Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\windows\system32\*, Are you sure (Y/N) ? + Freezing and Connectivity Issues


  • This topic is locked This topic is locked
29 replies to this topic

#1 C47FSN

C47FSN

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 15 April 2010 - 05:33 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/309806/cwindowssystem32-are-you-sure-yn-and-another-thing-or-too/ ~ OB

Hello, this was my original post:

To the best of my knowledge these are the things that have happened recently:

I went ahead with some windows updates (i haven't been able to do 2 of them for some reason - i began to look into it but frankly it bored me to death. also i suppose it's off topic). I rebooted and everything was fine.

I clicked on a link that sent me to a site where Avast told me about a trojan. It went to the quarantine chest or whatever it's called, and was promptly removed.

While looking for info on the HP site about hooking up audio equipment to my computer, I happened to notice a link that led to driver updates. I went and took a look at them and after reading the descriptions of their benefits I decided that only one of them was of any possible use. It was called "Conexant PCI Soft Modem Driver Update". I didn't reboot after this.
I was still trying to get this home theatre business to work and decided that the reboot might set everything straight. This is where it got interesting.

When the computer rebooted it stalled on a black screen with only a small box with the name "C:\Windows\System32\cmd.exe", and inside was text in DOS with the line "C:\Windows\System32\*, Are you sure (Y/N) ?

I had no idea what that meant so I typed "n" and then pressed enter. It went away and the computer continued with the startup, but the little box came back. I left it and launched firefox to attempt to learn anything I could, but I kept getting messages about the connection not working. I still have the little sidebar on the desktop with the network meter and I just happened to notice it. The incoming network activity was going crazy; the line was spiking as high as possible and back down continuously. I was briefly able to use the internet for a few minutes and was making my way to this site to look for more in depth answers when I lost connectivity completely, although the network meter was still active.

I also tried safe mode with networking but got the same issue.

I then ran a spybot check and removed some crap but nothing changed. I was about to run SAS but couldn't update it so I didn't bother.

So my plan was to go get a laptop I have and bring it to this computer so I could use the internet and try and fix this, but the internet didn't work either. Eventually I unplugged the modem/router, plugged it back in, and problem solved.



I do not receive the dos prompt anymore, and the internet is connected now. But I had some freezing problems when trying to run gmer, as well as some typing problems with keystrokes not resulting in anything onscreen.

Here's the DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Chris at 18:19:49.72 on 15/04/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2047.632 [GMT -4:00]

AV: avast! antivirus 4.8.1201 [VPS 081112-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: avast! antivirus 4.8.1201 [VPS 081112-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Chris\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SSI] c:\progra~1\trisna~1\ssi\ssi /s
mRun: [SiteAdvisor] "c:\program files\siteadvisor\6261\SiteAdv.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {6D04C7BD-9F59-4677-A71B-A2EBCD759451} = 64.71.255.198
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\h1yrtpg1.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\siteadvisor\6261\ff\components\FFHook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-8 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-4-14 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-4-14 30920]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 66632]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-24 172032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-8 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-1-8 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-7-1 138680]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-4-14 1402568]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-2-11 1153368]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-4-14 3321032]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-7-1 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-7-1 352920]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2009-4-14 29384]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-21 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]

=============== Created Last 30 ================

2010-04-15 22:12:26 20 ----a-w- c:\users\chris\defogger_reenable
2010-04-15 14:09:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 14:09:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 14:09:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 19:02:49 0 d-----w- c:\users\chris\appdata\roaming\WinBatch
2010-04-13 20:20:50 59 ----a-w- c:\windows\wininit.ini
2010-04-03 01:03:49 0 d-----w- c:\program files\DCoder Image Source
2010-04-03 01:03:48 0 d-----w- c:\program files\SHOUTcast Source
2010-04-03 01:03:47 0 d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2010-04-03 01:03:45 0 d-----w- c:\program files\CD Audio Reader Filter
2010-04-03 01:03:44 0 d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2010-04-03 01:03:44 0 d-----w- c:\program files\Gabest MPEG Splitter
2010-04-03 01:03:40 0 d-----w- c:\program files\RealMedia
2010-04-03 01:03:32 0 d-----w- c:\program files\DScaler5
2010-04-03 01:03:28 497664 ----a-w- c:\windows\system32\ac3filter.acm
2010-04-03 01:03:27 0 d-----w- c:\program files\AC3Filter
2010-04-03 01:03:20 0 d-----w- c:\program files\Haali
2010-04-03 01:03:18 0 d-----w- c:\program files\Bass Audio Decoder
2010-04-03 01:03:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-04-03 01:03:14 57344 ----a-w- c:\windows\system32\ff_vfw.dll

==================== Find3M ====================

2010-04-14 19:03:20 86016 ----a-w- c:\windows\inf\infpub.dat
2010-04-14 19:03:20 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-12 19:43:49 120 ----a-w- c:\users\chris\appdata\roaming\wklnhst.dat
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 03:40:02 143360 ----a-w- c:\windows\inf\infstor.dat
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-08 17:33:12 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-11-11 22:38:03 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-07 02:22:49 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-07 02:22:49 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-07 02:22:49 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-11-04 05:05:01 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-01-08 23:20:15 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-27 22:09:10 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:23:03.44 ===============


The gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-15 11:24:52
Windows 6.0.6002 Service Pack 2
Running: hj6lotc5.exe; Driver: C:\Users\Chris\AppData\Local\Temp\awlorpod.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 84EFABF8
INT 0x51 ? 84EFABF8
INT 0x51 ? 85479F00
INT 0x51 ? 84EFABF8
INT 0x52 ? 85479F00
INT 0x61 ? 85479F00
INT 0x72 ? 85479F00
INT 0x82 ? 85479F00
INT 0xA2 ? 84EFABF8
INT 0xB2 ? 84EFABF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spdc.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 883DA41B 5 Bytes JMP 854794E0
.text aqknwy0r.SYS 881C8000 22 Bytes [82, 23, 5D, 82, 6C, 22, 5D, ...]
.text aqknwy0r.SYS 881C8017 181 Bytes [00, 32, 87, 79, 80, 3D, 85, ...]
.text aqknwy0r.SYS 881C80CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text aqknwy0r.SYS 881C80DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text aqknwy0r.SYS 881C80E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068F6D2] \SystemRoot\System32\Drivers\spdc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068F040] \SystemRoot\System32\Drivers\spdc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068F7FC] \SystemRoot\System32\Drivers\spdc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068F0BE] \SystemRoot\System32\Drivers\spdc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068F13C] \SystemRoot\System32\Drivers\spdc.sys
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\aqknwy0r.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7440A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7443CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [743DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84EFF1F8
Device \Driver\volmgr \Device\VolMgrControl 84EFC1F8
Device \Driver\usbuhci \Device\USBPDO-0 8548D1F8
Device \Driver\usbuhci \Device\USBPDO-1 8548D1F8
Device \Driver\usbehci \Device\USBPDO-2 8548E1F8
Device \Driver\usbuhci \Device\USBPDO-3 8548D1F8
Device \Driver\usbuhci \Device\USBPDO-4 8548D1F8
Device \Driver\usbuhci \Device\USBPDO-5 8548D1F8
Device \Driver\PCI_PNP0486 \Device\00000056 spdc.sys
Device \Driver\usbuhci \Device\USBPDO-6 8548D1F8
Device \Driver\volmgr \Device\HarddiskVolume1 84EFC1F8
Device \Driver\usbehci \Device\USBPDO-7 8548E1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84EFC1F8
Device \Driver\cdrom \Device\CdRom0 854F01F8
Device \Driver\volmgr \Device\HarddiskVolume3 84EFC1F8
Device \Driver\cdrom \Device\CdRom1 854F01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84EFE1F8
Device \Driver\atapi \Device\Ide\IdePort0 84EFE1F8
Device \Driver\atapi \Device\Ide\IdePort1 84EFE1F8
Device \Driver\atapi \Device\Ide\IdePort2 84EFE1F8
Device \Driver\atapi \Device\Ide\IdePort3 84EFE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 84EFE1F8
Device \Driver\volmgr \Device\HarddiskVolume4 84EFC1F8
Device \Driver\sptd \Device\248890496 spdc.sys
Device \Driver\volmgr \Device\HarddiskVolume5 84EFC1F8
Device \Driver\sbp2port \Device\Sbp2Port0 84F001F8
Device \Driver\iScsiPrt \Device\RaidPort0 854FA1F8
Device \Driver\usbuhci \Device\USBFDO-0 8548D1F8
Device \Driver\sbp2port \Device\Sbp2\Maxtor&OneTouch III&0&0010b921_00f243ce_Instance00 84F001F8
Device \Driver\usbuhci \Device\USBFDO-1 8548D1F8
Device \Driver\usbehci \Device\USBFDO-2 8548E1F8
Device \Driver\usbuhci \Device\USBFDO-3 8548D1F8
Device \Driver\usbuhci \Device\USBFDO-4 8548D1F8
Device \Driver\usbuhci \Device\USBFDO-5 8548D1F8
Device \Driver\usbuhci \Device\USBFDO-6 8548D1F8
Device \Driver\usbehci \Device\USBFDO-7 8548E1F8
Device \Driver\aqknwy0r \Device\Scsi\aqknwy0r1 854F71F8
Device \Driver\aqknwy0r \Device\Scsi\aqknwy0r1Port5Path0Target0Lun0 854F71F8
Device \FileSystem\cdfs \Cdfs 8546A1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x80 0x28 0xE7 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x69 0x8C 0x4F 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA7 0x71 0xB1 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x80 0x28 0xE7 0x8B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x69 0x8C 0x4F 0x3F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA7 0x71 0xB1 0x2F ...

---- EOF - GMER 1.0.15 ----


Thanks for your help,

C.

Edited by Orange Blossom, 18 April 2010 - 08:39 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:58 PM

Posted 19 April 2010 - 10:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 19 April 2010 - 04:11 PM

OTL logfile created on: 19/04/2010 4:53:48 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292.24 Gb Total Space | 13.71 Gb Free Space | 4.69% Space Free | Partition Type: NTFS
Drive D: | 5.84 Gb Total Space | 0.82 Gb Free Space | 13.97% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.10 Gb Free Space | 2.23% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 80.00 Gb Total Space | 20.30 Gb Free Space | 25.38% Space Free | Partition Type: NTFS
Drive K: | 80.00 Gb Total Space | 0.05 Gb Free Space | 0.06% Space Free | Partition Type: NTFS
Drive L: | 138.09 Gb Total Space | 0.32 Gb Free Space | 0.23% Space Free | Partition Type: NTFS

Computer Name: NERDMACHINE2
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/19 16:53:00 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2010/04/12 22:22:31 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/04/02 20:51:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 23:17:34 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/11/24 23:17:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/13 02:26:10 | 006,223,048 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2008/12/13 02:26:06 | 002,115,784 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2008/12/13 02:26:04 | 001,402,568 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2008/12/13 02:25:56 | 003,321,032 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2008/06/10 13:56:30 | 001,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/06/10 13:56:28 | 000,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2007/12/04 17:03:00 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
PRC - [2007/10/25 06:52:08 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/24 14:55:18 | 000,032,768 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2007/01/15 17:18:00 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\GammaTray.exe
PRC - [2006/09/03 13:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/04/10 15:24:20 | 000,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (SafeList) ==========

MOD - [2010/04/19 16:53:00 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/12/13 02:26:16 | 000,857,288 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2008/01/19 03:37:11 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2008/01/19 03:34:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SysEnforce)
SRV - [2009/11/24 23:17:04 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/13 02:26:04 | 001,402,568 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oacat.exe -- (OAcat)
SRV - [2008/12/13 02:25:56 | 003,321,032 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/24 14:55:18 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2006/09/11 19:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 19:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 18:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 18:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 13:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 02:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 12:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - [2010/02/28 20:35:55 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/28 20:35:55 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/28 20:35:55 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/24 23:51:32 | 005,143,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 19:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/30 10:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/08/04 09:48:20 | 002,744,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/01 14:51:54 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/08 03:53:12 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/03/24 22:07:52 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/12/13 02:26:30 | 000,178,376 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)
DRV - [2008/12/13 02:26:30 | 000,030,920 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)
DRV - [2008/12/11 12:43:58 | 000,029,384 | ---- | M] (OnlineArmor NDIS Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/15 00:56:30 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/06 13:34:15 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/24 20:39:56 | 001,899,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/24 20:15:50 | 000,012,288 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006/11/24 20:15:50 | 000,012,288 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1666621606-277106425-2154946694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1666621606-277106425-2154946694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1666621606-277106425-2154946694-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1666621606-277106425-2154946694-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "qtl"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.3
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: faviconizetab@espion.just-size.jp:1.0.1
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.63
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: qtl.co.il@gmail.com:14.3
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: taboo@runningfrombears.com:0.6.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:3.0.13
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {e7348bc0-16f6-11de-8c30-0800200c9a66}:3.6.19.02.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 20:52:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 20:52:00 | 000,000,000 | ---D | M]

[2008/11/10 11:45:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2010/04/17 04:21:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions
[2010/02/28 20:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/12/08 19:15:10 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/09/23 13:53:30 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2009/07/01 03:16:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/17 09:55:52 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/04/17 04:21:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/11/10 16:14:13 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/11/09 00:44:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/07/14 09:12:14 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/01/20 18:18:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/13 16:48:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/10/12 11:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/11 00:53:28 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/11/19 01:34:59 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010/03/24 19:47:35 | 000,000,000 | ---D | M] (Pink Fox) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}
[2010/04/05 00:41:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\ctrl-tab@design-noir.de
[2009/12/18 16:36:47 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\faviconizetab@espion.just-size.jp
[2010/04/17 04:21:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\firegestures@xuldev.org
[2010/02/28 20:07:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\foxsaver@www.foxsaver.com
[2010/04/05 00:41:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\piclens@cooliris.com
[2010/04/11 00:53:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\qtl.co.il@gmail.com
[2009/05/26 10:13:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\searchrecs@veoh.com
[2009/03/27 07:53:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\smartbookmarksbar@remy.juteau
[2010/01/24 16:52:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\taboo@runningfrombears.com
[2010/04/17 04:21:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\tabscope@xuldev.org
[2010/04/11 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\extensions\yetanothersmoothscrolling@kataho
[2009/10/29 13:50:49 | 000,002,108 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\searchplugins\qtl.xml
[2008/01/26 02:37:24 | 000,002,386 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\searchplugins\siteadvisor.xml
[2008/06/19 20:21:42 | 000,001,108 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\h1yrtpg1.default\searchplugins\wikipedia-en.xml
[2010/04/12 22:48:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/25 04:51:06 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npigl.dll

O1 HOSTS File: ([2009/09/23 14:43:52 | 000,317,686 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 10900 more lines...
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1666621606-277106425-2154946694-1001\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-1666621606-277106425-2154946694-1001\..\Toolbar\WebBrowser: (no name) - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CCUTRAYICON] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6261\SiteAdv.exe ()
O4 - HKLM..\Run: [SSI] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1666621606-277106425-2154946694-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1666621606-277106425-2154946694-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1666621606-277106425-2154946694-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1666621606-277106425-2154946694-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1666621606-277106425-2154946694-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1666621606-277106425-2154946694-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1666621606-277106425-2154946694-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/27 17:45:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/11 09:31:38 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/04/11 09:31:38 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/16 16:01:53 | 000,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/16 16:01:53 | 000,000,000 | RHSD | M] - K:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/16 16:01:53 | 000,000,000 | RHSD | M] - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{d7cc5b1a-24c9-11df-9447-001d60ac0e06}\Shell - "" = AutoRun
O33 - MountPoints2\{d7cc5b1a-24c9-11df-9447-001d60ac0e06}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/11/11 18:28:09 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/04/19 16:52:59 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010/04/15 10:09:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/15 10:09:45 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/15 10:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/15 10:05:10 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup-1.45.exe
[2010/04/14 15:02:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinBatch
[2010/04/14 15:02:01 | 003,764,824 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Users\Chris\Desktop\sp37371.exe
[2010/04/13 08:36:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\aliens - berserker #03
[2010/04/12 22:14:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/12 22:14:11 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/12 22:14:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/12 22:14:10 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/12 22:14:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/12 22:14:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/12 22:14:10 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/12 22:14:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/12 22:14:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/12 22:14:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/12 22:14:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/12 22:14:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/12 22:14:09 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/12 22:14:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/12 22:14:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/04/12 15:42:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\New Folder
[2010/04/12 10:32:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\aliens - berserker #02
[2010/04/06 20:09:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Aliens - Berserker #01 Of 4
[2010/04/06 10:59:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Aliens - Stronghold
[2010/04/03 22:21:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Aliens - Music of the Spears 01
[2010/04/02 21:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\DCoder Image Source
[2010/04/02 21:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source
[2010/04/02 21:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder
[2010/04/02 21:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter
[2010/04/02 21:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter
[2010/04/02 21:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest MPEG Splitter
[2010/04/02 21:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\RealMedia
[2010/04/02 21:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\DScaler5
[2010/04/02 21:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/04/02 21:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/04/02 21:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bass Audio Decoder
[2010/04/02 21:03:14 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2010/03/26 10:48:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\New Folder
[2010/03/26 00:24:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Sn_ura
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/19 16:54:49 | 007,077,888 | ---- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010/04/19 16:53:00 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010/04/19 16:16:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/19 16:16:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/19 15:36:53 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9A91E911-F701-4ED5-8BC3-A88F56291779}.job
[2010/04/19 12:53:22 | 000,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/19 12:53:22 | 000,608,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/19 12:53:22 | 000,109,138 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/19 12:53:19 | 172,318,525 | ---- | M] () -- C:\Users\Chris\Desktop\PS3UPDAT.PUP
[2010/04/19 10:57:08 | 000,236,032 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 18:19:15 | 000,525,824 | ---- | M] () -- C:\Users\Chris\Desktop\dds.scr
[2010/04/15 18:16:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/15 18:15:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/15 18:15:39 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/15 18:14:04 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{6014e914-0a38-11df-903e-001d60ac0e06}.TMContainer00000000000000000001.regtrans-ms
[2010/04/15 18:14:04 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{6014e914-0a38-11df-903e-001d60ac0e06}.TM.blf
[2010/04/15 18:14:00 | 001,697,943 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010/04/15 18:12:39 | 000,000,020 | ---- | M] () -- C:\Users\Chris\defogger_reenable
[2010/04/15 18:11:22 | 000,050,477 | ---- | M] () -- C:\Users\Chris\Desktop\Defogger.exe
[2010/04/15 10:18:18 | 000,293,376 | ---- | M] () -- C:\Users\Chris\Desktop\hj6lotc5.exe
[2010/04/15 10:05:11 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup-1.45.exe
[2010/04/14 15:05:18 | 001,344,744 | ---- | M] () -- C:\Users\Chris\Desktop\c00843730.pdf
[2010/04/14 15:02:01 | 003,764,824 | ---- | M] (Hewlett-Packard Development Company, L.P. ) -- C:\Users\Chris\Desktop\sp37371.exe
[2010/04/13 16:20:50 | 000,000,059 | ---- | M] () -- C:\Windows\wininit.ini
[2010/04/12 22:02:56 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/12 21:59:09 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/04/12 15:43:49 | 000,000,120 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2010/04/12 15:40:48 | 000,025,600 | ---- | M] () -- C:\Users\Chris\Desktop\My Life in a Bag Exercise.doc
[2010/04/03 15:47:12 | 000,881,519 | ---- | M] () -- C:\Users\Chris\Desktop\ps_ps3_bths_manl_en.pdf
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/26 00:23:14 | 093,229,993 | R--- | M] () -- C:\Users\Chris\Desktop\Sn_ura.7z
[2010/03/24 06:33:27 | 017,304,920 | ---- | M] () -- C:\Users\Chris\Desktop\Aliens - Music of the Spears 02.cbr
[2010/03/24 06:32:28 | 041,798,918 | ---- | M] () -- C:\Users\Chris\Desktop\Aliens - Stronghold.rar
[2010/03/24 06:30:39 | 017,422,240 | ---- | M] () -- C:\Users\Chris\Desktop\Aliens - Music of the Spears 03.cbr
[2010/03/24 06:28:09 | 016,755,548 | ---- | M] () -- C:\Users\Chris\Desktop\Aliens - Music of the Spears 04.cbr
[2010/03/24 06:24:54 | 017,019,365 | ---- | M] () -- C:\Users\Chris\Desktop\Aliens - Music of the Spears 01.rar
[2010/03/24 06:24:20 | 013,258,896 | ---- | M] () -- C:\Users\Chris\Desktop\Aliens - Berserker #01 Of 4.rar
[2010/03/24 06:15:34 | 010,868,684 | ---- | M] () -- C:\Users\Chris\Desktop\aliens - berserker #03.rar
[2010/03/24 06:04:16 | 009,563,807 | ---- | M] () -- C:\Users\Chris\Desktop\aliens - berserker #04.cbz
[2010/03/24 06:02:17 | 010,886,458 | ---- | M] () -- C:\Users\Chris\Desktop\aliens - berserker #02.rar
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/19 12:51:08 | 172,318,525 | ---- | C] () -- C:\Users\Chris\Desktop\PS3UPDAT.PUP
[2010/04/15 18:19:12 | 000,525,824 | ---- | C] () -- C:\Users\Chris\Desktop\dds.scr
[2010/04/15 18:12:26 | 000,000,020 | ---- | C] () -- C:\Users\Chris\defogger_reenable
[2010/04/15 18:11:21 | 000,050,477 | ---- | C] () -- C:\Users\Chris\Desktop\Defogger.exe
[2010/04/15 11:26:31 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/15 10:48:32 | 000,001,647 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk
[2010/04/15 10:48:32 | 000,000,735 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
[2010/04/15 10:48:32 | 000,000,601 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk
[2010/04/15 10:18:17 | 000,293,376 | ---- | C] () -- C:\Users\Chris\Desktop\hj6lotc5.exe
[2010/04/14 15:05:14 | 001,344,744 | ---- | C] () -- C:\Users\Chris\Desktop\c00843730.pdf
[2010/04/13 16:20:50 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2010/04/12 22:02:56 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/12 15:40:45 | 000,025,600 | ---- | C] () -- C:\Users\Chris\Desktop\My Life in a Bag Exercise.doc
[2010/04/11 22:34:40 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2010/04/06 20:09:04 | 013,258,896 | ---- | C] () -- C:\Users\Chris\Desktop\Aliens - Berserker #01 Of 4.rar
[2010/04/06 20:09:04 | 010,886,458 | ---- | C] () -- C:\Users\Chris\Desktop\aliens - berserker #02.rar
[2010/04/06 20:09:04 | 010,868,684 | ---- | C] () -- C:\Users\Chris\Desktop\aliens - berserker #03.rar
[2010/04/06 20:09:04 | 009,563,807 | ---- | C] () -- C:\Users\Chris\Desktop\aliens - berserker #04.cbz
[2010/04/06 10:58:52 | 041,798,918 | ---- | C] () -- C:\Users\Chris\Desktop\Aliens - Stronghold.rar
[2010/04/03 22:21:10 | 017,422,240 | ---- | C] () -- C:\Users\Chris\Desktop\Aliens - Music of the Spears 03.cbr
[2010/04/03 22:21:10 | 017,304,920 | ---- | C] () -- C:\Users\Chris\Desktop\Aliens - Music of the Spears 02.cbr
[2010/04/03 22:21:10 | 016,755,548 | ---- | C] () -- C:\Users\Chris\Desktop\Aliens - Music of the Spears 04.cbr
[2010/04/03 22:21:09 | 017,019,365 | ---- | C] () -- C:\Users\Chris\Desktop\Aliens - Music of the Spears 01.rar
[2010/04/03 15:47:05 | 000,881,519 | ---- | C] () -- C:\Users\Chris\Desktop\ps_ps3_bths_manl_en.pdf
[2010/04/02 21:03:28 | 000,497,664 | ---- | C] () -- C:\Windows\System32\ac3filter.acm
[2010/04/02 21:03:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/26 00:23:14 | 093,229,993 | R--- | C] () -- C:\Users\Chris\Desktop\Sn_ura.7z
[2010/02/15 00:09:25 | 000,524,288 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT{6014e914-0a38-11df-903e-001d60ac0e06}.TMContainer00000000000000000002.regtrans-ms
[2010/02/15 00:09:25 | 000,524,288 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT{6014e914-0a38-11df-903e-001d60ac0e06}.TMContainer00000000000000000001.regtrans-ms
[2010/02/15 00:09:25 | 000,065,536 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT{6014e914-0a38-11df-903e-001d60ac0e06}.TM.blf
[2009/08/19 13:15:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/11/09 23:46:35 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2008/02/11 23:21:45 | 000,159,744 | ---- | C] () -- C:\Windows\System32\hasher.dll
[2008/02/11 22:54:04 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/02/11 22:54:04 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/01/11 22:36:15 | 000,000,120 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2008/01/11 16:21:23 | 000,001,356 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/01/07 11:29:13 | 000,236,032 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/06 22:48:10 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/12/31 19:41:36 | 000,000,093 | ---- | C] () -- C:\Users\Chris\AppData\Local\fusioncache.dat
[2007/12/31 16:49:11 | 007,077,888 | ---- | C] () -- C:\Users\Chris\NTUSER.DAT
[2007/12/31 16:49:11 | 000,524,288 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007/12/31 16:49:11 | 000,524,288 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007/12/31 16:49:11 | 000,262,144 | -H-- | C] () -- C:\Users\Chris\ntuser.dat.LOG1
[2007/12/31 16:49:11 | 000,065,536 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007/12/31 16:49:11 | 000,000,020 | -HS- | C] () -- C:\Users\Chris\ntuser.ini
[2007/12/31 16:49:11 | 000,000,000 | -H-- | C] () -- C:\Users\Chris\ntuser.dat.LOG2
[2007/09/27 17:37:53 | 000,001,093 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/09/27 17:28:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/09/27 17:28:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1277.dll
[2007/09/27 17:21:16 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/09/27 17:21:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/24 20:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/24 20:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/07/19 11:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 13:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/24 23:18:02 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2006/12/28 19:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\AMD\AMD_8.38_RC2_Vista_BR47273_May14\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2008/04/02 15:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:\ATI\SUPPORT\8-6_vista32_dd_ccc_wdm_enu_64789\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2007/04/16 18:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\ATI\SUPPORT\8-10_vista32_dd_ccc_wdm_enu_69564\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2007/04/16 18:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\ATI\SUPPORT\8-6_vista32_dd_ccc_wdm_enu_64789\Packages\Drivers\SBDrv\SB6xx\RAID\LH64A\ahcix86s.sys
[2008/05/27 16:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\ATI\SUPPORT\8-10_vista32_dd_ccc_wdm_enu_69564\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 04:05:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 04:05:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 04:05:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:57AA94C3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 19/04/2010 4:53:48 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292.24 Gb Total Space | 13.71 Gb Free Space | 4.69% Space Free | Partition Type: NTFS
Drive D: | 5.84 Gb Total Space | 0.82 Gb Free Space | 13.97% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.10 Gb Free Space | 2.23% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 80.00 Gb Total Space | 20.30 Gb Free Space | 25.38% Space Free | Partition Type: NTFS
Drive K: | 80.00 Gb Total Space | 0.05 Gb Free Space | 0.06% Space Free | Partition Type: NTFS
Drive L: | 138.09 Gb Total Space | 0.32 Gb Free Space | 0.23% Space Free | Partition Type: NTFS

Computer Name: NERDMACHINE2
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1666621606-277106425-2154946694-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe:*:Enabled:Logitech Harmony Remote Software V5 -- ()
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software V5 -- ()
"C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe" = C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe:*:Enabled:Logitech Harmony Remote Software V5 -- ()
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software V5 -- ()
"C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe" = C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AF6D00-E411-4677-9472-B9D787A76FCA}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\win32\rpcdatasrv.exe |
"{0CDFE027-A667-4DEB-A4F6-EAD2B939DD7C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3042A405-4A99-42A6-A51C-7E67DC56C669}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5E7CD85A-1E84-4572-B30E-334F82E13D57}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{8E8C290B-D8A5-4E25-9B30-09864EDE2F24}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\rpcsandrasrv.exe |
"{C449C751-CC0C-4F27-AF83-0AA4DF41EEA6}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05442A76-7886-495C-A99C-EBB2D2FB7E96}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\civilization4.exe |
"{0EAD738F-0CB3-4359-8E87-FDDBCE76158A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{13037A92-980A-467B-AAF0-91D0CA51ECFD}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{16D8AE5A-B93D-42B2-8049-DD268ABC846E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{186A5CD6-5054-4241-B763-77437281EADC}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\civilization4.exe |
"{2299F01F-C91A-457C-B72E-0365A38E1687}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{2D42B8C3-48C3-4F93-906B-A887994DDE3D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2ECD0569-E10C-41FE-8CB5-7F756812DAA5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3DB19C84-6EFA-4416-B5F7-ACF9359F7400}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\civilization4.exe |
"{447D9DA3-690F-4F81-BD7F-C7225870C9DE}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{45BEEF07-5D7F-4AC4-B370-59AA55B5CC62}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4897B56F-C709-4EBB-9BCA-DDE7EB50EA50}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
"{4A4BA856-3E92-47BF-9D44-5E4C91294BEC}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{4F365F42-BB7B-43B2-ACE8-DB5E942ED8D3}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe |
"{576E5B28-B7C6-4887-9828-B07A43D7D093}" = protocol=1 | dir=in | name=sisoftware database agent service (icmp-in) |
"{5C32179F-54B8-49A1-9920-7D9C3C0D4EC3}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{61FB6536-2FF1-48AE-BB86-22CEAB9FF799}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
"{67BFBFAA-A9FE-49EC-9C76-0E47429E14FE}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
"{76A5270C-3B3B-45CE-B248-7B6F3F7BF370}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7BF5E8A5-54B0-4A43-9E0A-148AA9356871}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe |
"{843A3D13-59A2-471D-B970-2A4EC328DEB7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{85439C31-0FFA-4E1A-9BFC-1FD8744B47D4}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword_pitboss.exe |
"{89D13081-7054-4D4F-929C-2AA827F2D024}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{934C80B0-EDDF-4ED8-AD06-2D0927175F05}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9513F548-5D5C-4C90-980C-5A5D3B3EC678}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword_pitboss.exe |
"{A1436780-3792-4741-87C4-FDC082C38C57}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
"{A17D723E-C599-4E20-8C41-B80F969C23F5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A2A8B6F0-FC03-41E9-BA2F-11FCAEA6AAF7}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{A74E5317-1196-452F-96BF-F03DA7892753}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{B1B00FCD-2B92-4011-9267-4ECABCDA4985}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe |
"{B4AC4D5F-8B6A-4B01-9562-70DCE6B630A5}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword_pitboss.exe |
"{B6CC6EDB-EB42-4066-86E4-679972B0EA1A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC96A6C0-9CBB-4BE5-9033-56696B4F6D36}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{CCAFA0F0-5D27-4175-B489-F28B2BDA3F2D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D95A01DA-6A5F-49DC-84F9-496E55CD85CF}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\civilization4.exe |
"{D97C4A78-6682-4F48-B7D6-B5E2D935BA1F}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe |
"{E8662F9B-1247-48FD-B72C-EBECD65A2286}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{EEA0F13D-D6D4-4B21-A305-A8621D383B11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F97601E7-881A-4D7C-9695-2B28D16924CB}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword_pitboss.exe |
"TCP Query User{0D79DFF4-65B7-480E-88B2-D30E9D43D65E}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{13B4201B-183A-4FD2-850A-D2875CE1B6A0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{4FB3A0D8-6EFD-426C-801B-9216F980E24B}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{95185AB1-A1E6-4901-A30B-C2FD4DD1E835}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B47B4287-9945-4269-A413-0060A21214BF}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{CC2DA86A-A80F-4D14-BF8A-6BC73B2E4105}C:\program files\trisnap technologies\ssi\ssi.exe" = protocol=6 | dir=in | app=c:\program files\trisnap technologies\ssi\ssi.exe |
"TCP Query User{F2F4C279-9F8A-4D74-90D3-3D3C72AD04C7}C:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe |
"UDP Query User{3A4148EB-B7E9-49F6-BAF7-BCD50F2C8908}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{7E81ED32-75BA-4028-AFA9-5F73BF0F6C74}C:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe |
"UDP Query User{88DA27D0-3FFB-4A0A-BF83-32BC8E373AD1}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{9E148163-4EF3-4095-8FFD-48451574AC0E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C83FE4AC-CFCC-434B-A8F6-CC09357F677D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{ECA62F4D-D08F-4882-BC6B-C73D20A272CF}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{FCA30EAB-2E95-4E04-A000-191D8C0AEF4F}C:\program files\trisnap technologies\ssi\ssi.exe" = protocol=17 | dir=in | app=c:\program files\trisnap technologies\ssi\ssi.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0BB72566-0D4C-7200-2CE7-02F298B49C88}" = CCC Help English
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}" = HP Total Care Advisor
"{110AD51E-D0E0-49B1-52FD-291373BA62EA}" = Catalyst Control Center Graphics Full New
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 18
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3143EA86-CF89-4E22-91BB-25B28CE23AED}" = 2350_Help
"{31557F4F-7D10-D32E-4B70-237A09FCC31B}" = Catalyst Control Center Graphics Previews Common
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C175604-F026-5D79-BBD8-F626AE10B3EF}" = Catalyst Control Center Graphics Full Existing
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{55502C49-F061-428C-BF26-06ECDFB3AC29}" = Sid Meier's Civilization 4 Gold
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62C2067E-5851-BD4C-98E0-5C4D5E155A5B}" = Catalyst Control Center Core Implementation
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{934528B2-09B3-C6E5-288A-4E554E6DF2B9}" = ATI Catalyst Install Manager
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{97218993-042B-4DEA-A39F-B5D7DEB7B0AF}" = Logitech Harmony Remote Software V5
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A292C05C-840A-9D47-5350-EF39ECC7629E}" = Catalyst Control Center HydraVision Full
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D08D5A-74E8-7509-452A-E40E63D8FFC2}" = Catalyst Control Center InstallProxy
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FC405C-6C58-4ACF-AC41-E999261E76E9}" = 2350Trb
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AD17676C-5065-E427-130B-21CE713F93E7}" = Catalyst Control Center Graphics Light
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B970700B-E49F-ECEF-4ADB-0F3E1AFEDE91}" = ccc-core-static
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F3757C8B-6552-4EA5-9451-B933A55170BC}" = 2350
"{F6BA8EF2-A9F8-45B7-BD59-0A15DA9F7D68}" = Omron Health Management Software
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9CF8583-9275-466E-B27D-D61945FF172B}" = JapaneseNow!
"{F9F13FEA-D51E-A1C3-4EDC-D04A91B62C93}" = Catalyst Control Center Graphics Previews Vista
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast!" = avast! Antivirus
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DCoder Image Source" = DCoder Image Source (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free Registry Defrag_is1" = Free Registry Defrag
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"GrammarPro" = GrammarPro
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{97218993-042B-4DEA-A39F-B5D7DEB7B0AF}" = Logitech Harmony Remote Software V5
"Intel® Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee SiteAdvisor" = McAfee SiteAdvisor
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"New LEGO Digital Designer" = LEGO Digital Designer
"OnlineArmor_is1" = Online Armor 3.0
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PROSet" = Intel® Network Connections Drivers
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Smart Defrag_is1" = Smart Defrag
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Veoh Web Player Beta" = Veoh Web Player Beta
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1666621606-277106425-2154946694-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 27/05/2009 12:05:23 PM | Computer Name = NerdMachine2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 09/06/2009 7:18:39 AM | Computer Name = NerdMachine2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 11/07/2009 2:51:41 PM | Computer Name = NerdMachine2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 13/07/2009 1:46:27 AM | Computer Name = NerdMachine2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 10/09/2009 12:35:26 PM | Computer Name = NerdMachine2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 20/11/2009 12:16:06 PM | Computer Name = NerdMachine2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 03/12/2009 9:01:30 AM | Computer Name = NerdMachine2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 11/12/2009 10:01:31 PM | Computer Name = NerdMachine2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 28/02/2010 9:41:03 PM | Computer Name = NerdMachine2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 15/04/2010 6:16:15 PM | Computer Name = NerdMachine2 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

[ Application Events ]
Error - 04/02/2010 11:14:49 PM | Computer Name = NerdMachine2 | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x5e202297, process id 0x748, application start time
0x01ca9e4535d4bae4.

Error - 05/02/2010 1:00:21 AM | Computer Name = NerdMachine2 | Source = System Restore | ID = 8193
Description =

Error - 05/02/2010 1:00:21 AM | Computer Name = NerdMachine2 | Source = System Restore | ID = 8210
Description =

Error - 15/02/2010 12:33:16 AM | Computer Name = NerdMachine2 | Source = Application Error | ID = 1000
Description = Faulting application speedfan.exe, version 4.35.0.225, time stamp
0x2a425e19, faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd,
exception code 0xc0000005, fault offset 0x000bf9cd, process id 0xcd0, application
start time 0x01caadf7fae31fa5.

Error - 28/02/2010 8:34:58 PM | Computer Name = NerdMachine2 | Source = Application Error | ID = 1000
Description = Faulting application speedfan.exe, version 4.35.0.225, time stamp
0x2a425e19, faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd,
exception code 0xc0000005, fault offset 0x000bf9cd, process id 0x898, application
start time 0x01cab8d6f0f37ca3.

Error - 05/03/2010 9:11:04 PM | Computer Name = NerdMachine2 | Source = Windows Search Service | ID = 3013
Description =

Error - 05/03/2010 9:12:47 PM | Computer Name = NerdMachine2 | Source = Windows Search Service | ID = 3013
Description =

Error - 06/03/2010 10:39:19 PM | Computer Name = NerdMachine2 | Source = Application Error | ID = 1000
Description = Faulting application speedfan.exe, version 4.35.0.225, time stamp
0x2a425e19, faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd,
exception code 0xc0000005, fault offset 0x000bf9cd, process id 0xdf0, application
start time 0x01cabd9f4b1bf33b.

Error - 16/03/2010 9:57:32 PM | Computer Name = NerdMachine2 | Source = Windows Search Service | ID = 3013
Description =

Error - 02/04/2010 8:37:41 PM | Computer Name = NerdMachine2 | Source = Winlogon | ID = 4004
Description = The Windows logon process has failed to terminate the currently logged
on user's processes.

[ System Events ]
Error - 15/04/2010 10:59:46 AM | Computer Name = NerdMachine2 | Source = Service Control Manager | ID = 7001
Description =

Error - 15/04/2010 10:59:46 AM | Computer Name = NerdMachine2 | Source = Service Control Manager | ID = 7026
Description =

Error - 15/04/2010 10:59:46 AM | Computer Name = NerdMachine2 | Source = Service Control Manager | ID = 7001
Description =

Error - 15/04/2010 10:59:46 AM | Computer Name = NerdMachine2 | Source = Service Control Manager | ID = 7001
Description =

Error - 15/04/2010 10:59:46 AM | Computer Name = NerdMachine2 | Source = Service Control Manager | ID = 7001
Description =

Error - 15/04/2010 10:59:49 AM | Computer Name = NerdMachine2 | Source = Service Control Manager | ID = 7001
Description =

Error - 15/04/2010 11:27:02 AM | Computer Name = NerdMachine2 | Source = Service Control Manager | ID = 7001
Description =

Error - 15/04/2010 11:27:02 AM | Computer Name = NerdMachine2 | Source = Service Control Manager | ID = 7000
Description =

Error - 15/04/2010 6:16:11 PM | Computer Name = NerdMachine2 | Source = Service Control Manager | ID = 7001
Description =

Error - 15/04/2010 6:16:11 PM | Computer Name = NerdMachine2 | Source = Service Control Manager | ID = 7000
Description =


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:58 PM

Posted 20 April 2010 - 10:09 AM

Hi,

are you still having the same problems? Your PC is showing nothing out of the ordinary. Could the huge incoming downloads have been caused by a windows update or similar for example?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 20 April 2010 - 02:10 PM

No there doesn't seem to be any problems at the moment. Which huge incoming downloads were you referring to?


Thanks,

C.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:58 PM

Posted 20 April 2010 - 03:18 PM

Hi,

QUOTE
The incoming network activity was going crazy; the line was spiking as high as possible and back down continuously.


from your first post. wink.gif

Just to be safe I'd like you to run an updated scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

As well as an online scan with Eset:
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 20 April 2010 - 09:02 PM

Ah, I understand. I don't think the unusual network traffic was due to any updates downloading as I've never seen anything like it before. Even when using p2p the computer was never affected the same way, but I can't say for sure. It's certainly not happening now, which is good.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4014

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

20/04/2010 6:10:03 PM
mbam-log-2010-04-20 (18-10-03).txt

Scan type: Quick scan
Objects scanned: 116635
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The ESET scan came up with nothing, so there wasn't any log or list to export.


Thanks,

C.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:58 PM

Posted 21 April 2010 - 05:52 AM

Hi,

your logs are clean, I don't believe you are infected.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Let me know if you run into any problems with this.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 21 April 2010 - 10:25 AM

Well that's good news. I'm a bit confused considering what transpired, but I suppose no news is good news?
The java update came yesterday or the day before and I opted not to update it until this was over. It updated without a problem.

I have a couple of questions though:

One of the problems I had originally when I first came to this site involved keyboard strokes producing incorrect characters. It turned out I could take the 'clear recent history' route and the problem was solved. That's still true today but I was curious as to why the problem returns at all? I usually notice when the question mark gives me a capital e with an accent over it instead of the question mark that the problem is back, and I just clear the recent history and it's gone. I've seen it twice relatively recently though. Is this usual?

And two, in October of last year I believe I had trouble installing two windows updates. I can't even remember what it told me; something about not being able to install them. I searched through microsoft windows forums and tried an idea or two but it seemed to be getting complicated quickly and as far as I could tell they weren't causing problems. Ah, I guess this could be in the windows forum?


Anyways, thanks for all of you help!

C.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:58 PM

Posted 24 April 2010 - 02:58 AM

Hi,

I have a bad history with WindowsUpdates. laugh.gif My Vista quit on me when I tried to install SP2, hasn't been booting ever since, so I'm not sure I'm the best to give you some advice.
However if the errors still persist I would have it checked out. I would suggest that you post the issue in the Windows Vista forums. If you wanna trouble shoot yourself, then have a look at the C:\windows\windowsupdate.log. It may contain some more info that'll help you to pinpoint the origin of your problem.

Where is your question mark? It is on different keys on different layouts and I'm wondering if that is the problem here too. You could get switched into a French keysetting or something similar.
It could also be a broken keyboard driver, maybe reinstalling it will resovle the issue.


Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  2. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  3. Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!

Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 25 April 2010 - 11:44 AM

I cannot get past the system restore portion of the list of things to do. I get the following message:

There was an unexpected error:
The parameter is incorrect. (0x80070057)
System Restore will now close.

What should I do?


Thanks,

C.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:58 PM

Posted 26 April 2010 - 02:11 PM

Hi

could you please try to disable system restore in safe mode.

regards myrti

#13 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 27 April 2010 - 10:43 AM

Hi myrti,

unfortunately I cannot disable system restore in safe mode. When this problem was in the previous topic I had trouble with the computer freezing when in safe mode. This is still the problem. I can ctrl+alt+delete and carry out any functions available from there, but the desktop freezes right in the beginning.

Thanks,

C.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:58 PM

Posted 28 April 2010 - 06:49 AM

Hi,

then please run chkdsk and sfc to make sure your windows files are in order:

1. Run Chkdsk
Running chkdsk may take some time to complete. Please be patient and do not use the computer, press any keys, or try to stop the chkdsk scan once it has started.
  • Right-click the Start button and select Explore
  • Navigate to your C: Drive, then right-click the drive and select Properties
  • In the Properties window that pops-up, click the Tools tab and then click on the button that says Check Now
  • If the User Account Control window pops-up asking for permission to run Check Disk, please click on Continue
  • In the Check Disk Options window that pops-up, place a check-mark in both boxes:
    • Automatically fix file system errors
    • Scan for and attempt recovery of bad sectors
  • Now click on Start.
  • A new window will pop-up saying, Windows can't check the disk while it's in use, click schedule disk check
  • Now shut-down your computer, not restart, and then turn on your computer.
  • When your computer turns on, you will see a blcak screen with white lettering, this is chkdsk running.
  • Let chkdsk run through its 5 Stages. When it is finished, your computer will boot to the desktop.
2. Chkdsk Log
  • Click on Start, then Run.
  • Copy and paste the following bold text in to the Open: box:
      eventvwr.msc /s
  • This will bring up the Event Viewer window
  • In the left panel click on Application
  • The chkdsk log should be the first entry, with a source of Wininit. If it is not the first log:
    • Click on View, and then on Newest First
    • This should place the chkdsk log at the top of the list.
  • Click on the entry once
  • Now right-click on the entry and choose Properties.
  • In the window that pops-up, click on (this will copy the log).
  • Paste the log in a Reply to this topic.



Then please run a system file check.

Click Start > All Programs > Accessories then right-click Command Prompt and then click Run as Administrator. Then type in this command

sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 28 April 2010 - 04:27 PM

Hi, here's the log:

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 28/04/2010 2:49:40 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: NerdMachine2
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.

A disk check has been scheduled.
Windows will now check the disk.
221888 file records processed.

6066 large file records processed.

0 bad file records processed.

0 EA records processed.

75 reparse records processed.

284322 index entries processed.

0 unindexed files processed.

221888 security descriptors processed.

CHKDSK is compacting the security descriptor stream...
Cleaning up 9124 unused security descriptors.
31218 data files processed.

CHKDSK is verifying Usn Journal...
34003088 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
221872 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
3876636 free clusters processed.

Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

306439843 KB total disk space.
290496956 KB in 173833 files.
96436 KB in 31221 indexes.
0 KB in bad sectors.
339903 KB in use by the system.
65536 KB occupied by the log file.
15506548 KB available on disk.

4096 bytes in each allocation unit.
76609960 total allocation units on disk.
3876637 allocation units available on disk.

Internal Info:
c0 62 03 00 07 21 03 00 c6 8e 05 00 00 00 00 00 .b...!..........
ba 27 00 00 4b 00 00 00 00 00 00 00 00 00 00 00 .'..K...........
42 00 00 00 12 75 d3 77 70 59 21 00 70 51 21 00 B....u.wpY!.pQ!.

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-04-28T18:49:40.000Z" />
<EventRecordID>30541</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>NerdMachine2</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.

A disk check has been scheduled.
Windows will now check the disk.
221888 file records processed.

6066 large file records processed.

0 bad file records processed.

0 EA records processed.

75 reparse records processed.

284322 index entries processed.

0 unindexed files processed.

221888 security descriptors processed.

CHKDSK is compacting the security descriptor stream...
Cleaning up 9124 unused security descriptors.
31218 data files processed.

CHKDSK is verifying Usn Journal...
34003088 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
221872 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
3876636 free clusters processed.

Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

306439843 KB total disk space.
290496956 KB in 173833 files.
96436 KB in 31221 indexes.
0 KB in bad sectors.
339903 KB in use by the system.
65536 KB occupied by the log file.
15506548 KB available on disk.

4096 bytes in each allocation unit.
76609960 total allocation units on disk.
3876637 allocation units available on disk.

Internal Info:
c0 62 03 00 07 21 03 00 c6 8e 05 00 00 00 00 00 .b...!..........
ba 27 00 00 4b 00 00 00 00 00 00 00 00 00 00 00 .'..K...........
42 00 00 00 12 75 d3 77 70 59 21 00 70 51 21 00 B....u.wpY!.pQ!.

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

Were the instructions for retrieving the log for XP by any chance? I had a bit of a tough time finding it, as the particular items referenced by the instructions weren't there.

As for the system file check possibly needing the CD, this is an HP computer and the discs I have for it I burnt myself. It's a one-time recovery disc creation; it's on 2 dvd - r discs. Will these function if it asks for a disc? I was afraid it may not so I thought I would ask first.

Thanks,

C.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users