Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo.h - Need Help


  • This topic is locked This topic is locked
13 replies to this topic

#1 Weretree112

Weretree112

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 18 February 2010 - 02:14 AM

I got attacked yesterday, and while most of the infections seemed to have been removed, this trojan just won't go away.
I have a log of my last Malwarebyte's Anti-Malware scan right here, and a HijackThis log as well. Please help in any way you can.

Malwarebytes' Anti-Malware 1.44
Database version: 3753
Windows 5.2.3790 Service Pack 2
Internet Explorer 7.0.5730.13

2/18/2010 1:10:05 AM
mbam-log-2010-02-18 (01-10-00).txt

Scan type: Quick Scan
Objects scanned: 123309
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SysWOW64\sapedipu.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db63df7b-c202-44e2-821e-35ab825012bb} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{db63df7b-c202-44e2-821e-35ab825012bb} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\sapedipu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SysWOW64\sapedipu.dll (Trojan.Vundo.H) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:10:42, on 2/18/2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files (x86)\a-squared Free\a2service.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\GameTracker\GSInGameService.exe
C:\Program Files (x86)\Java\jre6\bin\jqs.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\WINDOWS\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~2\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam2.exe
C:\Documents and Settings\Administrator\Desktop\gmer.exe
C:\Program Files (x86)\Combined Community Codec Pack\MPC\mplayerc.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfre0.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {db63df7b-c202-44e2-821e-35ab825012bb} - sapedipu.dll (file missing)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfre0.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\SysWow64\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Startup: ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1216191606651
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bw+0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O20 - Winlogon Notify: avgwlx64 - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files (x86)\GameTracker\GSInGameService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)

--
End of file - 22390 bytes


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:41 AM

Posted 20 February 2010 - 01:19 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Weretree112

Weretree112
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 21 February 2010 - 12:45 AM

Here are the results from the scan.

OTL logfile created on: 2/20/2010 11:23:01 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 91.13 Gb Free Space | 30.57% Space Free | Partition Type: NTFS
Drive D: | 153.38 Gb Total Space | 149.61 Gb Free Space | 97.55% Space Free | Partition Type: NTFS
Drive E: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-LVF9QNX8VY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 23:20:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/02/18 15:13:39 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/01/18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010/01/08 17:46:12 | 000,462,848 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
PRC - [2009/12/13 08:16:12 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/09/17 23:10:04 | 000,189,104 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrB.exe
PRC - [2009/09/11 12:33:48 | 018,717,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/08/28 20:54:36 | 000,075,064 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2009/08/27 07:15:06 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/27 07:14:56 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2009/08/27 07:14:52 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/21 10:34:07 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/05/21 10:34:05 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe
PRC - [2009/03/30 11:42:00 | 000,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Free\a2service.exe
PRC - [2009/02/06 13:49:40 | 002,354,016 | ---- | M] (ClanServers Hosting LLC) -- C:\Program Files (x86)\GameTracker\GSInGameService.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/17 00:52:32 | 000,032,768 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/05/02 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2007/12/16 14:42:19 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/09/25 08:00:46 | 000,574,808 | ---- | M] (Lavasoft AB) -- C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/07/28 01:44:48 | 004,231,168 | ---- | M] (Gabest) -- C:\Program Files (x86)\Combined Community Codec Pack\MPC\mplayerc.exe
PRC - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,052,224 | ---- | M] () -- C:\WINDOWS\SysWOW64\sapedipu.dll
MOD - [2010/02/20 23:20:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll
MOD - [2009/07/12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/06/17 00:52:32 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Administrator\Local Settings\Temp\IadHide5.dll
MOD - [2008/05/02 03:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll
MOD - [2008/05/02 03:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2007/02/18 10:24:12 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll
MOD - [2007/02/18 10:05:38 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msctfime.ime
MOD - [2007/02/18 10:05:22 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll
MOD - [2005/03/25 06:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/12/18 11:07:14 | 000,227,872 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2008/12/18 11:07:12 | 000,732,704 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2008/05/02 01:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2005/09/23 03:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/17 23:10:04 | 000,189,104 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/08/28 20:54:36 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/08/27 07:14:56 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/27 07:14:52 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/05/21 10:34:05 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/03/30 11:42:00 | 000,425,080 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/02/06 13:49:40 | 002,354,016 | ---- | M] (ClanServers Hosting LLC) [Auto | Running] -- C:\Program Files (x86)\GameTracker\GSInGameService.exe -- (GS In-Game Service)
SRV - [2008/07/25 09:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/25 09:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007/09/25 08:00:46 | 000,574,808 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/16 23:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/01/19 11:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/25 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)


========== Driver Services (SafeList) ==========

DRV - [2008/11/12 17:47:32 | 000,010,024 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\Hmonitor.sys -- (hmonitor)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/07/22 22:44:50 | 000,123,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\LMOUKE.sys -- (LMouKE)
DRV - [2005/07/22 22:43:56 | 000,104,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2005/07/22 22:43:34 | 000,028,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2005/03/25 06:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\mnmdd.dll -- (mnmdd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3749467307-3926411254-2698210063-500\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3749467307-3926411254-2698210063-500\S-1-5-21-3749467307-3926411254-2698210063-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2009/12/27 01:52:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/18 23:34:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/18 15:13:41 | 000,000,000 | ---D | M]

[2008/07/15 22:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/02/19 11:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sr7laa1h.default\extensions
[2010/02/19 11:57:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmozax.dll
[2008/07/15 04:35:44 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml

Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {db63df7b-c202-44e2-821e-35ab825012bb} - C:\WINDOWS\SysWow64\sapedipu.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files (x86)\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\SysNative\NvMcTray.DLL File not found
O4:64bit: - HKLM..\Run: [nwiz] File not found
O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam2.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500..\Run: [MsnMsgr] C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe (Xfire Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files (x86)\Windows Desktop Search\WindowsSearch.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SysNative\nvLsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SysWOW64\nvLsp.dll (NVIDIA)
O15:64bit: - ..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1216191580931 (WUWebControl Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1216191606651 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.211.13.3 66.211.13.4
O18:64bit: - Protocol\Handler\bw+0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw+0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw-0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw00 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw00s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw-0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw10 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw10s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw20 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw20s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw30 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw30s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw40 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw40s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw50 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw50s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw60 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw60s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw70 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw70s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw80 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw80s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw90 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw90s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwa0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwa0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwb0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwb0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwc0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwc0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwd0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwd0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwe0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwe0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwf0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwf0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwg0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwg0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwh0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwh0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwi0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwi0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwj0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwj0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwk0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwk0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwl0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwl0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwm0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwm0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwn0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwn0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwo0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwo0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwp0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwp0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwq0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwq0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwr0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwr0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bws0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bws0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwt0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwt0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwu0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwu0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwv0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwv0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bww0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bww0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwx0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwx0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwy0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwy0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwz0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwz0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\offline-8876480 {AB00702B-5E4B-414A-86BC-9328B85C500E} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\bw+0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\avgwlx64: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgwlx64: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/09 16:59:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/16 00:18:06 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/16 04:51:33 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/21 13:58:35 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{e6eb69fb-58a2-11dc-ad7b-00085445957e}\Shell - "" = AutoRun
O33 - MountPoints2\{e6eb69fb-58a2-11dc-ad7b-00085445957e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e6eb69fb-58a2-11dc-ad7b-00085445957e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\SysWow64\lsdelete.exe ()
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\SysWOW64\ias [2008/07/23 11:32:14 | 000,000,000 | ---D | M]


SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: sermouse.sys - Driver
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: wd.sys - Driver
SafeBootMin:64bit: WdfLoadGroup -
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: aawservice - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: wd.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: sermouse.sys - Driver
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: UploadMgr - Service
SafeBootNet:64bit: WdfLoadGroup -
SafeBootNet:64bit: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: aawservice - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: WdfLoadGroup -
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX:64bit: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Reg Error: Value error.
ActiveX:64bit: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX:64bit: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX:64bit: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - Help and Support Center
ActiveX:64bit: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX:64bit: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX:64bit: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework
ActiveX:64bit: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {124D38C7-5BE5-4D4E-8D6D-9F10DC6B6D11} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\SysWOW64\Rundll32.exe C:\WINDOWS\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32:64bit: aux - wdmaud.drv File not found
Drivers32:64bit: midi - wdmaud.drv File not found
Drivers32:64bit: midimapper - midimap.dll File not found
Drivers32:64bit: mixer - wdmaud.drv File not found
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm File not found
Drivers32:64bit: msacm.msadpcm - msadp32.acm File not found
Drivers32:64bit: msacm.msg711 - msg711.acm File not found
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm File not found
Drivers32:64bit: msacm.trspch - tssoft32.acm File not found
Drivers32:64bit: vidc.i420 - msh263.drv File not found
Drivers32:64bit: vidc.iv31 - ir32_32.dll File not found
Drivers32:64bit: vidc.iv32 - ir32_32.dll File not found
Drivers32:64bit: vidc.iv41 - ir41_32.ax File not found
Drivers32:64bit: vidc.iv50 - ir50_32.dll File not found
Drivers32:64bit: vidc.iyuv - iyuv_32.dll File not found
Drivers32:64bit: vidc.mrle - msrle32.dll File not found
Drivers32:64bit: vidc.msvc - msvidc32.dll File not found
Drivers32:64bit: vidc.uyvy - msyuv.dll File not found
Drivers32:64bit: vidc.yuy2 - msyuv.dll File not found
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll File not found
Drivers32:64bit: vidc.yvyu - msyuv.dll File not found
Drivers32:64bit: wave - wdmaud.drv File not found
Drivers32:64bit: wavemapper - msacm32.drv File not found
Drivers32: msacm.iac2 - C:\WINDOWS\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\SysWow64\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\SysWOW64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\WINDOWS\SysWow64\xfcodec.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/02/20 23:20:38 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/02/18 06:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert
[2010/02/17 21:38:02 | 002,180,256 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher64.exe
[2010/02/17 19:13:50 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/02/17 19:13:50 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/02/17 19:13:50 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/02/17 18:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\IceSword122en
[2010/02/17 18:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/02/17 18:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/02/17 18:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/02/17 18:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2010/02/17 18:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/17 18:43:10 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/02/17 18:42:52 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\o4Patch.exe
[2010/02/17 18:42:52 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\Agent.OMZ.Fix.exe
[2010/02/17 18:42:51 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\VACFix.exe
[2010/02/17 18:42:51 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\IEDFix.C.exe
[2010/02/17 18:42:51 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\404Fix.exe
[2010/02/17 18:42:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\IEDFix.exe
[2010/02/17 18:42:49 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\SysWow64\VCCLSID.exe
[2010/02/17 18:42:49 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\SysWow64\swxcacls.exe
[2010/02/17 18:42:48 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\SysWow64\SrchSTS.exe
[2010/02/17 18:42:47 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\SysWow64\swreg.exe
[2010/02/17 18:42:47 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\SysWow64\Process.exe
[2010/02/17 18:40:34 | 034,870,008 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdasetup_aff.exe
[2010/02/17 18:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backups
[2010/02/17 16:27:45 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup228.exe
[2010/02/17 16:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
[2010/02/17 16:04:07 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2010/02/17 12:33:35 | 000,390,656 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Administrator\Desktop\STOPzilla_Setup.exe
[2010/02/10 10:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Naruto
[2009/08/29 20:36:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/09 00:02:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/09 00:02:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/09 00:02:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,066,048 | -HS- | M] () -- C:\WINDOWS\SysWow64\bubijaze.dll
[2099/01/01 12:00:00 | 000,052,224 | ---- | M] () -- C:\WINDOWS\SysWow64\sapedipu.dll
[2010/02/20 23:25:40 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\SysWow64\gujewubi
[2010/02/20 23:20:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/02/20 15:59:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/18 10:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\bzthkqwk.job
[2010/02/18 01:00:00 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\uhvcrdnt.job
[2010/02/18 00:57:20 | 013,631,488 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/02/18 00:56:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/02/18 00:56:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/02/18 00:53:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/18 00:52:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/18 00:51:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/18 00:49:50 | 000,000,188 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/02/18 00:43:31 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/02/17 22:11:10 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/02/17 22:06:03 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/02/17 22:04:27 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/02/17 21:42:55 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/02/17 21:38:33 | 002,180,256 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher64.exe
[2010/02/17 18:52:54 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/17 18:51:29 | 034,870,008 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdasetup_aff.exe
[2010/02/17 18:47:52 | 002,205,157 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IceSword122en.zip
[2010/02/17 18:43:34 | 000,002,342 | ---- | M] () -- C:\WINDOWS\SysWow64\tmp.reg
[2010/02/17 18:43:10 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/02/17 18:31:52 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
[2010/02/17 18:21:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/02/17 18:21:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/02/17 18:11:37 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\mbam-clean.exe
[2010/02/17 18:09:33 | 000,252,343 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WUS_Fix.exe
[2010/02/17 18:05:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/02/17 18:05:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/02/17 16:35:02 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/02/17 16:33:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/02/17 16:33:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/02/17 16:29:14 | 003,370,400 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup228.exe
[2010/02/17 16:13:51 | 001,826,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip
[2010/02/17 16:11:45 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/02/17 16:03:56 | 000,116,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\delrepwv_en.exe
[2010/02/17 15:59:51 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/17 15:54:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/02/17 15:54:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/02/17 13:40:34 | 000,001,111 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/17 12:33:36 | 000,390,656 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Administrator\Desktop\STOPzilla_Setup.exe
[2010/02/14 21:40:19 | 003,540,745 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Lone Wolf.mp3
[2010/02/14 20:11:28 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Alan Duff Eastern Relgions Paper.doc
[2010/02/11 22:25:27 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Alan Duff Sociology Writing Assignment 1.doc
[2010/02/11 20:47:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/02/11 20:47:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/02/10 17:04:30 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 23:21:11 | 007,500,877 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Final_Fantasy_7_Aire_Tam_Break_OC_ReMix.mp3
[2010/02/08 21:23:38 | 000,003,740 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AlanDuffprogram23.cpp
[2010/02/08 14:44:08 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AlanDuffprogram6.cpp
[2010/01/30 22:41:08 | 004,162,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\awesome.zip
[2010/01/25 02:31:07 | 000,001,937 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 World Adventures.lnk
[6 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,066,048 | -HS- | C] () -- C:\WINDOWS\SysWow64\bubijaze.dll
[2099/01/01 12:00:00 | 000,052,224 | ---- | C] () -- C:\WINDOWS\SysWow64\sapedipu.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\SysWow64\gujewubi
[2010/02/18 09:36:29 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\bzthkqwk.job
[2010/02/18 00:49:49 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/02/18 00:41:15 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/02/17 22:11:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/02/17 22:06:27 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/02/17 22:05:59 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/02/17 22:04:22 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/02/17 21:42:55 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/02/17 19:13:50 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/02/17 19:13:50 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/02/17 19:13:50 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/02/17 19:13:50 | 000,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/02/17 19:13:50 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/02/17 18:52:54 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/17 18:46:56 | 002,205,157 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IceSword122en.zip
[2010/02/17 18:43:34 | 000,002,342 | ---- | C] () -- C:\WINDOWS\SysWow64\tmp.reg
[2010/02/17 18:42:50 | 000,075,776 | ---- | C] () -- C:\WINDOWS\SysWow64\WS2Fix.exe
[2010/02/17 18:42:48 | 000,051,200 | ---- | C] () -- C:\WINDOWS\SysWow64\dumphive.exe
[2010/02/17 18:42:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SysWow64\swsc.exe
[2010/02/17 18:31:22 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
[2010/02/17 18:11:37 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mbam-clean.exe
[2010/02/17 18:09:31 | 000,252,343 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WUS_Fix.exe
[2010/02/17 16:13:17 | 001,826,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip
[2010/02/17 16:03:56 | 000,116,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\delrepwv_en.exe
[2010/02/14 21:38:36 | 003,540,745 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Lone Wolf.mp3
[2010/02/14 20:14:45 | 009,523,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\01 - JAP.mp3
[2010/02/14 20:11:27 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Alan Duff Eastern Relgions Paper.doc
[2010/02/11 21:58:12 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Alan Duff Sociology Writing Assignment 1.doc
[2010/02/08 23:15:56 | 007,500,877 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Final_Fantasy_7_Aire_Tam_Break_OC_ReMix.mp3
[2010/02/07 17:16:18 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AlanDuffprogram6.cpp
[2010/02/05 13:56:05 | 000,003,740 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AlanDuffprogram23.cpp
[2010/01/26 16:56:38 | 004,162,495 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\awesome.zip
[2010/01/25 02:31:07 | 000,001,937 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 World Adventures.lnk
[2009/09/21 10:03:29 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2009/06/18 22:38:00 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\setup_ldm.iss
[2009/06/10 07:38:20 | 001,507,328 | ---- | C] () -- C:\WINDOWS\SysWow64\nview.dll
[2009/06/10 07:38:20 | 001,101,824 | ---- | C] () -- C:\WINDOWS\SysWow64\nvwimg.dll
[2008/12/23 16:20:23 | 000,001,111 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/21 04:48:24 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2008/11/16 03:25:39 | 000,010,024 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\Hmonitor.sys
[2008/10/29 19:25:14 | 000,042,320 | ---- | C] () -- C:\WINDOWS\SysWow64\xfcodec.dll
[2008/10/28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelFrench.dll
[2008/10/05 22:01:30 | 000,000,258 | ---- | C] () -- C:\WINDOWS\MicroCase.INI
[2008/06/05 07:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\SysWow64\physxcudart_20.dll
[2008/04/07 13:26:00 | 000,000,044 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/08/20 10:06:27 | 000,654,620 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2007/08/20 08:20:53 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/19 20:19:50 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/13 14:11:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/15 17:22:20 | 000,000,328 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/07/15 16:13:43 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/07/09 17:34:32 | 000,001,958 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/07/09 17:18:36 | 000,010,288 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2005/03/25 06:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2005/03/25 06:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2005/03/25 06:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2005/03/25 06:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2005/03/25 06:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2005/03/25 06:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2005/03/25 06:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2005/03/25 06:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2005/03/25 06:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2005/03/25 06:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2005/03/25 06:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2005/03/25 06:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2005/03/25 06:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2005/03/25 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2005/03/25 06:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2005/03/25 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2005/03/25 06:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\SysWow64\OUTLPERF.INI
[1997/11/17 16:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\SysWow64\vidx16.dll

========== Custom Scans ==========


< CODE >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/02/18 10:05:48 | 000,151,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SysWOW64\scrrun.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2007/02/18 10:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:AGP440.sys
[2007/02/18 10:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\amd64\sp2.cab:AGP440.sys
[2007/02/16 23:03:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=3373905E7DED6168676707F318C612FA -- C:\WINDOWS\ServicePackFiles\amd64\agp440.sys
[2005/03/24 16:11:56 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=E089A8D56B08A7A79561EB3180ADA769 -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/02/18 10:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys
[2007/02/18 10:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\amd64\sp2.cab:atapi.sys
[2005/03/25 06:00:00 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=72C77044943340964FA513B92D6D6874 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007/02/16 23:03:34 | 000,150,016 | ---- | M] (Microsoft Corporation) MD5=7A1814D0D112F50F828E25557A1ED29F -- C:\WINDOWS\ServicePackFiles\amd64\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2005/03/25 06:00:00 | 000,130,048 | ---- | M] (Microsoft Corporation) MD5=2C1641EFCDA764DCC29E01A528F227A1 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2007/02/16 23:20:32 | 000,130,560 | ---- | M] (Microsoft Corporation) MD5=589B15B2B3254E2745CB205243EB8588 -- C:\WINDOWS\ServicePackFiles\amd64\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2007/02/18 10:05:42 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2007/02/18 10:05:42 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2005/03/25 06:00:00 | 000,681,984 | ---- | M] (Microsoft Corporation) MD5=918FF7D96DE11D01DBA8BFFB3218C5A0 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2007/02/16 23:40:06 | 000,681,472 | ---- | M] (Microsoft Corporation) MD5=BFF99E983A1F35B4E8AA74DEA19D014B -- C:\WINDOWS\ServicePackFiles\amd64\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007/02/16 23:54:00 | 000,315,392 | ---- | M] (Microsoft Corporation) MD5=40453F57AAC02F32F785642F5C2E211E -- C:\WINDOWS\ServicePackFiles\amd64\scecli.dll
[2005/03/25 06:00:00 | 000,315,392 | ---- | M] (Microsoft Corporation) MD5=A832D97D4113E28DB89C33219D9E7D20 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2007/02/18 10:05:48 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll
[2007/02/18 10:05:48 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 2/20/2010 11:23:01 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 91.13 Gb Free Space | 30.57% Space Free | Partition Type: NTFS
Drive D: | 153.38 Gb Total Space | 149.61 Gb Free Space | 97.55% Space Free | Partition Type: NTFS
Drive E: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-LVF9QNX8VY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher
"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher
"8372:TCP" = 8372:TCP:*:Enabled:League of Legends Launcher
"8372:UDP" = 8372:UDP:*:Enabled:League of Legends Launcher

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files (x86)\MSN Messenger\livecall.exe" = C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files (x86)\MSN Messenger\livecall.exe" = C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Grisoft\AVG7\avginet.exe" = C:\Program Files (x86)\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe" = C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth ™ II\game.dat" = C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II -- (Electronic Arts Inc.)
"C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat" = C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king -- (Electronic Arts Inc.)
"C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™ -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 : Beyond The Sword -- (Firaxis Games)
"C:\Program Files (x86)\id Software\Enemy Territory - QUAKE Wars\etqwded.exe" = C:\Program Files (x86)\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:*:Enabled:etqwded.exe -- (Splash Damage, Ltd.)
"C:\Program Files (x86)\id Software\Enemy Territory - QUAKE Wars\etqw.exe" = C:\Program Files (x86)\id Software\Enemy Territory - QUAKE Wars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars™ -- (Splash Damage, Ltd.)
"C:\Program Files (x86)\AVG\AVG8\avgupd.exe" = C:\Program Files (x86)\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG8\avgemc.exe" = C:\Program Files (x86)\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files (x86)\MSN Messenger\livecall.exe" = C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files (x86)\THQ\Company of Heroes - Opposing Fronts Demo\RelicCOH.exe" = C:\Program Files (x86)\THQ\Company of Heroes - Opposing Fronts Demo\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts Demo -- (THQ Canada Inc.)
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:firefox -- (Mozilla Corporation)
"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" = C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:SpybotSD -- (Safer Networking Limited)
"C:\Program Files (x86)\Java\jre6\bin\jusched.exe" = C:\Program Files (x86)\Java\jre6\bin\jusched.exe:*:Enabled:jusched -- (Sun Microsystems, Inc.)
"C:\Program Files (x86)\a-squared Free\a2service.exe" = C:\Program Files (x86)\a-squared Free\a2service.exe:*:Enabled:a2service -- (Emsi Software GmbH)
"C:\Program Files (x86)\Combined Community Codec Pack\MPC\mplayerc.exe" = C:\Program Files (x86)\Combined Community Codec Pack\MPC\mplayerc.exe:*:Enabled:mplayerc -- (Gabest)
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" = C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:TeaTimer -- (Safer Networking Limited)
"C:\Program Files (x86)\Steam\SteamApps\common\freedom force vs. the 3rd reich\ffvt3r.exe" = C:\Program Files (x86)\Steam\SteamApps\common\freedom force vs. the 3rd reich\ffvt3r.exe:*:Enabled:Freedom Force vs. the 3rd Reich -- (Irrational Games)
"C:\Program Files (x86)\Steam\SteamApps\common\freedom force\fforce.exe" = C:\Program Files (x86)\Steam\SteamApps\common\freedom force\fforce.exe:*:Enabled:Freedom Force -- (Irrational Games)
"C:\Program Files (x86)\Steam\SteamApps\common\psychonauts\PsychoLauncher.exe" = C:\Program Files (x86)\Steam\SteamApps\common\psychonauts\PsychoLauncher.exe:*:Enabled:Psychonauts -- (Double Fine Productions, Inc.)
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files (x86)\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Program Files (x86)\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"C:\Program Files (x86)\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe" = C:\Program Files (x86)\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:*:Enabled:Sins of a Solar Empire - Entrenchment -- (Ironclad Games)
"C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FarCry2.exe" = C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FC2Editor.exe" = C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FC2Editor.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FC2BenchmarkTool.exe" = C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FC2BenchmarkTool.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FC2ServerLauncher.exe" = C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FC2ServerLauncher.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files (x86)\Steam\SteamApps\common\swkotor\swkotor.exe" = C:\Program Files (x86)\Steam\SteamApps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of The Old Republic -- (BioWare Corp.)
"C:\Program Files (x86)\Steam\SteamApps\common\dragon age orgins character creator\DAOriginsLauncher.exe" = C:\Program Files (x86)\Steam\SteamApps\common\dragon age orgins character creator\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins - Character Creator -- (BioWare)
"C:\Program Files (x86)\Stardock Games\Demigod\bin\Demigod.exe" = C:\Program Files (x86)\Stardock Games\Demigod\bin\Demigod.exe:*:Enabled:Demigod -- (Gas Powered Games)
"C:\Program Files (x86)\Steam\SteamApps\common\empire total war\Empire.exe" = C:\Program Files (x86)\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\owjllc.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\owjllc.exe:*:Enabled:owjllc -- File not found
"C:\WINDOWS\SysWOW64\smss32.exe" = C:\WINDOWS\SysWOW64\smss32.exe:*:Enabled:smss32 -- File not found
"C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" = C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe:*:Enabled:daemon -- (DT Soft Ltd)
"C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe" = C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe:*:Enabled:SetPoint32 -- ()
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Grisoft\AVG7\avginet.exe" = C:\Program Files (x86)\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe" = C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth ™ II\game.dat" = C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II -- (Electronic Arts Inc.)
"C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat" = C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king -- (Electronic Arts Inc.)
"C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™ -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 : Beyond The Sword -- (Firaxis Games)
"C:\Program Files (x86)\id Software\Enemy Territory - QUAKE Wars\etqwded.exe" = C:\Program Files (x86)\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:*:Enabled:etqwded.exe -- (Splash Damage, Ltd.)
"C:\Program Files (x86)\id Software\Enemy Territory - QUAKE Wars\etqw.exe" = C:\Program Files (x86)\id Software\Enemy Territory - QUAKE Wars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars™ -- (Splash Damage, Ltd.)
"C:\Program Files (x86)\AVG\AVG8\avgupd.exe" = C:\Program Files (x86)\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG8\avgemc.exe" = C:\Program Files (x86)\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files (x86)\MSN Messenger\livecall.exe" = C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files (x86)\THQ\Company of Heroes - Opposing Fronts Demo\RelicCOH.exe" = C:\Program Files (x86)\THQ\Company of Heroes - Opposing Fronts Demo\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts Demo -- (THQ Canada Inc.)
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:firefox -- (Mozilla Corporation)
"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" = C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:SpybotSD -- (Safer Networking Limited)
"C:\Program Files (x86)\Java\jre6\bin\jusched.exe" = C:\Program Files (x86)\Java\jre6\bin\jusched.exe:*:Enabled:jusched -- (Sun Microsystems, Inc.)
"C:\Program Files (x86)\a-squared Free\a2service.exe" = C:\Program Files (x86)\a-squared Free\a2service.exe:*:Enabled:a2service -- (Emsi Software GmbH)
"C:\Program Files (x86)\Combined Community Codec Pack\MPC\mplayerc.exe" = C:\Program Files (x86)\Combined Community Codec Pack\MPC\mplayerc.exe:*:Enabled:mplayerc -- (Gabest)
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" = C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:TeaTimer -- (Safer Networking Limited)
"C:\Program Files (x86)\Steam\SteamApps\common\freedom force vs. the 3rd reich\ffvt3r.exe" = C:\Program Files (x86)\Steam\SteamApps\common\freedom force vs. the 3rd reich\ffvt3r.exe:*:Enabled:Freedom Force vs. the 3rd Reich -- (Irrational Games)
"C:\Program Files (x86)\Steam\SteamApps\common\freedom force\fforce.exe" = C:\Program Files (x86)\Steam\SteamApps\common\freedom force\fforce.exe:*:Enabled:Freedom Force -- (Irrational Games)
"C:\Program Files (x86)\Steam\SteamApps\common\psychonauts\PsychoLauncher.exe" = C:\Program Files (x86)\Steam\SteamApps\common\psychonauts\PsychoLauncher.exe:*:Enabled:Psychonauts -- (Double Fine Productions, Inc.)
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files (x86)\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Program Files (x86)\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"C:\Program Files (x86)\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe" = C:\Program Files (x86)\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:*:Enabled:Sins of a Solar Empire - Entrenchment -- (Ironclad Games)
"C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FarCry2.exe" = C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FC2Editor.exe" = C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FC2Editor.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FC2BenchmarkTool.exe" = C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FC2BenchmarkTool.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FC2ServerLauncher.exe" = C:\Program Files (x86)\Steam\SteamApps\common\far cry 2\bin\FC2ServerLauncher.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files (x86)\Steam\SteamApps\common\swkotor\swkotor.exe" = C:\Program Files (x86)\Steam\SteamApps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of The Old Republic -- (BioWare Corp.)
"C:\Program Files (x86)\Steam\SteamApps\common\dragon age orgins character creator\DAOriginsLauncher.exe" = C:\Program Files (x86)\Steam\SteamApps\common\dragon age orgins character creator\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins - Character Creator -- (BioWare)
"C:\Program Files (x86)\Stardock Games\Demigod\bin\Demigod.exe" = C:\Program Files (x86)\Stardock Games\Demigod\bin\Demigod.exe:*:Enabled:Demigod -- (Gas Powered Games)
"C:\Program Files (x86)\Steam\SteamApps\common\empire total war\Empire.exe" = C:\Program Files (x86)\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\owjllc.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\owjllc.exe:*:Enabled:owjllc -- File not found
"C:\WINDOWS\SysWOW64\smss32.exe" = C:\WINDOWS\SysWOW64\smss32.exe:*:Enabled:smss32 -- File not found
"C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" = C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe:*:Enabled:daemon -- (DT Soft Ltd)
"C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe" = C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe:*:Enabled:SetPoint32 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{23EA8626-1A8A-453A-ACC4-77CED745849A}" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"{751EE164-9F12-4E57-ADB0-02D8F34A10AD}" = Microsoft SQL Server Native Client
"{75F299F3-8234-47CD-BB40-2994C1B1105E}" = Microsoft Visual Studio 2005 64bit Prerequisites (x64) - ENU
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA0AA91C-2C23-452C-B62F-70054E856AB8}" = Microsoft SQL Server VSS Writer
"{AB33D723-6E62-4D9B-8364-87A3161A3335}" = Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 2.0 SDK (x64) - ENU" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Recuva" = Recuva
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0166E190-92D7-482A-A220-DE8B7354383A}" = Demigod
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{51A128D8-3F9E-48D6-A916-4E28184A15EC}" = Grandia2
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73006B34-9743-4A39-AC37-38EDFCEB6DCE}" = Adobe Product/Adobe Studio Update 10/2001
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty® 2 Patch 1.3
"{7C08EEEC-8288-4C0E-BD1C-B8B9BEE360BD}" = TQVault
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}" = NVDVD
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E}" = The Lord of the Rings, The Rise of the Witch-king
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A61A59E2-5499-4164-B588-470387E149C9}" = TQ Defiler.NET
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars™
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BCA71D05-6BC9-4735-BA3F-7218EBE6A023}" = Enemy Territory - QUAKE Wars™ 1.4 Patch
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Activision_HG2UninstallKey" = Heavy Gear 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"a-squared Free_is1" = a-squared Free 3.0
"a-squared HiJackFree_is1" = a-squared HiJackFree 3.1
"AVG8Uninstall" = AVG Free 8.5
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CCleaner" = CCleaner
"Combat Arms" = Combat Arms
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Company of Heroes - Opposing Fronts Demo" = Company of Heroes - Opposing Fronts Demo
"Demigod" = Demigod
"Download Manager" = Download Manager 2.3.6
"EADM" = EA Download Manager
"FileZilla Client" = FileZilla Client 3.2.7.1
"Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition
"FLAC" = FLAC 1.2.1b (remove only)
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"Galactic Civilizations II" = Galactic Civilizations II
"GameTracker Lite" = GameTracker Lite
"Hardware sensors monitor 4.4_is1" = Hardware sensors monitor 4.4
"HijackThis" = HijackThis 2.0.2
"Impulse" = Impulse
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars™
"InstallShield_{BCA71D05-6BC9-4735-BA3F-7218EBE6A023}" = Enemy Territory - QUAKE Wars™ 1.4 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"Nero - Burning Rom!UninstallKey" = Nero OEM
"PbWrdArt.exe" = Publisher WordArt Compatibility Add-In
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 1.60
"RealPlayer 6.0" = RealPlayer
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"SpeedFan" = SpeedFan (remove only)
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 10500" = Empire: Total War
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 19900" = Far Cry 2
"Steam App 21960" = Far Cry 2: Fortunes Pack
"Steam App 24920" = Dragon Age: Origins - Character Creator
"Steam App 32370" = Star Wars: Knights of The Old Republic
"Steam App 3830" = Psychonauts
"Steam App 8880" = Freedom Force
"Steam App 8890" = Freedom Force vs. the 3rd Reich
"Student ExplorIt -- CP" = Student ExplorIt -- CP
"SystemRequirementsLab" = System Requirements Lab
"Titan Quest" = Titan Quest
"Titan Quest: Immortal Throne" = Titan Quest: Immortal Throne
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3749467307-3926411254-2698210063-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JScreenFix deluxe" = JScreenFix deluxe
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/18/2010 4:36:18 PM | Computer Name = USER-LVF9QNX8VY | Source = Windows Search Service | ID = 3083
Description =

Error - 2/18/2010 4:39:03 PM | Computer Name = USER-LVF9QNX8VY | Source = Windows Search Service | ID = 3083
Description =

Error - 2/18/2010 4:40:23 PM | Computer Name = USER-LVF9QNX8VY | Source = Windows Search Service | ID = 3083
Description =

Error - 2/18/2010 4:48:39 PM | Computer Name = USER-LVF9QNX8VY | Source = Windows Search Service | ID = 3083
Description =

Error - 2/18/2010 4:53:16 PM | Computer Name = USER-LVF9QNX8VY | Source = Windows Search Service | ID = 3083
Description =

Error - 2/18/2010 4:57:22 PM | Computer Name = USER-LVF9QNX8VY | Source = Windows Search Service | ID = 3083
Description =

Error - 2/18/2010 5:01:48 PM | Computer Name = USER-LVF9QNX8VY | Source = Windows Search Service | ID = 3083
Description =

Error - 2/18/2010 5:06:54 PM | Computer Name = USER-LVF9QNX8VY | Source = Windows Search Service | ID = 3083
Description =

Error - 2/19/2010 7:10:04 PM | Computer Name = USER-LVF9QNX8VY | Source = Windows Search Service | ID = 3083
Description =

Error - 2/21/2010 1:20:55 AM | Computer Name = USER-LVF9QNX8VY | Source = Windows Search Service | ID = 3083
Description =

[ System Events ]
Error - 10/6/2009 7:35:28 PM | Computer Name = USER-LVF9QNX8VY | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 10/6/2009 7:35:28 PM | Computer Name = USER-LVF9QNX8VY | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 10/7/2009 10:37:14 AM | Computer Name = USER-LVF9QNX8VY | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 10/7/2009 10:37:14 AM | Computer Name = USER-LVF9QNX8VY | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 10/13/2009 5:39:43 PM | Computer Name = USER-LVF9QNX8VY | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 10/13/2009 5:39:43 PM | Computer Name = USER-LVF9QNX8VY | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 10/13/2009 5:42:25 PM | Computer Name = USER-LVF9QNX8VY | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 10/13/2009 5:42:25 PM | Computer Name = USER-LVF9QNX8VY | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 10/14/2009 11:52:11 AM | Computer Name = USER-LVF9QNX8VY | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 10/14/2009 11:52:11 AM | Computer Name = USER-LVF9QNX8VY | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:41 AM

Posted 21 February 2010 - 09:21 AM

Hi,

please run a scan with Malwarebytes next:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Weretree112

Weretree112
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 21 February 2010 - 06:43 PM

Results:

Malwarebytes' Anti-Malware 1.44
Database version: 3753
Windows 5.2.3790 Service Pack 2
Internet Explorer 7.0.5730.13

2/21/2010 5:32:43 PM
mbam-log-2010-02-21 (17-32-43).txt

Scan type: Quick Scan
Objects scanned: 123643
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SysWOW64\sapedipu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db63df7b-c202-44e2-821e-35ab825012bb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db63df7b-c202-44e2-821e-35ab825012bb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sahefumupu (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{077c7893-c176-4525-81a5-f53cbbc4b7e1}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1,66.211.13.3 66.211.13.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d9cac775-2322-4230-8a56-1e715308a49e}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\sapedipu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pohazagu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\waduyeka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zunipaje.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\sapedipu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6YXRONU3\yXuJpk2ML3MUpYJcT_wEQOReNGmcj_WSPpyp3r5sEVecKykGJGt8Agkrn8KH8vXxI_MOiG7ISkr7lAVof-JdvFCwiHJ0OmeZTOOfpdCeR2XuYBJTGAX8_9UGoUCc9WH7LkowWMvtFIBiW12VojQc[1].htm (Trojan.Vundo.H) -> Quarantined and deleted successfully.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:41 AM

Posted 22 February 2010 - 11:07 AM

Hi,

that is looking rather promising. How is the PC doing?

Please also post a fresh log form OTL.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Weretree112

Weretree112
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 22 February 2010 - 03:31 PM

Nothing really has been going on with the PC. My searches haven't been redirected like before and I haven't noticed any fake antivirus things popping up, but I haven't had the computer connected to the internet for most of the weekend. Every time I scan the computer with malwarebyte's there is always a few cases of vundo.h however.



TL logfile created on: 2/22/2010 1:57:58 PM - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 91.17 Gb Free Space | 30.59% Space Free | Partition Type: NTFS
Drive D: | 153.38 Gb Total Space | 149.61 Gb Free Space | 97.55% Space Free | Partition Type: NTFS
Drive E: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-LVF9QNX8VY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 23:20:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/02/18 15:13:39 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/02/05 10:13:00 | 003,099,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsGui.exe
PRC - [2010/01/18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010/01/08 17:46:12 | 000,462,848 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
PRC - [2009/12/13 08:16:12 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/09/17 23:10:04 | 000,189,104 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrB.exe
PRC - [2009/09/11 12:33:48 | 018,717,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/09/03 15:17:14 | 003,342,336 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
PRC - [2009/08/28 20:54:36 | 000,075,064 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2009/08/27 07:15:06 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/27 07:14:56 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2009/08/27 07:14:52 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/21 10:34:07 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/05/21 10:34:05 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe
PRC - [2009/03/30 11:42:00 | 000,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Free\a2service.exe
PRC - [2009/02/06 13:49:40 | 002,354,016 | ---- | M] (ClanServers Hosting LLC) -- C:\Program Files (x86)\GameTracker\GSInGameService.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/17 00:52:32 | 000,032,768 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/05/02 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2007/12/16 14:42:19 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/09/25 08:00:46 | 000,574,808 | ---- | M] (Lavasoft AB) -- C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,052,224 | ---- | M] () -- C:\WINDOWS\SysWOW64\sapedipu.dll
MOD - [2010/02/20 23:20:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll
MOD - [2009/07/12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/06/21 14:07:46 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\dnsapi.dll
MOD - [2008/06/17 00:52:32 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Administrator\Local Settings\Temp\IadHide5.dll
MOD - [2008/05/02 03:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll
MOD - [2008/05/02 03:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2007/02/18 10:24:12 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll
MOD - [2007/02/18 10:06:02 | 000,812,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ws03res.dll
MOD - [2007/02/18 10:05:44 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ntshrui.dll
MOD - [2007/02/18 10:05:44 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ntdsapi.dll
MOD - [2007/02/18 10:05:40 | 000,300,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\mstask.dll
MOD - [2007/02/18 10:05:38 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msctfime.ime
MOD - [2007/02/18 10:05:34 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\linkinfo.dll
MOD - [2007/02/18 10:05:22 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2007/02/18 10:05:22 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll
MOD - [2005/03/25 06:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
MOD - [2005/03/25 06:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ws2help.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/12/18 11:07:14 | 000,227,872 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2008/12/18 11:07:12 | 000,732,704 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2008/05/02 01:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2005/09/23 03:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/17 23:10:04 | 000,189,104 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/08/28 20:54:36 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/08/27 07:14:56 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/27 07:14:52 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/05/21 10:34:05 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/03/30 11:42:00 | 000,425,080 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/02/06 13:49:40 | 002,354,016 | ---- | M] (ClanServers Hosting LLC) [Auto | Running] -- C:\Program Files (x86)\GameTracker\GSInGameService.exe -- (GS In-Game Service)
SRV - [2008/07/25 09:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/25 09:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007/09/25 08:00:46 | 000,574,808 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/16 23:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/01/19 11:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/25 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)


========== Driver Services (SafeList) ==========

DRV - [2008/11/12 17:47:32 | 000,010,024 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\Hmonitor.sys -- (hmonitor)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/07/22 22:44:50 | 000,123,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\LMOUKE.sys -- (LMouKE)
DRV - [2005/07/22 22:43:56 | 000,104,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2005/07/22 22:43:34 | 000,028,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2005/03/25 06:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\mnmdd.dll -- (mnmdd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3749467307-3926411254-2698210063-500\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3749467307-3926411254-2698210063-500\S-1-5-21-3749467307-3926411254-2698210063-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2009/12/27 01:52:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/18 23:34:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/18 15:13:41 | 000,000,000 | ---D | M]

[2008/07/15 22:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/02/22 12:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sr7laa1h.default\extensions
[2010/02/22 12:29:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmozax.dll
[2008/07/15 04:35:44 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml

Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {db63df7b-c202-44e2-821e-35ab825012bb} - C:\WINDOWS\SysWow64\sapedipu.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files (x86)\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\SysNative\NvMcTray.DLL File not found
O4:64bit: - HKLM..\Run: [nwiz] File not found
O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500..\Run: [MsnMsgr] C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe (Xfire Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files (x86)\Windows Desktop Search\WindowsSearch.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SysNative\nvLsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SysWOW64\nvLsp.dll (NVIDIA)
O15:64bit: - ..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3749467307-3926411254-2698210063-500\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1216191580931 (WUWebControl Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1216191606651 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\bw+0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw+0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw-0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw00 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw00s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw-0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw10 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw10s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw20 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw20s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw30 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw30s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw40 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw40s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw50 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw50s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw60 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw60s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw70 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw70s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw80 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw80s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw90 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bw90s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwa0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwa0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwb0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwb0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwc0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwc0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwd0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwd0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwe0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwe0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwf0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwf0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwg0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwg0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwh0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwh0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwi0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwi0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwj0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwj0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwk0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwk0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwl0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwl0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwm0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwm0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwn0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwn0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwo0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwo0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwp0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwp0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwq0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwq0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwr0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwr0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bws0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bws0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwt0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwt0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwu0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwu0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwv0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwv0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bww0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bww0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwx0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwx0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwy0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwy0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwz0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\bwz0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\offline-8876480 {AB00702B-5E4B-414A-86BC-9328B85C500E} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\bw+0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {ab00702b-5e4b-414a-86bc-9328b85c500e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {AB00702B-5E4B-414A-86BC-9328B85C500E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\avgwlx64: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgwlx64: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/09 16:59:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/16 00:18:06 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/16 04:51:33 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/21 13:58:35 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{e6eb69fb-58a2-11dc-ad7b-00085445957e}\Shell - "" = AutoRun
O33 - MountPoints2\{e6eb69fb-58a2-11dc-ad7b-00085445957e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e6eb69fb-58a2-11dc-ad7b-00085445957e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\SysWow64\lsdelete.exe ()
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\SysWOW64\ias [2008/07/23 11:32:14 | 000,000,000 | ---D | M]


SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: sermouse.sys - Driver
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: wd.sys - Driver
SafeBootMin:64bit: WdfLoadGroup -
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: aawservice - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: wd.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: sermouse.sys - Driver
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: UploadMgr - Service
SafeBootNet:64bit: WdfLoadGroup -
SafeBootNet:64bit: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: aawservice - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: WdfLoadGroup -
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX:64bit: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Reg Error: Value error.
ActiveX:64bit: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX:64bit: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX:64bit: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - Help and Support Center
ActiveX:64bit: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX:64bit: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX:64bit: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework
ActiveX:64bit: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {124D38C7-5BE5-4D4E-8D6D-9F10DC6B6D11} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\SysWOW64\Rundll32.exe C:\WINDOWS\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32:64bit: aux - wdmaud.drv File not found
Drivers32:64bit: midi - wdmaud.drv File not found
Drivers32:64bit: midimapper - midimap.dll File not found
Drivers32:64bit: mixer - wdmaud.drv File not found
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm File not found
Drivers32:64bit: msacm.msadpcm - msadp32.acm File not found
Drivers32:64bit: msacm.msg711 - msg711.acm File not found
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm File not found
Drivers32:64bit: msacm.trspch - tssoft32.acm File not found
Drivers32:64bit: vidc.i420 - msh263.drv File not found
Drivers32:64bit: vidc.iv31 - ir32_32.dll File not found
Drivers32:64bit: vidc.iv32 - ir32_32.dll File not found
Drivers32:64bit: vidc.iv41 - ir41_32.ax File not found
Drivers32:64bit: vidc.iv50 - ir50_32.dll File not found
Drivers32:64bit: vidc.iyuv - iyuv_32.dll File not found
Drivers32:64bit: vidc.mrle - msrle32.dll File not found
Drivers32:64bit: vidc.msvc - msvidc32.dll File not found
Drivers32:64bit: vidc.uyvy - msyuv.dll File not found
Drivers32:64bit: vidc.yuy2 - msyuv.dll File not found
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll File not found
Drivers32:64bit: vidc.yvyu - msyuv.dll File not found
Drivers32:64bit: wave - wdmaud.drv File not found
Drivers32:64bit: wavemapper - msacm32.drv File not found
Drivers32: msacm.iac2 - C:\WINDOWS\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\SysWow64\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\SysWOW64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\WINDOWS\SysWow64\xfcodec.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/02/20 23:20:38 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/02/18 06:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert
[2010/02/17 21:38:02 | 002,180,256 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher64.exe
[2010/02/17 19:13:50 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/02/17 19:13:50 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/02/17 19:13:50 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/02/17 18:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\IceSword122en
[2010/02/17 18:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/02/17 18:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/02/17 18:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/02/17 18:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2010/02/17 18:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/17 18:43:10 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/02/17 18:42:52 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\o4Patch.exe
[2010/02/17 18:42:52 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\Agent.OMZ.Fix.exe
[2010/02/17 18:42:51 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\VACFix.exe
[2010/02/17 18:42:51 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\IEDFix.C.exe
[2010/02/17 18:42:51 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\404Fix.exe
[2010/02/17 18:42:50 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\SysWow64\IEDFix.exe
[2010/02/17 18:42:49 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\SysWow64\VCCLSID.exe
[2010/02/17 18:42:49 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\SysWow64\swxcacls.exe
[2010/02/17 18:42:48 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\SysWow64\SrchSTS.exe
[2010/02/17 18:42:47 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\SysWow64\swreg.exe
[2010/02/17 18:42:47 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\SysWow64\Process.exe
[2010/02/17 18:40:34 | 034,870,008 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdasetup_aff.exe
[2010/02/17 18:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backups
[2010/02/17 16:27:45 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup228.exe
[2010/02/17 16:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
[2010/02/17 16:04:07 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2010/02/17 12:33:35 | 000,390,656 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Administrator\Desktop\STOPzilla_Setup.exe
[2010/02/10 10:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Naruto
[2009/08/29 20:36:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/09 00:02:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/09 00:02:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/09 00:02:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,070,144 | -HS- | M] () -- C:\WINDOWS\SysWow64\ruludoji.dll
[2099/01/01 12:00:00 | 000,052,224 | ---- | M] () -- C:\WINDOWS\SysWow64\sapedipu.dll
[2010/02/22 13:58:59 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\SysWow64\gujewubi
[2010/02/21 18:00:00 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\uhvcrdnt.job
[2010/02/21 18:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\qclyxfan.job
[2010/02/21 18:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\kkagtcfb.job
[2010/02/21 17:38:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/02/21 17:38:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/02/21 17:35:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/21 17:35:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/21 17:34:10 | 013,631,488 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/02/20 23:20:42 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/02/20 15:59:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/18 00:56:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/02/18 00:56:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/02/18 00:51:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/18 00:49:50 | 000,000,188 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/02/18 00:43:31 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/02/17 22:11:10 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/02/17 22:06:03 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/02/17 22:04:27 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/02/17 21:42:55 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/02/17 21:38:33 | 002,180,256 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher64.exe
[2010/02/17 18:52:54 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/17 18:51:29 | 034,870,008 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdasetup_aff.exe
[2010/02/17 18:47:52 | 002,205,157 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IceSword122en.zip
[2010/02/17 18:43:34 | 000,002,342 | ---- | M] () -- C:\WINDOWS\SysWow64\tmp.reg
[2010/02/17 18:43:10 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/02/17 18:31:52 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
[2010/02/17 18:21:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/02/17 18:21:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/02/17 18:11:37 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\mbam-clean.exe
[2010/02/17 18:09:33 | 000,252,343 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WUS_Fix.exe
[2010/02/17 18:05:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/02/17 18:05:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/02/17 16:35:02 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/02/17 16:33:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/02/17 16:33:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/02/17 16:29:14 | 003,370,400 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup228.exe
[2010/02/17 16:13:51 | 001,826,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip
[2010/02/17 16:11:45 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/02/17 16:03:56 | 000,116,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\delrepwv_en.exe
[2010/02/17 15:59:51 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/17 15:54:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/02/17 15:54:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/02/17 13:40:34 | 000,001,111 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/17 12:33:36 | 000,390,656 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Administrator\Desktop\STOPzilla_Setup.exe
[2010/02/14 21:40:19 | 003,540,745 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Lone Wolf.mp3
[2010/02/14 20:11:28 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Alan Duff Eastern Relgions Paper.doc
[2010/02/11 22:25:27 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Alan Duff Sociology Writing Assignment 1.doc
[2010/02/11 20:47:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/02/11 20:47:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/02/10 17:04:30 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 23:21:11 | 007,500,877 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Final_Fantasy_7_Aire_Tam_Break_OC_ReMix.mp3
[2010/02/08 21:23:38 | 000,003,740 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AlanDuffprogram23.cpp
[2010/02/08 14:44:08 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AlanDuffprogram6.cpp
[2010/01/30 22:41:08 | 004,162,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\awesome.zip
[2010/01/25 02:31:07 | 000,001,937 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 World Adventures.lnk
[6 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,070,144 | -HS- | C] () -- C:\WINDOWS\SysWow64\ruludoji.dll
[2099/01/01 12:00:00 | 000,052,224 | ---- | C] () -- C:\WINDOWS\SysWow64\sapedipu.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\SysWow64\gujewubi
[2010/02/21 17:42:48 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\kkagtcfb.job
[2010/02/20 23:41:37 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\qclyxfan.job
[2010/02/18 00:49:49 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/02/18 00:41:15 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/02/17 22:11:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/02/17 22:06:27 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/02/17 22:05:59 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/02/17 22:04:22 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/02/17 21:42:55 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/02/17 19:13:50 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/02/17 19:13:50 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/02/17 19:13:50 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/02/17 19:13:50 | 000,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/02/17 19:13:50 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/02/17 18:52:54 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/17 18:46:56 | 002,205,157 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IceSword122en.zip
[2010/02/17 18:43:34 | 000,002,342 | ---- | C] () -- C:\WINDOWS\SysWow64\tmp.reg
[2010/02/17 18:42:50 | 000,075,776 | ---- | C] () -- C:\WINDOWS\SysWow64\WS2Fix.exe
[2010/02/17 18:42:48 | 000,051,200 | ---- | C] () -- C:\WINDOWS\SysWow64\dumphive.exe
[2010/02/17 18:42:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SysWow64\swsc.exe
[2010/02/17 18:31:22 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
[2010/02/17 18:11:37 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mbam-clean.exe
[2010/02/17 18:09:31 | 000,252,343 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WUS_Fix.exe
[2010/02/17 16:13:17 | 001,826,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip
[2010/02/17 16:03:56 | 000,116,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\delrepwv_en.exe
[2010/02/14 21:38:36 | 003,540,745 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Lone Wolf.mp3
[2010/02/14 20:14:45 | 009,523,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\01 - JAP.mp3
[2010/02/14 20:11:27 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Alan Duff Eastern Relgions Paper.doc
[2010/02/11 21:58:12 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Alan Duff Sociology Writing Assignment 1.doc
[2010/02/08 23:15:56 | 007,500,877 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Final_Fantasy_7_Aire_Tam_Break_OC_ReMix.mp3
[2010/02/07 17:16:18 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AlanDuffprogram6.cpp
[2010/02/05 13:56:05 | 000,003,740 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AlanDuffprogram23.cpp
[2010/01/26 16:56:38 | 004,162,495 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\awesome.zip
[2010/01/25 02:31:07 | 000,001,937 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 World Adventures.lnk
[2009/09/21 10:03:29 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2009/06/18 22:38:00 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\setup_ldm.iss
[2009/06/10 07:38:20 | 001,507,328 | ---- | C] () -- C:\WINDOWS\SysWow64\nview.dll
[2009/06/10 07:38:20 | 001,101,824 | ---- | C] () -- C:\WINDOWS\SysWow64\nvwimg.dll
[2008/12/23 16:20:23 | 000,001,111 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/21 04:48:24 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2008/11/16 03:25:39 | 000,010,024 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\Hmonitor.sys
[2008/10/29 19:25:14 | 000,042,320 | ---- | C] () -- C:\WINDOWS\SysWow64\xfcodec.dll
[2008/10/28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelFrench.dll
[2008/10/05 22:01:30 | 000,000,258 | ---- | C] () -- C:\WINDOWS\MicroCase.INI
[2008/06/05 07:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\SysWow64\physxcudart_20.dll
[2008/04/07 13:26:00 | 000,000,044 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/08/20 10:06:27 | 000,654,620 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2007/08/20 08:20:53 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/19 20:19:50 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/13 14:11:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/15 17:22:20 | 000,000,328 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/07/15 16:13:43 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/07/09 17:34:32 | 000,001,958 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/07/09 17:18:36 | 000,010,288 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2005/03/25 06:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2005/03/25 06:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2005/03/25 06:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2005/03/25 06:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2005/03/25 06:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2005/03/25 06:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2005/03/25 06:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2005/03/25 06:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2005/03/25 06:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2005/03/25 06:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2005/03/25 06:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2005/03/25 06:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2005/03/25 06:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2005/03/25 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2005/03/25 06:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2005/03/25 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2005/03/25 06:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\SysWow64\OUTLPERF.INI
[1997/11/17 16:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\SysWow64\vidx16.dll

========== Custom Scans ==========


< CODE >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/02/18 10:05:48 | 000,151,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SysWOW64\scrrun.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2007/02/18 10:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:AGP440.sys
[2007/02/18 10:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\amd64\sp2.cab:AGP440.sys
[2007/02/16 23:03:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=3373905E7DED6168676707F318C612FA -- C:\WINDOWS\ServicePackFiles\amd64\agp440.sys
[2005/03/24 16:11:56 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=E089A8D56B08A7A79561EB3180ADA769 -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/02/18 10:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys
[2007/02/18 10:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\amd64\sp2.cab:atapi.sys
[2005/03/25 06:00:00 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=72C77044943340964FA513B92D6D6874 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007/02/16 23:03:34 | 000,150,016 | ---- | M] (Microsoft Corporation) MD5=7A1814D0D112F50F828E25557A1ED29F -- C:\WINDOWS\ServicePackFiles\amd64\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2005/03/25 06:00:00 | 000,130,048 | ---- | M] (Microsoft Corporation) MD5=2C1641EFCDA764DCC29E01A528F227A1 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2007/02/16 23:20:32 | 000,130,560 | ---- | M] (Microsoft Corporation) MD5=589B15B2B3254E2745CB205243EB8588 -- C:\WINDOWS\ServicePackFiles\amd64\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2007/02/18 10:05:42 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2007/02/18 10:05:42 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2005/03/25 06:00:00 | 000,681,984 | ---- | M] (Microsoft Corporation) MD5=918FF7D96DE11D01DBA8BFFB3218C5A0 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2007/02/16 23:40:06 | 000,681,472 | ---- | M] (Microsoft Corporation) MD5=BFF99E983A1F35B4E8AA74DEA19D014B -- C:\WINDOWS\ServicePackFiles\amd64\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007/02/16 23:54:00 | 000,315,392 | ---- | M] (Microsoft Corporation) MD5=40453F57AAC02F32F785642F5C2E211E -- C:\WINDOWS\ServicePackFiles\amd64\scecli.dll
[2005/03/25 06:00:00 | 000,315,392 | ---- | M] (Microsoft Corporation) MD5=A832D97D4113E28DB89C33219D9E7D20 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2007/02/18 10:05:48 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll
[2007/02/18 10:05:48 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


#8 Weretree112

Weretree112
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 22 February 2010 - 03:33 PM

Accidental Double post sorry.

Edited by Weretree112, 22 February 2010 - 03:35 PM.


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:41 AM

Posted 22 February 2010 - 06:02 PM

Hi,

you are still infected. Please run an updated scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

PLease also run a scan with kenco:
Please download Kenco.exe and save it to your desktop.
  • Double-click on Kenco.exe to run it (if you get a security warning, click run).
  • You will see a black command window and shortly a logfile will be opened. Note - Kenco.log will be saved on your desktop.
  • In order to complete the cleaning process, Kenco.exe may need to reboot your computer.
Please copy/paste the contents of kenco.log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Weretree112

Weretree112
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 22 February 2010 - 07:35 PM

The infection kept deleting mbam.exe so I had to rename it quick in order for me to scan and update. The same sapedipu.dll infection keeps popping up, and I always have to restart but it never does anything. They are always there in the scan.

Malwarebyte's scan:

Malwarebytes' Anti-Malware 1.44
Database version: 3778
Windows 5.2.3790 Service Pack 2
Internet Explorer 7.0.5730.13

2/22/2010 6:32:31 PM
mbam-log-2010-02-22 (18-32-31).txt

Scan type: Quick Scan
Objects scanned: 124556
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SysWOW64\sapedipu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db63df7b-c202-44e2-821e-35ab825012bb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db63df7b-c202-44e2-821e-35ab825012bb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\sapedipu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\feloviko.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\sapedipu.dll (Trojan.Vundo.H) -> Delete on reboot.

Kenco scan:

Kenco by jpshortstuff (31.12.09.1)
Log created at 18:34 on 22/02/2010 (Administrator)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========
ainlxtii.job -> [20:43 22/02/2010] 310 bytes
AppleSoftwareUpdate.job -> [05:04 09/04/2008] 296 bytes
qclyxfan.job -> [05:41 21/02/2010] 310 bytes
uhvcrdnt.job -> [06:55 23/12/2008] 326 bytes

-=E.O.F=-

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:41 AM

Posted 23 February 2010 - 11:19 AM

Hi,

please run a new scan with OTL (only one log will open), we will remove the files manually.

Are you familiar with the following tasks, did you set them:

QUOTE
ainlxtii.job -> [20:43 22/02/2010] 310 bytes
qclyxfan.job -> [05:41 21/02/2010] 310 bytes
uhvcrdnt.job -> [06:55 23/12/2008] 326 bytes


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Weretree112

Weretree112
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 23 February 2010 - 07:31 PM

I actually think I fixed it. I downloaded SuperAntiSpyware last night and did a scan. It found the same things, deleted what it could, then asked for a reboot to delete the rest. I figured they would still be there, but all the scans I've done have come up negative including Malwarebyte's. I figured they were gone when Malwarebyte's couldn't delete the infected files because they were missing and TeaTimer asking me if it was alright for SuperSpyware to remove a .dll which just so happened to be one that kept coming up in scans. If my computer starts acting strange again I'll be sure to post, but I think I finally got rid of the infection.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:41 AM

Posted 26 February 2010 - 09:11 AM

Hi,

the lack of symptoms does not necessarily mean that you are clean. Please provide the OTL log so that we can see if something is left on your PC.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:41 AM

Posted 06 March 2010 - 04:12 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users