile3.drm
[2009/02/17 16:18:10 | 00,000,436 | ---- | C] () -- C:\WINDOWS\cedocida.ini
[2009/02/12 12:40:27 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\cedocida.dll
[2009/02/03 10:15:26 | 05,966,368 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/01/13 20:09:31 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL
[2009/01/13 20:06:15 | 00,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/01/13 20:06:15 | 00,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/01/13 20:06:15 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/01/13 20:06:15 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/01/13 20:06:15 | 00,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/01/13 20:06:15 | 00,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/01/13 17:11:01 | 05,300,208 | ---- | C] () -- C:\Program Files\bitcomet_setup.exe
[2008/12/22 14:43:08 | 00,267,152 | ---- | C] () -- C:\Program Files\zaSetup_en.exe
[2008/12/13 10:13:49 | 01,529,241 | ---- | C] () -- C:\Program Files\SDFix.exe
[2008/09/23 16:46:41 | 00,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2008/09/23 15:59:11 | 35,960,912 | ---- | C] () -- C:\Program Files\Nokia_PC_Suite_rel_7_0_8_2_eng_web.exe
[2008/07/21 16:24:45 | 00,001,850 | ---- | C] () -- C:\WINDOWS\System32\MSMINI.DLL
[2008/02/28 15:26:59 | 00,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2007/11/15 18:58:47 | 00,065,604 | R--- | C] () -- C:\WINDOWS\System32\drivers\WrKPoETNic2000.sys
[2007/11/13 14:44:59 | 00,245,760 | ---- | C] () -- C:\WINDOWS\ddedll.dll
[2007/11/13 14:42:32 | 03,201,772 | ---- | C] () -- C:\Program Files\InstallAX.exe
[2007/11/09 16:38:09 | 02,221,056 | ---- | C] () -- C:\Program Files\Pennytel_Setup.msi
[2007/10/25 10:26:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/19 12:59:52 | 02,788,800 | ---- | C] () -- C:\Program Files\FCSetup.exe
[2007/08/06 12:45:28 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2007/08/06 12:36:21 | 00,001,946 | R--- | C] () -- C:\WINDOWS\System32\D064UFW.INI
[2007/05/20 21:55:28 | 00,475,790 | ---- | C] () -- C:\Program Files\Autoruns.zip
[2007/04/13 02:00:21 | 00,132,847 | ---- | C] () -- C:\Program Files\customess1[1].0-rc2(www.mess.be).zip
[2006/12/30 14:34:13 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/12/30 09:25:44 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\fusioncache.dat
[2006/12/04 20:32:45 | 00,087,160 | ---- | C] () -- C:\Documents and Settings\Adelene\Application Data\GDIPFONTCACHEV1.DAT
[2006/10/17 02:46:04 | 00,000,091 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/08 21:08:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NokiaContentCopier.INI
[2006/10/02 18:42:51 | 00,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2006/09/27 21:46:24 | 00,194,048 | ---- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/13 16:26:26 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/08 10:33:20 | 00,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/09/08 10:31:27 | 00,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2006/09/08 10:27:13 | 00,001,359 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2006/09/08 10:27:13 | 00,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2006/09/08 10:27:13 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2006/08/29 11:46:56 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/28 23:50:04 | 04,135,298 | -H-- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\IconCache.db
[2006/08/23 13:35:49 | 00,905,728 | ---- | C] () -- C:\Program Files\iview398.exe
[2006/08/11 23:48:04 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/08/11 21:08:31 | 00,027,136 | ---- | C] () -- C:\WINDOWS\toFront.dll
[2006/08/11 21:08:31 | 00,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2006/08/11 20:31:39 | 10,904,644 | ---- | C] () -- C:\Program Files\tws40_install.exe
[2006/08/04 18:30:02 | 00,087,160 | ---- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/08/04 18:30:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Adelene\Application Data\desktop.ini
[2006/07/27 16:48:53 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/26 21:02:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/07/26 16:15:19 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006/07/26 16:15:19 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2006/07/26 00:35:57 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/07 02:13:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/07 01:43:40 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2006/01/07 01:35:20 | 02,406,912 | ---- | C] () -- C:\WINDOWS\System32\s3gcil_clb.dll
[2005/10/08 13:50:29 | 00,000,379 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/08 13:46:49 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/10/08 13:39:53 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2005/10/01 10:13:22 | 00,002,869 | ---- | C] () -- C:\WINDOWS\System32\FJSaver.ini
[2005/09/30 22:33:44 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/24 19:57:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/19 23:58:39 | 00,000,720 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/19 23:58:10 | 00,024,621 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/19 23:58:06 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/05/16 09:38:40 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/05/04 23:19:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2001/11/05 10:41:20 | 00,000,101 | ---- | C] () -- C:\Program Files\Setup.ini
[2001/11/05 10:39:52 | 00,431,605 | ---- | C] () -- C:\Program Files\DATA1.CAB
[2001/11/05 10:39:52 | 00,075,181 | ---- | C] () -- C:\Program Files\DATA2.CAB
[2001/11/05 10:39:52 | 00,011,149 | ---- | C] () -- C:\Program Files\DATA1.HDR
[2001/11/05 10:39:52 | 00,000,417 | ---- | C] () -- C:\Program Files\LAYOUT.BIN
[2001/10/19 10:38:38 | 00,129,990 | ---- | C] () -- C:\Program Files\Setup.inx
[2001/04/12 08:29:16 | 00,340,866 | ---- | C] () -- C:\Program Files\IKERNEL.EX_

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:18 AM

Posted 21 November 2009 - 06:00 PM

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! :(

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :(
Syler

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:18 AM

Posted 22 November 2009 - 07:52 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users