Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Antivir Solution Pro - now computer won't boot at all.


  • This topic is locked This topic is locked
33 replies to this topic

#1 swedishparker

swedishparker

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 27 July 2010 - 08:18 AM

My laptop became infected with Antivir Solution Pro.

I immediately followed the steps to remove it.

While attempting to restart Windows in Safe Mode, I apparently pressed F8 too many times, too early, and the computer froze. The screen then went black and then something pretty odd happened: it appeared as if a green colour was burning it's way into the screen from each corner. Very weird, I literally thought my LCD was having a meltdown.

I turned the computer off, waited, restarted and found my way to the Windows Advanced Startup Options Menu (Safe Mode, Start Normally, etc). No matter which option I chose, the screen would go black and then do nothing. It didn't matter how long I waited, it just stayed black. There was no background harddrive activity or anything.

I've literally gone through every option in the Advanced Menu, but the same thing happens. Screen goes black, no activity and I have to restart manually.

Here's a summary of what happens:

#1. Turn on laptop

#2. Dell/bios booting screen appears for a few seconds, fully loads.

#3. Prompted with three choices; Windows Recovery Console, Windows XP Home Edition, or F8 for advanced options.
#3.1. Selecting the Windows Recovery Console option: Black screen with the white bars at the bottom appears, the white bar loads fully then computer hangs indefinitely.
#3.2. Selecting Windows XP Home Edition option: Screen goes black immediately, hangs indefinitely
#3.3. Selecting F8 option: prompted with 12 startup options (Safe Mode, Enable Boot Logging, Start Windows Normally, etc). No matter what option I choose, I'm sent back to the previous menu (#3) and the screen still goes black and hangs as per #3.1/#3.2.


From my vague guess it looks like a hardware issue, but the fact it happened immediately after I was infected with Antivir Solution Pro makes it seem like too much of a coincidence...

But really I've got no idea, and so I'd massively appreciate any help in identifying the problem (and any possible solution).

Cheers!

Edited by Pandy, 27 July 2010 - 04:10 PM.
Moved to Malware removal at thcbytes request ~Pandy


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 27 July 2010 - 04:03 PM

Hi there, smile.gif

Few questions....

Do you have a Windows XP install disc?
Had you by chance just run Combofix and then developed the boot problem?

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 swedishparker

swedishparker
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 27 July 2010 - 05:03 PM

Hey t, thanks for your reply!

Unfortunately I lost the original XP CD years ago (and don't have any copies).

No, hadn't installed or run any removal programs. I was only on step #3 of this guide when the problem occurred.

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 27 July 2010 - 09:54 PM

Try this...

Please download ARCDC from Artellos.com.
  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC
Your ISO is located on your desktop.

Next do this...
  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.

  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your XP-CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open
  • Type the green bolded one line at a time and press Enter after entering each line.

    chkdsk /r
    fixboot


  • Type "Exit" to restart the computer.
  • As soon as the computer starts hit F8 every second to bring up the Advanced Options Menu.
  • Choose the Last Known Good Configuration.
  • Success?

Finally...

Are you sure that you have no access whatsoever to a Windows Xp install disc?

Thanks,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 swedishparker

swedishparker
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 28 July 2010 - 07:20 AM


Thanks so much for your quick reply t, massively appreciate your help!

Burned the ARCDC boot disk, made it to the Recovery Console, typed chkdsk /r and pressed enter, the harddrive info appeared and then before the next command line came up (where I would have typed fixboot), it bluescreened with the message; STOP: c0000139 {Entry Point Not Found} The procedure entry point LdrSetMUICacheType could not be located in the dynamic link library ntdll.dll.

Repeated the steps several times but always got stuck in the same place, with the same message.

Tried with both XP Pro SP2/3 and XP Home SP2/3 ARCDC boot disks (as my o/s is Home but you mentioned Professional, so I thought I might as well try both). Either way, they both gave the exact same error.

Any ideas on that one?


Finally, I did "find" an unedited OEM copy of XP Home SP2 (and Pro SP2, if it's preferable), my only worry is that reinstalling will mean I lose everything on my harddrive (which isn't partitioned, and isn't entirely backed up) ...or did you have something else in mind for it?


Love to hear your thoughts :-D


#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 28 July 2010 - 07:33 AM

Let's try to boot your computer using a Boot CD.

No need to re-install yet! Let's create a boot disc. If we can get it up and running then you will at the least have access to all your files and folders and at best be able to get booting again.

Please print this guide for future reference!

You will need a blank CD, your Windows XP install disc, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. Please tell me what error messages you got and/or what steps you got hung up on.

1. Download the PE Builder to your desktop

http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe
  • Double-Click on the PE Builder that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on PE Builder.exe located on your desktop.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
      • Source:(path to Windows installation files)[list]
      • Enter the path to the drive where your XP CD is located.
      • You can click on the "..." button on the right to navigate to the path as well.
    • Custom: (include files and folders from this directory)
      • No information is necessary, leave blank.
    • Output:
      • Keep the default
  • Media output
    • Choose Create ISO image
    • Do not choose Burn to CD/DVD
      • Download the RunScanner plugin and save it to your desktop
      http://www.paraglidernc.com/Files/RunScanner10025.cab

      Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner <--- Important!!!

      • Press the Plugin button on the PE Builder interface
      • Press the Add button and navigate to the location of the RunScanner plugin to install
      • Please note: If you are using a Windows XP disc with sp2 then highlight RpsSS needs to launch DComLaunch and then press Enable
    • When your done press Close and the PE Builder interface will re-appear
3. Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit
4. Burn your ISO file to CD
==========

Next........

From your clean computer..

Please download OTLPE.zip and save it to a flash drive.
http://oldtimer.geekstogo.com/OTLPE.zip
http://www.itxassociates.com/OT-Tools/OTLPE.zip

Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

==========

Plug your flash drive into your sick computer now and do as instructed below..

==========

1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created
  • Insert the CD in to one of your CD/DVD drives.
  • Restart your computer.
    • The computer should choose to boot from the CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on No
  • After it loads press the Go button in the lower left and do this....
    • Go
    • System
    • Display
    • Screen Resolution
    • 1024x768
    Next choose....
    • Go
    • Programs
    • A43 File Management Utility
==========

In A43File Management you should see your flash drive
Navigate to the OTLPE folder that you saved to your flash drive.

Open the OTLPE folder and double click Start.cmd.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTLPE should now start

    Change the following settings
    • Change Services, Drivers, Standard and Extra Registry to All
    • Uncheck LOP and Purity check

    Please note: Stay with your computer during the course of the scan. If "Entry Point Errors" are encountered simply press "ok" and allow the program to continue. <-- Important!!

  • Copy and Paste the following code from your flash drive into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT

  • Push
  • A report will open named "OTL.txt" and another will be minimized to the system tray named "Extra.txt". Save both log's to your flash drive. Copy and Paste them in your next reply.
=========

With your next post please provide:

* OTLPE.txt
* Extra.txt

Kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 swedishparker

swedishparker
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 28 July 2010 - 11:31 AM

Thanks a lot for the very comprehensive details t!

However I'm stuck on the PE Builder step. When I click "Plugins" I get the message that PEBuilder can't find the correct files in D:\i386\etc...

It's nothing to do with how/where PE Builder is installed or anything else in your steps - the problem is simply the XP CD (or rather DVD, as I'm using).

I downloaded an untouched, OEM copy of XP Home SP2 as an ISO, but can't for the life of me figure out how to burn it so that PE Builder can actually read the files. When I explore the disk it simply shows the ISO file - not the files/folders that are stored within it.

I've tried burning it with ImgBurn and Nero (both as regular DVD ISO image and as a DVD Boot disc). I've spent hours trying to figure out how to burn it properly, but all I can conclude is that either: I'm burning it wrong; an ISO version of an XP install disc can't be used for our puposes...

Which gives me two questions:

Am I doing something wrong when I burn the ISO? When I explore the disc after I've burnt the image, should I be able to see the files & folders (as I said, right now I can only see the iso file itself...).

OR; is there a way to go forward *without* having an XP Install disc?

Sorry for going completely sideways t, but I just can't seem to get past this issue ohmy.gif


#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 28 July 2010 - 01:17 PM

Your right. It's the disc! Download the free version of IsoBuster and install it on your clean computer. Use this to copy the Iso to a folder on your desktop then point the BartPE builder to that folder. Let me know if that works.

In order to have any real chance of restoring your computer to its original state we will need to take this route. If worse comes to worse I can easily instruct you how to create a Linux boot disc so as to recover all your valuable files and folders.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 swedishparker

swedishparker
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 28 July 2010 - 03:25 PM

Fantastic, thanks for that tip on IsoBuster!

It worked no problem, so I was able to go through the list in your previous post and generate the two txt files.
Pasted the contents of both below as per instructions.

Look forward to hearing your opinion :-D




***********
OTL.txt
***********

CODE
OTL logfile created on: 1/19/2011 10:03:27 PM - Run
OTLPE by OldTimer - Version 3.1.40.0     Folder = D:\OTLPE\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 89.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.74 Gb Total Space | 6.18 Gb Free Space | 5.63% Space Free | Partition Type: NTFS
Drive D: | 235.73 Mb Total Space | 235.19 Mb Free Space | 99.77% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 155.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

[color=#E56717]========== Win32 Services (All) ==========[/color]

SRV - File not found [Auto] -- C:\WINDOWS\System32\sshnas21.dll -- (SSHNAS)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/04/01 11:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 08:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/07/28 16:51:34 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/10 06:32:40 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/05/09 19:16:26 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/09 10:01:53 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 10:01:53 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 10:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 10:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2009/02/03 03:51:01 | 000,133,104 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c985b2a8640114) Google Update Service (gupdate1c985b2a8640114)
SRV - [2008/11/20 03:20:44 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/09/09 12:27:57 | 000,029,744 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/08/29 00:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 19:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 17:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 17:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 09:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 09:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/18 11:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 11:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/07/07 20:32:22 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 17:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/02/20 05:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2007/04/21 13:41:25 | 000,068,096 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2007/04/21 01:00:01 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/02/05 20:17:02 | 000,185,344 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2006/12/19 21:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2006/12/19 21:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2006/12/19 21:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2006/12/19 18:16:47 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2006/08/24 12:30:20 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/08/03 08:50:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/06/22 10:47:18 | 000,181,248 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2006/05/24 08:21:28 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/05/23 11:59:38 | 000,409,600 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/05/19 12:59:41 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2006/03/01 01:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2006/01/04 03:35:05 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2005/12/28 02:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2005/12/28 01:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2005/12/28 01:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2005/12/28 01:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/11/13 23:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/08/22 18:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2005/07/08 16:27:56 | 000,249,344 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2005/06/10 23:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2005/05/04 04:45:36 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2004/12/07 19:32:34 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2004/08/04 10:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2004/08/04 10:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2004/08/04 10:00:00 | 000,359,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2004/08/04 10:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2004/08/04 10:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2004/08/04 10:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2004/08/04 10:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2004/08/04 10:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2004/08/04 10:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2004/08/04 10:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2004/08/04 10:00:00 | 000,150,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2004/08/04 10:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2004/08/04 10:00:00 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2004/08/04 10:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2004/08/04 10:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2004/08/04 10:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2004/08/04 10:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004/08/04 10:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2004/08/04 10:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2004/08/04 10:00:00 | 000,090,624 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2004/08/04 10:00:00 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2004/08/04 10:00:00 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2004/08/04 10:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2004/08/04 10:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2004/08/04 10:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2004/08/04 10:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2004/08/04 10:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2004/08/04 10:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2004/08/04 10:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2004/08/04 10:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2004/08/04 10:00:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2004/08/04 10:00:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2004/08/04 10:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2004/08/04 10:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2004/08/04 10:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2004/08/04 10:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2004/08/04 10:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2004/08/04 10:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2004/08/04 10:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2004/08/04 10:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2004/08/04 10:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2004/08/04 10:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2004/08/04 10:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2004/08/04 10:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2004/08/04 10:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2004/08/04 10:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2004/08/04 10:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2004/08/04 10:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2004/08/04 10:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2004/08/04 10:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2004/08/04 10:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2004/08/04 10:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2004/08/03 14:56:44 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2003/07/28 02:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (All) ==========[/color]

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | Disabled] --  -- (ViaIde)
DRV - File not found [Kernel | Disabled] --  -- (ultra)
DRV - File not found [Kernel | Disabled] --  -- (TosIde)
DRV - File not found [Kernel | Disabled] --  -- (symc8xx)
DRV - File not found [Kernel | Disabled] --  -- (symc810)
DRV - File not found [Kernel | Disabled] --  -- (sym_u3)
DRV - File not found [Kernel | Disabled] --  -- (sym_hi)
DRV - File not found [Kernel | Disabled] --  -- (Sparrow)
DRV - File not found [Kernel | Disabled] --  -- (Simbad)
DRV - File not found [Kernel | Disabled] --  -- (ql1280)
DRV - File not found [Kernel | Disabled] --  -- (ql1240)
DRV - File not found [Kernel | Disabled] --  -- (ql12160)
DRV - File not found [Kernel | Disabled] --  -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] --  -- (ql1080)
DRV - File not found [Kernel | Disabled] --  -- (perc2hib)
DRV - File not found [Kernel | Disabled] --  -- (perc2)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | Disabled] --  -- (mraid35x)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\7A.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] --  -- (IntelIde)
DRV - File not found [Kernel | Disabled] --  -- (ini910u)
DRV - File not found [Kernel | Disabled] --  -- (i2omp)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | Disabled] --  -- (hpn)
DRV - File not found [Kernel | Disabled] --  -- (dpti2o)
DRV - File not found [Kernel | Disabled] --  -- (dac960nt)
DRV - File not found [Kernel | Disabled] --  -- (dac2w2k)
DRV - File not found [Kernel | Disabled] --  -- (Cpqarray)
DRV - File not found [Kernel | Disabled] --  -- (CmdIde)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | Disabled] --  -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - File not found [Kernel | On_Demand] -- C:\Program Files\Softwin\BitDefender10\bdfdll.sys -- (bdfdll)
DRV - File not found [Kernel | Disabled] --  -- (Atdisk)
DRV - File not found [Kernel | Disabled] --  -- (asc3550)
DRV - File not found [Kernel | Disabled] --  -- (asc3350p)
DRV - File not found [Kernel | Disabled] --  -- (asc)
DRV - File not found [Kernel | Disabled] --  -- (amsint)
DRV - File not found [Kernel | Disabled] --  -- (AliIde)
DRV - File not found [Kernel | Disabled] --  -- (aic78xx)
DRV - File not found [Kernel | Disabled] --  -- (aic78u2)
DRV - File not found [Kernel | Disabled] --  -- (Aha154x)
DRV - File not found [Kernel | Disabled] --  -- (adpu160m)
DRV - File not found [Kernel | Disabled] --  -- (abp480n5)
DRV - File not found [Kernel | Disabled] --  -- (Abiosdsk)
DRV - [2011/01/10 19:09:13 | 000,768,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\eumwh.sys -- (eumwh)
DRV - [2010/05/28 15:19:33 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2010/05/15 10:11:25 | 000,005,248 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 08:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/24 12:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 12:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/31 16:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 14:58:48 | 000,263,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/07/16 09:20:26 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/06/22 11:35:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/06/10 14:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/11 10:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/08/14 09:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/08/04 06:22:18 | 001,964,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/20 10:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/17 03:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/19 08:45:28 | 000,503,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2007/12/18 09:51:35 | 000,179,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2007/11/13 10:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/04/23 10:32:54 | 000,364,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2007/04/20 06:25:40 | 000,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/03/07 23:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2007/02/09 11:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2006/08/24 10:26:02 | 000,038,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/08/21 09:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2006/08/16 22:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/14 09:00:45 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2006/06/14 08:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2006/06/14 08:47:45 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2006/05/24 08:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 08:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 08:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 08:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 08:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 08:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 07:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 07:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/05/23 12:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/05 09:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2006/03/24 07:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/21 03:39:38 | 000,058,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2006/02/15 00:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2006/01/10 02:47:27 | 000,031,846 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2005/12/28 03:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/04 14:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/12/01 07:40:56 | 000,936,960 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 07:40:12 | 000,192,512 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 07:40:08 | 000,669,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/25 15:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/10/25 23:39:41 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2005/10/05 04:57:08 | 000,012,544 | R--- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/08/12 07:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 08:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 07:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 09:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/06/10 04:09:46 | 000,139,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/12/13 21:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/09/29 22:28:37 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/12 07:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 10:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 10:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/04 10:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 10:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 10:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 10:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 10:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 10:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 10:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 10:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 10:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 10:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 10:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2004/08/04 10:00:00 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bridge.sys -- (BridgeMP)
DRV - [2004/08/04 10:00:00 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bridge.sys -- (Bridge)
DRV - [2004/08/04 10:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 10:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus)
DRV - [2004/08/04 10:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 10:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 10:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 10:00:00 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2004/08/04 10:00:00 | 000,061,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2004/08/04 10:00:00 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2004/08/04 10:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 10:00:00 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/04 10:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 10:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 10:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 10:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 10:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 10:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 10:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 10:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/04 10:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/04 10:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2004/08/04 10:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 10:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2004/08/04 10:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 10:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 10:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 10:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 10:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 10:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 10:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/04 10:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 10:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 10:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/04 10:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 10:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 10:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 10:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 10:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 10:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/04 10:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 10:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 10:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 10:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 10:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 10:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 10:00:00 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 10:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 10:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 10:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2004/08/04 10:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 10:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 10:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 10:00:00 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2004/08/04 10:00:00 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2004/08/04 10:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/04 10:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 10:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 10:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 10:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 10:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 10:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 10:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 10:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 10:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/04 10:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2004/08/03 23:07:42 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2004/08/03 23:07:40 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2004/08/03 22:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/08/03 21:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2004/08/03 21:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2004/08/03 15:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/03 13:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/03 13:10:30 | 000,085,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2004/08/03 13:10:22 | 000,019,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2004/08/03 13:10:18 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2004/08/03 13:10:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SLIP.sys -- (SLIP)
DRV - [2004/08/03 13:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\StreamIP.sys -- (streamip)
DRV - [2004/08/03 13:10:14 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NdisIP.sys -- (NdisIP)
DRV - [2004/08/03 13:08:48 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/03 13:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2004/08/03 13:08:38 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/03 13:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/03 13:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 13:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/03 13:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/03 12:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/03 12:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2004/08/03 12:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/03 12:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/03 12:58:40 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2004/08/03 12:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 12:58:36 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2004/04/22 06:18:48 | 000,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2001/08/17 13:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 13:58:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2001/08/17 12:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)
DRV - [2001/08/17 04:02:20 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2001/08/17 04:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 03:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2001/08/17 03:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 03:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Christopher_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Christopher_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\Christopher_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Christopher_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Christopher_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\Christopher_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Christopher_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643



[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.16.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {d176c86a-1eac-2cce-1757-bc0dbc6c526c}:0.993
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.http: "174.142.24.201"
FF - prefs.js..network.proxy.http_port: 3128


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/28 16:51:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/06 22:50:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 10:27:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/23 20:41:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/23 20:41:45 | 000,000,000 | ---D | M]

[2008/12/12 11:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Extensions
[2008/11/03 05:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2008/12/12 11:52:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/07/06 11:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions
[2010/01/21 12:18:50 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2007/10/20 19:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{1b3819c0-148c-11db-ac5d-0800200c9a66}
[2009/08/07 10:21:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/15 07:58:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/21 12:19:06 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2007/07/03 12:08:02 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2010/01/21 12:18:53 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/07 13:54:50 | 000,000,000 | ---D | M] (XE.com Universal Currency Converter ®) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{d176c86a-1eac-2cce-1757-bc0dbc6c526c}
[2009/12/02 19:59:15 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2008/09/14 23:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\admin@tyda.se
[2010/04/23 09:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\firefox@tvunetworks.com
[2009/12/02 20:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\foxyproxy@eric.h.jung
[2009/12/10 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\moveplayer@movenetworks.com
[2010/07/06 11:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\staged-xpis
[2009/12/08 14:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\whatsmyip@adrian
[2009/07/14 00:23:42 | 000,003,947 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\amazoncom.xml
[2009/07/14 00:23:42 | 000,003,813 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\cddb-any-field.xml
[2010/06/30 11:31:26 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\dictionarycom.xml
[2009/07/14 00:23:40 | 000,004,041 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\ebay-australia.xml
[2008/05/28 12:26:18 | 000,005,770 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\favlog.xml
[2008/05/27 10:47:30 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\google-australia.xml
[2010/06/30 11:31:26 | 000,002,627 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\google-maps-au.xml
[2008/06/25 00:08:39 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\imdb.xml
[2010/06/30 11:31:25 | 000,001,803 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\interglot-en-sv.xml
[2010/06/30 11:31:24 | 000,001,803 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\interglot-sv-en.xml
[2009/07/14 00:23:40 | 000,003,835 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\isohunt-bit-torrent.xml
[2010/07/05 10:24:07 | 000,005,216 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\linkedin.xml
[2010/06/30 11:31:26 | 000,001,134 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\mininova.xml
[2010/06/30 11:31:26 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\packetnews.xml
[2010/06/30 11:31:24 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\svensk-engelsk-lexin.xml
[2008/06/03 14:43:23 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\the-pirate-bay.xml
[2009/07/14 00:23:42 | 000,003,847 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\thesauruscom.xml
[2008/06/25 00:08:37 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\wikipedia-en.xml
[2009/07/14 00:23:42 | 000,003,836 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\youtube.xml
[2010/07/06 11:10:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/03 09:00:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/28 16:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010/04/03 09:00:20 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/03 09:00:20 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/09/09 12:27:57 | 000,122,880 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 15:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/01/04 08:38:50 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/07/28 16:51:36 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/06/27 06:03:12 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/04/03 09:00:29 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 17:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2010/02/15 18:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/12/03 23:46:53 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/12/03 23:46:53 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/12/03 23:46:53 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/12/03 23:46:53 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/12/03 23:46:53 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/12/03 23:46:53 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/12/03 23:46:53 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/02/15 18:00:00 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/03/15 11:18:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/15 11:18:48 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/03/15 11:18:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/15 11:18:48 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/15 11:18:48 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/15 11:18:48 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008/09/09 12:27:57 | 000,000,686 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.png
[2008/09/09 12:27:57 | 000,000,531 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.src
[2010/03/15 11:18:48 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/15 11:18:48 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/01/10 18:52:11 | 000,000,029 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (moigh Object) - {C70BF773-408B-4FA1-881B-0AE79DB4411E} - C:\WINDOWS\system32\gxtap.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\Christopher_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Christopher_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Christopher_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Christopher_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\Christopher_ON_C\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [malhfgoy] C:\Documents and Settings\Christopher\Local Settings\Application Data\bbvqfsnbu\ftfumyytssd.exe ()
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Christopher_ON_C..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\Christopher_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Christopher_ON_C..\Run: [Google Update] C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\Christopher_ON_C..\Run: [M5T8QL3YW3] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Czl.exe File not found
O4 - HKU\Christopher_ON_C..\Run: [malhfgoy] C:\Documents and Settings\Christopher\Local Settings\Application Data\bbvqfsnbu\ftfumyytssd.exe ()
O4 - HKU\Christopher_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\Christopher_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BitTorrent (2).lnk = C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Christopher\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Christopher\Start Menu\Programs\Startup\AutoHotkey2.ahk ()
O4 - Startup: C:\Documents and Settings\Christopher\Start Menu\Programs\Startup\spotify global hotkeys.ahk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: tcyz46 = C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\l84alx.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Christopher_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/20 06:14:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/11/02 14:04:58 | 000,000,046 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: SSHNAS - C:\WINDOWS\System32\sshnas21.dll File not found


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2E5ECEE6-B427-93E9-37C4-B1E34FA77A1B} - Adobe Shockwave Director 10.1.4
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {670999FE-4982-62B2-F287-C2477378CA08} - Internet Explorer Version Update
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C0EFB3D2-475B-3B8C-1814-49C42FE9F089} - Microsoft Windows Media Player
ActiveX: {C275E97D-BB18-6649-2262-64913A28656E} - Microsoft Windows Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/01/10 18:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher\Application Data\Street-Ads
[2011/01/10 18:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher\Local Settings\Application Data\bbvqfsnbu
[2011/01/10 18:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher\Application Data\E8B37CBBA02A724A69772748E96FDF5B
[2011/01/10 18:33:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Christopher\*.tmp files -> C:\Documents and Settings\Christopher\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/01/19 21:54:56 | 015,204,352 | -H-- | M] () -- C:\Documents and Settings\Christopher\NTUSER.DAT
[2011/01/10 19:09:13 | 000,768,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\eumwh.sys
[2011/01/10 18:59:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-2000478354-682003330-1004UA.job
[2011/01/10 18:53:00 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2011/01/10 18:52:13 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2011/01/10 18:38:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Christopher\*.tmp files -> C:\Documents and Settings\Christopher\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/01/10 18:52:31 | 000,768,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\eumwh.sys
[2011/01/10 18:52:11 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/14 01:37:06 | 000,246,272 | ---- | C] () -- C:\WINDOWS\System32\gxtap.dll
[2010/06/03 09:17:53 | 000,048,639 | ---- | C] () -- C:\Documents and Settings\Christopher\ifarmed.html
[2010/06/03 09:13:19 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Christopher\online_{d292447a-9715-49bd-9a65-3521bbd7ca9d}
[2010/06/03 09:13:18 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Christopher\{d292447a-9715-49bd-9a65-3521bbd7ca9d}
[2010/05/15 10:11:25 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2010/02/16 11:49:44 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Christopher\.javafx_ping_sent
[2010/02/16 11:49:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher\.javafx_eula_accepted
[2009/11/25 12:54:47 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Christopher\.java.policy
[2009/06/12 13:02:03 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\Christopher\BykiDownloader.log
[2009/06/08 14:51:57 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/06/08 14:51:53 | 000,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/06/08 14:51:53 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/03/11 08:11:13 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/12/29 00:03:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/29 00:03:11 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/08 14:05:20 | 000,010,785 | ---- | C] () -- C:\Documents and Settings\Christopher\Application Data\mdb.bin
[2008/12/05 02:45:24 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2007/12/12 00:03:08 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/10/04 02:25:42 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/10/04 02:25:41 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/10/04 02:25:41 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/10/04 02:25:41 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/10/04 02:08:13 | 000,001,060 | ---- | C] () -- C:\WINDOWS\pae.ini
[2007/10/04 01:28:29 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2007/10/04 01:28:29 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/07/12 23:23:26 | 000,017,997 | ---- | C] () -- C:\Documents and Settings\Christopher\Application Data\Pamela_Crash_4696B7E1.zip
[2007/06/03 13:49:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/05/16 03:41:30 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/05/07 22:35:20 | 000,041,246 | ---- | C] () -- C:\Documents and Settings\Christopher\Local Settings\Application Data\temp_text.bmp
[2007/05/07 00:54:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/24 12:34:50 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Christopher\Local Settings\Application Data\fusioncache.dat
[2007/04/21 12:49:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/21 05:19:00 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2007/04/21 02:16:01 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Christopher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/20 06:37:49 | 000,000,187 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/20 06:22:37 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/04/20 06:19:23 | 011,968,512 | -H-- | C] () -- C:\Documents and Settings\Christopher\ntuser.dat.LOG
[2007/04/20 06:19:23 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Christopher\ntuser.ini
[2007/04/20 06:19:22 | 015,204,352 | -H-- | C] () -- C:\Documents and Settings\Christopher\NTUSER.DAT
[2007/04/20 06:18:42 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2007/04/20 06:18:42 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/04/20 06:18:42 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2007/04/20 06:18:30 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2007/04/20 06:18:29 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2007/04/20 06:18:29 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/05/24 08:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 02:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 02:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 05:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 03:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[color=#E56717]========== Custom Scans ==========[/color]


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/04 10:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/04 10:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 12:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 12:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 12:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 10:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 10:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 10:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 10:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2006/05/11 16:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 10:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

[color=#A23BEC]< MD5 for: NVATABUS.SYS  >[/color]
[2006/03/17 00:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2004/08/04 10:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 10:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 10:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2004/08/04 10:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/04 10:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 10:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2007/04/20 16:03:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/04/20 16:03:23 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/04/20 16:03:22 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color]
[2011/01/10 19:09:13 | 000,768,000 | ---- | M] () -- C:\WINDOWS\system32\drivers\eumwh.sys

[color=#A23BEC]< CREATERESTOREPOINT >[/color]
< End of report >











***********
Extras.txt
***********

CODE
OTL Extras logfile created on: 1/19/2011 10:03:29 PM - Run
OTLPE by OldTimer - Version 3.1.40.0     Folder = D:\OTLPE\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 89.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.74 Gb Total Space | 6.18 Gb Free Space | 5.63% Space Free | Partition Type: NTFS
Drive D: | 235.73 Mb Total Space | 235.19 Mb Free Space | 99.77% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 155.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

[color=#E56717]========== Extra Registry (All) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe" = C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe:*:Enabled:FTP Transfer Engine -- (GlobalSCAPE Texas, LP.)
"C:\Program Files\iTunes\iTunesHelper.exe" = C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:iTunesHelper Module -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe:*:Enabled:CLI Application (Command Line Interface) -- (ATI Technologies Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Christopher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Voddler\service\VNetManager.exe" = C:\Program Files\Voddler\service\VNetManager.exe:*:Enabled:VNetManager.exe -- File not found
"C:\Program Files\Xilisoft\3GP Video Converter\vcloader.exe" = C:\Program Files\Xilisoft\3GP Video Converter\vcloader.exe:*:Disabled:Xilisoft 3GP Video Converter -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05ACE89B-B7D7-43DC-A3EF-E82F0E92BD9D}" = Google Desktop Plugins - Workspaces
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{937C6F96-CEA5-4B97-848D-1328BD8D59D4}" = ECI Client v5.0.5
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B21F8E8C-3C67-4BB7-94D4-48542C85D60A}" = Google Desktop Plugin - gdSkype
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{BFB7485D-A200-33CA-A2E1-E1600CA76484}" = Google Talk Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE93C501-8C33-4F0F-9590-0C006F03C823}" = Screencast.com Desktop Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FEA22ADC-105C-4F90-AF60-BBBBD48FEA5A}" = MUkoTE
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BookSmart® 2.6.1 2.6.1" = BookSmart® 2.6.1 2.6.1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CSI" = CSI Management Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"ffdshow_is1" = ffdshow [rev 2280] [2008-11-02]
"Flash Movie Player" = Flash Movie Player 1.5
"Flickr Uploadr" = Flickr Uploadr 2.5.0.14
"FLV Player" = FLV Player 2.0 (build 25)
"Google Desktop" = Google Desktop
"Handbrake" = Handbrake 0.9.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"iTunesKeys_is1" = iTunesKeys v1.57
"Jubler" = Jubler subtitle editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mirage Driver_is1" = Mirage Driver 1.1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MPE" = MyPhoneExplorer
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"RealAlt_is1" = Real Alternative 2.0.2
"Security Task Manager" = Security Task Manager 1.7h
"SopCast" = SopCast 3.2.9
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Spotify" = Spotify
"SSC Service Utility_is1" = SSC Service Utility v4.30
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.2.2
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Xenu's Link Sleuth" = Xenu's Link Sleuth
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"FFGenie" = FFGenie
"Google Chrome" = Google Chrome

< End of report >












#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 28 July 2010 - 05:30 PM

Well done. thumbup2.gif

We need to run an OTL Fix
  1. Please reopen on your BartPE.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    SRV - File not found [Auto] -- C:\WINDOWS\System32\sshnas21.dll -- (SSHNAS)
    SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    DRV - [2011/01/10 19:09:13 | 000,768,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\eumwh.sys -- (eumwh)
    IE - HKU\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O4 - HKLM..\Run: [malhfgoy] C:\Documents and Settings\Christopher\Local Settings\Application Data\bbvqfsnbu\ftfumyytssd.exe ()
    O4 - HKU\Christopher_ON_C..\Run: [M5T8QL3YW3] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Czl.exe File not found
    O4 - HKU\Christopher_ON_C..\Run: [malhfgoy] C:\Documents and Settings\Christopher\Local Settings\Application Data\bbvqfsnbu\ftfumyytssd.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: tcyz46 = C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\l84alx.exe ()
    [2011/01/10 18:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher\Local Settings\Application Data\bbvqfsnbu
    [2011/01/10 18:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher\Application Data\E8B37CBBA02A724A69772748E96FDF5B
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Christopher\*.tmp files -> C:\Documents and Settings\Christopher\*.tmp -> ]
    [2011/01/10 19:09:13 | 000,768,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\eumwh.sys

    :Commands
    [CREATERESTOREPOINT]
    [resethosts]
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

We need to run an OTL Custom Scan
  1. Please reopen on your BartPE.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    /md5start
    giveio.sys
    ckldrv.sys
    /md5stop
    Restorepoints

  3. Push
  4. A report will open. Copy and Paste that report in your next reply.

Please try to reboot normally.

Success?

==========

With your next post please provide:

* OTL fix log
* OTL.txt
* Able to boot?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 swedishparker

swedishparker
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 28 July 2010 - 06:18 PM

Thanks t, I've pasted OTL fix log and OTL.txt below.

Unfortunately still not able to boot.

I rebooted and changed boot device order to default, but still having the exact same problem.

Hopefully you can see something in the maze of logs below though <img src="http://www.bleepingcomputer.com/forums/public/style_emoticons/<#EMO_DIR#>/smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />




<b>*******
OTL fix log
*******</b>

<!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSHNAS deleted successfully.
File C:\WINDOWS\System32\sshnas21.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt deleted successfully.
File C:\WINDOWS\System32\appmgmts.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eumwh deleted successfully.
C:\WINDOWS\system32\drivers\eumwh.sys moved successfully.
HKU\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\malhfgoy deleted successfully.
C:\Documents and Settings\Christopher\Local Settings\Application Data\bbvqfsnbu\ftfumyytssd.exe moved successfully.
Registry value HKEY_USERS\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 deleted successfully.
Registry value HKEY_USERS\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\malhfgoy deleted successfully.
File C:\Documents and Settings\Christopher\Local Settings\Application Data\bbvqfsnbu\ftfumyytssd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\tcyz46 deleted successfully.
C:\Documents and Settings\Christopher\Local Settings\temp\l84alx.exe moved successfully.
C:\Documents and Settings\Christopher\Local Settings\Application Data\bbvqfsnbu folder moved successfully.
C:\Documents and Settings\Christopher\Application Data\E8B37CBBA02A724A69772748E96FDF5B folder moved successfully.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\Documents and Settings\Christopher\*.tmp not found.
File C:\WINDOWS\System32\drivers\eumwh.sys not found.
========== COMMANDS ==========
Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Christopher
->Temp folder emptied: 54605124 bytes
->Temporary Internet Files folder emptied: 81628007 bytes
->Java cache emptied: 135383605 bytes
->FireFox cache emptied: 747984686 bytes
->Google Chrome cache emptied: 249316679 bytes
->Flash cache emptied: 3800216 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2883718 bytes
->FireFox cache emptied: 1973857 bytes
->Flash cache emptied: 580 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 24392161 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26806982 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 40771046 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 1,306.00 mb


OTLPE by OldTimer - Version 3.1.40.0 log created on 01202011_004115

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\aim_bubble_close[8908].jpg not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\aim_bubble_left[8909].gif not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\aim_bubble_right[8910].gif not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\aim_left_anchor_bubble_bot[8911].gif not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\aim_left_anchor_bubble_top[8912].gif not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\aim_no_anchor_bubble_bot[8913].gif not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\aim_no_anchor_bubble_top[8914].gif not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\aim_right_anchor_bubble_bot[8915].gif not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\aim_right_anchor_bubble_top[8916].gif not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\bidi_controls[8917].gif not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\bubble_closebox[8920].gif not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\eventheader_border[8924].gif not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\horizontalimages2[8903].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\labs_bar_icon[8955].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\muc_bubble_left[8928].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\muc_bubble_right[8929].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\muc_left_anchor_bubble_bot[8930].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\muc_left_anchor_bubble_top[8931].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\muc_no_anchor_bubble_bot[8932].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\muc_no_anchor_bubble_top[8933].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\muc_right_anchor_bubble_bot[8934].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\muc_right_anchor_bubble_top[8935].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\shadow-bottom-border[8940].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\shadow-bottom-left[8941].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\shadow-bottom-right[8942].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\shadow-left-side[8943].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\shadow-right-side[8944].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\shadow-top-left[8945].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\shadow-top-right[8946].png not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\tb_group_chat[13244].gif not found!
File\Folder C:\Documents and Settings\Christopher\Local Settings\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-xxxxxxxxxx.xxxxxx@xyz45.com-GoogleMail[9]#localserver\toolbar3_bidi3[8948].gif not found!

Registry entries deleted on Reboot...<!--c2--></div><!--ec2-->







<b>*******
OTL fix log
*******</b>

<!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->OTL logfile created on: 1/20/2011 12:54:30 AM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = D:\OTLPE\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.74 Gb Total Space | 7.47 Gb Free Space | 6.80% Space Free | Partition Type: NTFS
Drive D: | 235.73 Mb Total Space | 234.89 Mb Free Space | 99.64% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 155.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/04/01 11:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 08:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/09/09 12:27:57 | 000,029,744 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2007/04/21 13:41:25 | 000,068,096 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/08/03 08:50:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/03/01 01:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2005/12/28 02:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2005/12/28 01:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/12/28 01:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/12/28 01:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/11/13 23:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\7A.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - File not found [Kernel | On_Demand] -- C:\Program Files\Softwin\BitDefender10\bdfdll.sys -- (bdfdll)
DRV - [2010/05/15 10:11:25 | 000,005,248 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 08:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 12:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/16 09:20:26 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/06/10 14:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/11 10:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/08/04 06:22:18 | 001,964,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/08/16 22:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/05/24 08:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 08:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 08:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 08:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 08:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 08:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 07:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 07:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/05/23 12:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/24 07:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 02:47:27 | 000,031,846 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2005/12/28 03:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/04 14:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 07:40:56 | 000,936,960 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 07:40:12 | 000,192,512 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 07:40:08 | 000,669,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/25 15:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/08/12 07:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 08:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 07:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 09:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/08/12 07:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 10:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 13:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/04/22 06:18:48 | 000,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2001/08/17 12:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Christopher_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Christopher_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Christopher_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\Christopher_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Christopher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =



========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.16.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {d176c86a-1eac-2cce-1757-bc0dbc6c526c}:0.993
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.http: "174.142.24.201"
FF - prefs.js..network.proxy.http_port: 3128


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 10:27:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/23 20:41:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/23 20:41:45 | 000,000,000 | ---D | M]

[2008/12/12 11:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Extensions
[2008/11/03 05:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/07/06 11:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions
[2010/01/21 12:18:50 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2007/10/20 19:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{1b3819c0-148c-11db-ac5d-0800200c9a66}
[2009/08/07 10:21:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/15 07:58:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/21 12:19:06 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2007/07/03 12:08:02 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2010/01/21 12:18:53 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/07 13:54:50 | 000,000,000 | ---D | M] (XE.com Universal Currency Converter ®) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{d176c86a-1eac-2cce-1757-bc0dbc6c526c}
[2009/12/02 19:59:15 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2008/09/14 23:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\admin@tyda.se
[2010/04/23 09:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\firefox@tvunetworks.com
[2009/12/02 20:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\foxyproxy@eric.h.jung
[2009/12/10 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\moveplayer@movenetworks.com
[2010/07/06 11:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\staged-xpis
[2009/12/08 14:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\extensions\whatsmyip@adrian
[2009/07/14 00:23:42 | 000,003,947 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\amazoncom.xml
[2009/07/14 00:23:42 | 000,003,813 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\cddb-any-field.xml
[2010/06/30 11:31:26 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\dictionarycom.xml
[2009/07/14 00:23:40 | 000,004,041 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\ebay-australia.xml
[2008/05/28 12:26:18 | 000,005,770 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\favlog.xml
[2008/05/27 10:47:30 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\google-australia.xml
[2010/06/30 11:31:26 | 000,002,627 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\google-maps-au.xml
[2008/06/25 00:08:39 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\imdb.xml
[2010/06/30 11:31:25 | 000,001,803 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\interglot-en-sv.xml
[2010/06/30 11:31:24 | 000,001,803 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\interglot-sv-en.xml
[2009/07/14 00:23:40 | 000,003,835 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\isohunt-bit-torrent.xml
[2010/07/05 10:24:07 | 000,005,216 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\linkedin.xml
[2010/06/30 11:31:26 | 000,001,134 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\mininova.xml
[2010/06/30 11:31:26 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\packetnews.xml
[2010/06/30 11:31:24 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\svensk-engelsk-lexin.xml
[2008/06/03 14:43:23 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\the-pirate-bay.xml
[2009/07/14 00:23:42 | 000,003,847 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\thesauruscom.xml
[2008/06/25 00:08:37 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\wikipedia-en.xml
[2009/07/14 00:23:42 | 000,003,836 | ---- | M] () -- C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tdel091n.default\searchplugins\youtube.xml
[2010/07/06 11:10:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/04 08:38:50 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/03/15 11:18:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/15 11:18:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/15 11:18:48 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/09/09 12:27:57 | 000,000,686 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.png
[2008/09/09 12:27:57 | 000,000,531 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.src
[2010/03/15 11:18:48 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/01/20 00:41:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (moigh Object) - {C70BF773-408B-4FA1-881B-0AE79DB4411E} - C:\WINDOWS\system32\gxtap.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\Christopher_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\Christopher_ON_C..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\Christopher_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\Christopher_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BitTorrent (2).lnk = C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Christopher\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Christopher\Start Menu\Programs\Startup\AutoHotkey2.ahk ()
O4 - Startup: C:\Documents and Settings\Christopher\Start Menu\Programs\Startup\spotify global hotkeys.ahk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Christopher_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Christopher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/20 06:14:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/11/02 14:04:58 | 000,000,046 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/20 00:43:31 | 000,552,960 | ---- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/01/20 00:41:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/10 18:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher\Application Data\Street-Ads
[2011/01/10 18:33:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

========== Files - Modified Within 30 Days ==========

[2011/01/20 00:53:52 | 015,204,352 | -H-- | M] () -- C:\Documents and Settings\Christopher\NTUSER.DAT
[2011/01/10 18:59:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-2000478354-682003330-1004UA.job
[2011/01/10 18:53:00 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2011/01/10 18:52:13 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2011/01/10 18:38:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

========== Files Created - No Company Name ==========

[2011/01/10 18:52:11 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/14 01:37:06 | 000,246,272 | ---- | C] () -- C:\WINDOWS\System32\gxtap.dll
[2010/06/03 09:17:53 | 000,048,639 | ---- | C] () -- C:\Documents and Settings\Christopher\ifarmed.html
[2010/06/03 09:13:19 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Christopher\online_{d292447a-9715-49bd-9a65-3521bbd7ca9d}
[2010/06/03 09:13:18 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Christopher\{d292447a-9715-49bd-9a65-3521bbd7ca9d}
[2010/05/15 10:11:25 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2010/02/16 11:49:44 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Christopher\.javafx_ping_sent
[2010/02/16 11:49:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher\.javafx_eula_accepted
[2009/11/25 12:54:47 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Christopher\.java.policy
[2009/06/12 13:02:03 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\Christopher\BykiDownloader.log
[2009/06/08 14:51:57 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/06/08 14:51:53 | 000,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/06/08 14:51:53 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/03/11 08:11:13 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/12/29 00:03:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/29 00:03:11 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/08 14:05:20 | 000,010,785 | ---- | C] () -- C:\Documents and Settings\Christopher\Application Data\mdb.bin
[2008/12/05 02:45:24 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2007/12/12 00:03:08 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/10/04 02:25:42 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/10/04 02:25:41 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/10/04 02:25:41 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/10/04 02:25:41 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/10/04 02:08:13 | 000,001,060 | ---- | C] () -- C:\WINDOWS\pae.ini
[2007/10/04 01:28:29 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2007/10/04 01:28:29 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/07/12 23:23:26 | 000,017,997 | ---- | C] () -- C:\Documents and Settings\Christopher\Application Data\Pamela_Crash_4696B7E1.zip
[2007/06/03 13:49:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/05/16 03:41:30 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/05/07 22:35:20 | 000,041,246 | ---- | C] () -- C:\Documents and Settings\Christopher\Local Settings\Application Data\temp_text.bmp
[2007/05/07 00:54:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/24 12:34:50 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Christopher\Local Settings\Application Data\fusioncache.dat
[2007/04/21 12:49:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/21 05:19:00 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2007/04/21 02:16:01 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Christopher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/20 06:37:49 | 000,000,187 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/20 06:22:37 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/04/20 06:19:23 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Christopher\ntuser.dat.LOG
[2007/04/20 06:19:23 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Christopher\ntuser.ini
[2007/04/20 06:19:22 | 015,204,352 | -H-- | C] () -- C:\Documents and Settings\Christopher\NTUSER.DAT
[2007/04/20 06:18:42 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2007/04/20 06:18:42 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/04/20 06:18:42 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2007/04/20 06:18:30 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2007/04/20 06:18:29 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2007/04/20 06:18:29 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/05/24 08:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 02:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 02:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 05:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 03:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/08/15 14:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\ABCMedia
[2009/11/25 12:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Agency9
[2009/12/08 14:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/01/10 19:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\BitTorrent
[2009/09/04 16:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\BSplayer Pro
[2011/01/10 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\DNA
[2007/10/16 18:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Ectaco
[2009/01/09 13:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\ESET
[2009/10/02 12:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\FireShot
[2007/05/04 17:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Flickr
[2007/05/07 22:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\GeoVid
[2007/06/24 21:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\GlobalSCAPE
[2007/12/19 00:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Good Keywords v2
[2010/06/11 16:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\HandBrake
[2008/12/20 12:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Hasbro
[2010/03/18 15:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\ImgBurn
[2009/01/03 07:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\ImTOO Software Studio
[2008/10/13 19:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Jubler
[2007/07/19 16:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\MP3toiPodAudioBookConverter
[2010/03/30 18:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Music Recognition
[2010/01/10 12:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\MyPhoneExplorer
[2007/10/16 02:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Netscape
[2007/07/11 22:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\onOne Software
[2007/04/25 10:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Opera
[2008/05/02 12:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Orbit
[2009/07/20 11:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\PPLiveVA
[2010/02/08 17:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\RayV
[2011/01/10 18:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Spotify
[2011/01/10 18:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Street-Ads
[2010/06/18 13:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Teleca
[2007/06/25 12:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Thunderbird
[2009/08/14 13:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\Xilisoft Corporation
[2010/01/10 00:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher\Application Data\YouSendIt
[2010/07/06 07:50:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/07/19 17:09:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/01/10 18:53:00 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: CKLDRV.SYS >
[2006/01/10 02:47:27 | 000,031,846 | ---- | M] () MD5=0F24BD3111DEF63B4BC10D93B5E3FAFF -- C:\WINDOWS\system32\Ckldrv.sys

< MD5 for: GIVEIO.SYS >
[2010/05/15 10:11:25 | 000,005,248 | ---- | M] () MD5=77EBF3E9386DAA51551AF429052D88D0 -- C:\WINDOWS\system32\giveio.sys


========== Restore Points Found ==========
[2011/01/10 18:23:23 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP79\snapshot
[2010/07/06 07:12:17 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP78\snapshot
[2010/07/04 22:36:48 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP77\snapshot
[2010/07/03 15:42:54 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP76\snapshot
[2010/07/01 17:36:44 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP75\snapshot
[2010/06/30 16:53:42 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP74\snapshot
[2010/06/29 16:15:10 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP73\snapshot
[2010/06/28 14:13:48 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP72\snapshot
[2010/06/24 01:00:33 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP71\snapshot
[2010/06/23 06:14:51 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP70\snapshot
[2010/06/21 19:05:38 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP69\snapshot
[2010/06/20 18:40:14 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP68\snapshot
[2010/06/19 14:16:10 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP67\snapshot
[2010/06/18 13:19:01 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP66\snapshot
[2010/06/18 13:15:50 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP65\snapshot
[2010/06/18 13:14:59 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP64\snapshot
[2010/06/17 19:29:06 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP63\snapshot
[2010/06/16 18:46:06 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP62\snapshot
[2010/06/15 17:09:34 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP61\snapshot
[2010/06/14 11:59:24 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP60\snapshot
[2010/06/13 11:58:47 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP59\snapshot
[2010/06/11 21:13:38 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP58\snapshot
[2010/06/10 20:39:45 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP57\snapshot
[2010/06/10 19:02:45 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP56\snapshot
[2010/06/09 16:34:41 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP55\snapshot
[2010/06/08 14:57:33 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP54\snapshot
[2010/06/07 08:55:39 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP52\snapshot
[2010/06/07 08:45:40 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP51\snapshot
[2010/06/07 08:43:55 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP50\snapshot
[2010/06/07 08:30:28 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP49\snapshot
< End of report ><!--c2--></div><!--ec2-->

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 28 July 2010 - 08:33 PM

How do you feel about attempting to restore your computer to an earlier date? How does 6/30/10 sound? No promises.....
  1. Please reopen on your BartPE.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :restorepoint
    [2010/06/30 16:53:42 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{5AD16D98-4CE6-41FB-BDA9-F0C7AEE35ED0}\RP74\snapshot
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

On your clean computer....

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:

CODE
copy C:\_REGISTRY_MACHINE_SOFTWARE c:\windows\system32\config\SOFTWARE
copy C:\_REGISTRY_MACHINE_SYSTEM c:\windows\system32\config\SYSTEM
copy C:\_REGISTRY_MACHINE_SECURITY c:\windows\system32\config\SECURITY
copy C:\_REGISTRY_MACHINE_SAM c:\windows\system32\config\SAM


Name the file as restore.bat, making sure save as type is set to " All Files ".
Save this to your flash drive

==========

Plug your flash drive into your sick computer now

==========

Reboot BartPE....

Navigate to the restore.bat on your flash drive

Double click on restore.bat & allow it to run.

Boot into normal Windows now.

Success?



Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 swedishparker

swedishparker
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 29 July 2010 - 11:22 AM

Still no joy :/

However I was able to get in and backup all my important data thanks to having BartPE - so if you think formatting and reinstalling windows is easier, it wouldn't be such a loss.

Though if you've got any other ideas I'd still love to hear them :-D


Most recent scan log:

CODE
========== RESTORE POINT ==========
Unable to replace file: C:\WINDOWS\System32\config\SAM with C:\_REGISTRY_MACHINE_SAM without a reboot.
Unable to replace file: C:\WINDOWS\System32\config\SECURITY with C:\_REGISTRY_MACHINE_SECURITY without a reboot.
Unable to replace file: C:\WINDOWS\System32\config\SOFTWARE with C:\_REGISTRY_MACHINE_SOFTWARE without a reboot.
Unable to replace file: C:\WINDOWS\System32\config\SYSTEM with C:\_REGISTRY_MACHINE_SYSTEM without a reboot.

OTLPE by OldTimer - Version 3.1.40.0 log created on 01202011_180156

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Thanks!




#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 29 July 2010 - 12:36 PM

Almost there...

Do this again...'

Reboot BartPE....

Navigate to the restore.bat on your flash drive

Double click on restore.bat & allow it to run.

Boot into normal Windows now.

Success?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 swedishparker

swedishparker
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 29 July 2010 - 12:52 PM

No love... still the same problem.

If it's worth anything.. the first screen (with the Dell logo and the bios loading bar) takes a long time to load, 30 secs-1 minute, as opposed to almost instantly when the computer is healthy.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users