[razer4040]

i did update acrobat and flash player last week after having my game account for wow stolen, i've tried to follow all guides on geeks2go and am at a loss as to how they managed to capture my password. currenlty i'm running spybot, teatimer, avast!, along with windows defender. i even ran the mrt tool from microsoft, which found nothing and i've done all this several times in both normal mode and safe mode. could i get a sanity check on my hijack this log? can you spot anything that might be abnormal?

thnx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:47, on 8/16/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\n52te\razerhid.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\n52te\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DeathAdder] "C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe"
O4 - HKLM\..\Run: [Jomantha] "C:\Program Files (x86)\n52te\razerhid.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9405 bytes

[Advertisements]

Hi there and sorry for the delay

Download OTViewIt to your desktop.

• Close all windows and double click OTViewIt
• Place a tick in the Scan all Users box
• In the File Age drop down box select 90 days
• Click Run Scan and let the program run uninterrupted
• On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

[Essexboy]

Hi there and sorry for the delay

Download OTViewIt to your desktop.

• Close all windows and double click OTViewIt
• Place a tick in the Scan all Users box
• In the File Age drop down box select 90 days
• Click Run Scan and let the program run uninterrupted
• On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

[razer4040]

here's the logs:

OTViewIt logfile created on: 8/23/2008 20:20:34 - Run 1
OTViewIt by OldTimer - Version 1.0.0.8 Folder = C:\Users\accountX\Desktop
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 63.91% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.10 Gb Total Space | 167.49 Gb Free Space | 56.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: accountX-PC
Current User Name: accountX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[08/04/2008 04:47 PM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[07/07/2008 09:42 AM | 02,156,368 | RHS- | M] (Safer Networking Limited) - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
[07/24/2008 10:02 AM | 00,490,952 | ---- | M] (DT Soft Ltd) - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
[09/07/2007 03:54 PM | 00,159,744 | ---- | M] () - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
[12/12/2007 11:58 AM | 00,163,840 | ---- | M] (Razer USA Ltd.) - C:\Program Files (x86)\n52te\razerhid.exe
[07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[11/24/2006 03:24 PM | 00,143,360 | ---- | M] () - C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
[12/06/2007 02:20 PM | 00,110,592 | ---- | M] () - C:\Program Files (x86)\n52te\razertra.exe
[05/07/2007 03:35 PM | 00,163,840 | ---- | M] (Razer Inc.) - C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
[08/23/2008 08:19 PM | 01,274,880 | ---- | M] (OldTimer Tools) - C:\Users\accountX\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Lavasoft Ad-Aware Service [Auto | Running]
[08/04/2008 04:47 PM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe

(ALG) Application Layer Gateway Service [On_Demand | Stopped]
File not found - %SystemRoot%\System32\alg.exe

(aspnet_state) ASP.NET State Service [On_Demand | Stopped]
File not found - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

(aswUpdSv) avast! iAVS4 Control Service [Auto | Running]
[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

(avast! Antivirus) avast! Antivirus [Auto | Running]
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe

(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running]
[07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

(avast! Web Scanner) avast! Web Scanner [On_Demand | Running]
[07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

(CertPropSvc) Certificate Propagation [Unknown | Stopped]
File not found - %SystemRoot%\system32\svchost.exe

(DcomLaunch) DCOM Server Process Launcher [Unknown | Running]
File not found - %SystemRoot%\system32\svchost.exe

(DFSR) DFS Replication [On_Demand | Stopped]
File not found - %SystemRoot%\system32\DFSR.exe

(DPS) Diagnostic Policy Service [Unknown | Running]
File not found - %SystemRoot%\System32\svchost.exe

(Fax) Fax [On_Demand | Stopped]
File not found - %systemroot%\system32\fxssvc.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[02/02/2008 12:07 PM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(gpsvc) Group Policy Client [Unknown | Running]
File not found - %systemroot%\system32\svchost.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[11/14/2005 02:06 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

(idsvc) Windows CardSpace [Unknown | Stopped]
File not found - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

(KeyIso) CNG Key Isolation [On_Demand | Stopped]
File not found - %SystemRoot%\system32\lsass.exe

(MSCSPTISRV) MSCSPTISRV [On_Demand | Stopped]
[12/14/2006 03:21 AM | 00,045,056 | ---- | M] (Sony Corporation) - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped]
[11/02/2006 08:34 AM | ---D | M] - C:\Windows\System32\Msdtc

(Netlogon) Netlogon [On_Demand | Stopped]
File not found - %systemroot%\system32\lsass.exe

(nTuneService) nTune Service [Auto | Running]
[09/04/2007 08:31 PM | 00,180,224 | ---- | M] (NVIDIA) - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

(nvsvc) NVIDIA Display Driver Service [Auto | Running]
File not found - %SystemRoot%\system32\nvvsvc.exe

(PACSPTISVR) PACSPTISVR [On_Demand | Stopped]
[12/14/2006 02:46 AM | 00,057,344 | ---- | M] () - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

(ProtectedStorage) Protected Storage [On_Demand | Running]
File not found - %SystemRoot%\system32\lsass.exe

(RpcLocator) Remote Procedure Call (RPC) Locator [On_Demand | Stopped]
File not found - %SystemRoot%\system32\locator.exe

(RpcSs) Remote Procedure Call (RPC) [Unknown | Running]
File not found - %SystemRoot%\system32\svchost.exe

(SamSs) Security Accounts Manager [Auto | Running]
File not found - %SystemRoot%\system32\lsass.exe

(Schedule) Task Scheduler [Unknown | Running]
File not found - %systemroot%\system32\svchost.exe

(SCPolicySvc) Smart Card Removal Policy [Unknown | Stopped]
File not found - %SystemRoot%\system32\svchost.exe

(slsvc) Software Licensing [Auto | Running]
File not found - %SystemRoot%\system32\SLsvc.exe

(SNMPTRAP) SNMP Trap [On_Demand | Stopped]
File not found - %SystemRoot%\System32\snmptrap.exe

(SonicStage Back-End Service) SonicStage Back-End Service [Disabled | Stopped]
[02/05/2007 11:11 AM | 00,112,184 | ---- | M] (Sony Corporation) - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe

(Spooler) Print Spooler [Auto | Running]
File not found - %SystemRoot%\System32\spoolsv.exe

(SPTISRV) Sony SPTI Service [Disabled | Stopped]
[12/14/2006 03:02 AM | 00,069,632 | ---- | M] (Sony Corporation) - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe

(SSScsiSV) SonicStage SCSI Service [Disabled | Stopped]
[02/05/2007 11:11 AM | 00,075,320 | ---- | M] (Sony Corporation) - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe

(Steam Client Service) Steam Client Service [On_Demand | Stopped]
[04/04/2008 10:51 AM | 00,087,288 | ---- | M] (Valve Corporation) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(TrustedInstaller) Windows Modules Installer [Unknown | Stopped]
File not found - %SystemRoot%\servicing\TrustedInstaller.exe

(UI0Detect) Interactive Services Detection [On_Demand | Stopped]
File not found - %SystemRoot%\system32\UI0Detect.exe

(vds) Virtual Disk [On_Demand | Stopped]
File not found - %SystemRoot%\System32\vds.exe

(VSS) Volume Shadow Copy [On_Demand | Stopped]
File not found - %systemroot%\system32\vssvc.exe

(wbengine) Block Level Backup Engine Service [On_Demand | Stopped]
File not found - %systemroot%\system32\wbengine.exe

(WdiServiceHost) Diagnostic Service Host [Unknown | Stopped]
File not found - %SystemRoot%\System32\svchost.exe

(WdiSystemHost) Diagnostic System Host [Unknown | Running]
File not found - %SystemRoot%\System32\svchost.exe

(wmiApSrv) WMI Performance Adapter [On_Demand | Stopped]
File not found - %systemroot%\system32\wbem\WmiApSrv.exe

===== Driver Services - Non-Microsoft Only =====

(3dfxvs) 3dfxvs [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\3dfxvsm.sys

(ACPI) Microsoft ACPI Driver [Boot | Running]
File not found - C:\Windows\system32\drivers\acpi.sys

(adp94xx) adp94xx [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\adp94xx.sys

(adpahci) adpahci [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\adpahci.sys

(adpu160m) adpu160m [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\adpu160m.sys

(adpu320) adpu320 [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\adpu320.sys

(AFD) Ancilliary Function Driver for Winsock [System | Running]
File not found - C:\Windows\system32\drivers\afd.sys

(agp440) Intel AGP Bus Filter [On_Demand | Stopped]
File not found - C:\Windows\system32\drivers\agp440.sys

(aic78xx) aic78xx [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\djsvs.sys

(aliide) aliide [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\aliide.sys

(amdide) amdide [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\amdide.sys

(AmdK8) AMD K8 Processor Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\amdk8.sys

(arc) arc [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\arc.sys

(arcsas) arcsas [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\arcsas.sys

(aswFsBlk) aswFsBlk [Auto | Running]
File not found - C:\Windows\System32\DRIVERS\aswFsBlk.sys

(aswMonFlt) aswMonFlt [Auto | Running]
File not found - C:\Windows\System32\DRIVERS\aswMonFlt.sys

(aswRdr) aswRdr [System | Running]
File not found -

(aswSP) avast! Self Protection [System | Running]
File not found -

(aswTdi) avast! Network Shield Support [System | Running]
File not found -

(AsyncMac) RAS Asynchronous Media Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\asyncmac.sys

(atapi) IDE Channel [Boot | Running]
File not found - C:\Windows\system32\drivers\atapi.sys

(blbdrive) blbdrive [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\blbdrive.sys

(bowser) bowser [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\bowser.sys

(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [On_Demand | Stopped]
File not found - C:\Windows\system32\drivers\brfiltlo.sys

(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [On_Demand | Stopped]
File not found - C:\Windows\system32\drivers\brfiltup.sys

(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\brserid.sys

(BrSerWdm) Brother WDM Serial driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\brserwdm.sys

(BrUsbMdm) Brother MFC USB Fax Only Modem [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\brusbmdm.sys

(BrUsbSer) Brother MFC USB Serial WDM Driver [On_Demand | Stopped]
File not found - C:\Windows\system32\drivers\brusbser.sys

(BTHMODEM) Bluetooth Serial Communications Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\bthmodem.sys

(cdfs) CD/DVD File System Reader [Disabled | Running]
File not found - C:\Windows\System32\DRIVERS\cdfs.sys

(cdrom) CD-ROM Driver [System | Running]
File not found - C:\Windows\System32\DRIVERS\cdrom.sys

(circlass) Consumer IR Devices [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\circlass.sys

(CLFS) Common Log (CLFS) [Unknown | Running]
File not found -

(cmdide) cmdide [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\cmdide.sys

(Compbatt) Microsoft Composite Battery Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\compbatt.sys

(copperhd) Razer Copperhead Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\copperhd.sys

(crcdisk) Crcdisk Filter Driver [Boot | Running]
File not found - C:\Windows\system32\drivers\crcdisk.sys

(CSC) Offline Files Driver [System | Running]
File not found - C:\Windows\System32\drivers\csc.sys

(DAdderFltr) DeathAdder Mouse [On_Demand | Running]
File not found - C:\Windows\System32\drivers\dadder.sys

(DfsC) DFS Namespace Client Driver [System | Running]
File not found - C:\Windows\System32\Drivers\dfsc.sys

(disk) Disk Driver [Boot | Running]
File not found - C:\Windows\system32\drivers\disk.sys

(drmkaud) Microsoft Kernel DRM Audio Descrambler [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\drmkaud.sys

(DXGKrnl) LDDM Graphics Subsystem [On_Demand | Running]
File not found - C:\Windows\System32\drivers\dxgkrnl.sys

(E1G60) Intel® PRO/1000 NDIS 6 Adapter Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\E1G6032E.sys

(Ecache) ReadyBoost Caching Driver [Boot | Running]
File not found - C:\Windows\System32\drivers\ecache.sys

(elxstor) elxstor [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\elxstor.sys

(fdc) Floppy Disk Controller Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\fdc.sys

(FileInfo) File Information FS MiniFilter [Boot | Running]
File not found - C:\Windows\system32\drivers\fileinfo.sys

(Filetrace) Filetrace [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\filetrace.sys

(flpydisk) Floppy Disk Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\flpydisk.sys

(FltMgr) FltMgr [Boot | Running]
File not found - C:\Windows\system32\drivers\fltmgr.sys

(fvevol) BitLocker Drive Encryption Filter Driver [Boot | Running]
File not found - C:\Windows\System32\DRIVERS\fvevol.sys

(gagp30kx) Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms [On_Demand | Stopped]
File not found - C:\Windows\system32\drivers\gagp30kx.sys

(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\HdAudio.sys

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\HDAudBus.sys

(HidBth) Microsoft Bluetooth HID Miniport [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\hidbth.sys

(HidIr) Microsoft Infrared HID Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\hidir.sys

(HidUsb) n52te HID Class Driver [Auto | Running]
File not found - C:\Windows\System32\DRIVERS\hidusb.sys

(HpCISSs) HpCISSs [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\hpcisss.sys

(HTTP) HTTP [On_Demand | Running]
File not found - C:\Windows\System32\drivers\HTTP.sys

(i2omp) i2omp [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\i2omp.sys

(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [System | Running]
File not found - C:\Windows\System32\DRIVERS\i8042prt.sys

(iaStorV) Intel RAID Controller Vista [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\iastorv.sys

(iirsp) iirsp [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\iirsp.sys

(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [On_Demand | Running]
File not found - C:\Windows\System32\drivers\RTKVHD64.sys

(intelide) intelide [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\intelide.sys

(intelppm) Intel Processor Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\intelppm.sys

(IpFilterDriver) IP Traffic Filter Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\ipfltdrv.sys

(IpInIp) IP in IP Tunnel Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\ipinip.sys

(IPMIDRV) IPMIDRV [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\ipmidrv.sys

(IPNAT) IP Network Address Translator [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\ipnat.sys

(IRENUM) IR Bus Enumerator [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\irenum.sys

(isapnp) PnP ISA/EISA Bus Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\isapnp.sys

(iScsiPrt) iScsiPort Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\msiscsi.sys

(iteatapi) ITEATAPI_Service_Install [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\iteatapi.sys

(iteraid) ITERAID_Service_Install [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\iteraid.sys

(JmtFltr) n52te [On_Demand | Running]
File not found - C:\Windows\System32\drivers\JmtFltr.sys

(kbdclass) Keyboard Class Driver [System | Running]
File not found - C:\Windows\System32\DRIVERS\kbdclass.sys

(kbdhid) Keyboard HID Driver [System | Running]
File not found - C:\Windows\System32\DRIVERS\kbdhid.sys

(KSecDD) KSecDD [Boot | Running]
File not found - C:\Windows\System32\Drivers\ksecdd.sys

(ksthunk) Kernel Streaming Thunks [On_Demand | Running]
File not found - C:\Windows\system32\drivers\ksthunk.sys

(lltdio) Link-Layer Topology Discovery Mapper I/O Driver [Auto | Running]
File not found - C:\Windows\System32\DRIVERS\lltdio.sys

(LSI_FC) LSI_FC [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\lsi_fc.sys

(LSI_SAS) LSI_SAS [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\lsi_sas.sys

(LSI_SCSI) LSI_SCSI [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\lsi_scsi.sys

(luafv) UAC File Virtualization [Auto | Running]
File not found - C:\Windows\system32\drivers\luafv.sys

(megasas) megasas [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\megasas.sys

(Modem) Modem [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\modem.sys

(monitor) Microsoft Monitor Class Function Driver Service [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\monitor.sys

(mouclass) Mouse Class Driver [System | Running]
File not found - C:\Windows\System32\DRIVERS\mouclass.sys

(mouhid) Mouse HID Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\mouhid.sys

(MountMgr) Mount Point Manager [Boot | Running]
File not found - C:\Windows\System32\drivers\mountmgr.sys

(mpio) Microsoft Multi-Path Bus Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\mpio.sys

(mpsdrv) Windows Firewall Authorization Driver [On_Demand | Running]
File not found - C:\Windows\System32\drivers\mpsdrv.sys

(Mraid35x) Mraid35x [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\mraid35x.sys

(MRxDAV) WebDav Client Redirector Driver [On_Demand | Running]
File not found - C:\Windows\system32\drivers\mrxdav.sys

(mrxsmb) SMB MiniRedirector Wrapper and Engine [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\mrxsmb.sys

(mrxsmb10) SMB 1.x MiniRedirector [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\mrxsmb10.sys

(mrxsmb20) SMB 2.0 MiniRedirector [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\mrxsmb20.sys

(msahci) msahci [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\msahci.sys

(msdsm) Microsoft Multi-Path Device Specific Module [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\msdsm.sys

(Msfs) Msfs [System | Running]
File not found -

(msisadrv) ISA/EISA Class Driver [Boot | Running]
File not found - C:\Windows\system32\drivers\msisadrv.sys

(MSKSSRV) Microsoft Streaming Service Proxy [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\MSKSSRV.sys

(MSPCLOCK) Microsoft Streaming Clock Proxy [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\MSPCLOCK.sys

(MSPQM) Microsoft Streaming Quality Manager Proxy [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\MSPQM.sys

(mssmbios) Microsoft System Management BIOS Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\mssmbios.sys

(MSTEE) Microsoft Streaming Tee/Sink-to-Sink Converter [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\MSTEE.sys

(Mup) Mup [Boot | Running]
File not found - C:\Windows\System32\Drivers\mup.sys

(NativeWifiP) NativeWiFi Filter [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\nwifi.sys

(NDIS) NDIS System Driver [Boot | Running]
File not found - C:\Windows\system32\drivers\ndis.sys

(NdisTapi) Remote Access NDIS TAPI Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\ndistapi.sys

(Ndisuio) NDIS Usermode I/O Protocol [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\ndisuio.sys

(NdisWan) Remote Access NDIS WAN Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\ndiswan.sys

(NDProxy) NDIS Proxy [On_Demand | Running]
File not found -

(NetBIOS) NetBIOS Interface [System | Running]
File not found - C:\Windows\System32\DRIVERS\netbios.sys

(netbt) netbt [System | Running]
File not found - C:\Windows\System32\DRIVERS\netbt.sys

(nfrd960) nfrd960 [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\nfrd960.sys

(Npfs) Npfs [System | Running]
File not found -

(nsiproxy) NSI proxy service [System | Running]
File not found - C:\Windows\System32\drivers\nsiproxy.sys

(Ntfs) Ntfs [On_Demand | Running]
File not found -

(Null) Null [System | Running]
File not found -

(NVENETFD) NVIDIA nForce Networking Controller Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\nvmfdx64.sys

(nvlddmkm) nvlddmkm [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\nvlddmkm.sys

(NVR0Dev) NVR0Dev [On_Demand | Running]
[09/04/2007 08:26 PM | 00,039,968 | ---- | M] (NVidia Corp.) - C:\Windows\nvoclk64.sys

(nvraid) %nvraidbus.SvcDesc% [Boot | Running]
File not found - C:\Windows\system32\drivers\nvraid.sys

(nvrd64) NVIDIA nForce RAID Driver [Boot | Running]
File not found - C:\Windows\system32\DRIVERS\nvrd64.sys

(nvstor) nvstor [Boot | Running]
File not found - C:\Windows\system32\drivers\nvstor.sys

(nvstor64) nvstor64 [Boot | Running]
File not found - C:\Windows\system32\DRIVERS\nvstor64.sys

(nv_agp) NVIDIA nForce AGP Bus Filter [On_Demand | Stopped]
File not found - C:\Windows\system32\drivers\nv_agp.sys

(NwlnkFlt) IPX Traffic Filter Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\nwlnkflt.sys

(NwlnkFwd) IPX Traffic Forwarder Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\nwlnkfwd.sys

(ohci1394) Texas Instruments OHCI Compliant IEEE 1394 Host Controller [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\ohci1394.sys

(Parport) Parallel port driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\parport.sys

(partmgr) Partition Manager [Boot | Running]
File not found - C:\Windows\System32\drivers\partmgr.sys

(pci) PCI Bus Driver [Boot | Running]
File not found - C:\Windows\system32\drivers\pci.sys

(pciide) pciide [Boot | Running]
File not found - C:\Windows\system32\drivers\pciide.sys

(pcmcia) pcmcia [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\pcmcia.sys

(PEAUTH) PEAUTH [Auto | Running]
File not found - C:\Windows\System32\drivers\peauth.sys

(PptpMiniport) WAN Miniport (PPTP) [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\raspptp.sys

(Processor) Processor Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\processr.sys

(PSched) QoS Packet Scheduler [System | Running]
File not found - C:\Windows\System32\DRIVERS\pacer.sys

(ql2300) QLogic Fibre Channel Miniport Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\ql2300.sys

(ql40xx) QLogic iSCSI Miniport Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\ql40xx.sys

(QWAVEdrv) QWAVE driver [On_Demand | Stopped]
File not found - C:\Windows\system32\drivers\qwavedrv.sys

(RasAcd) Remote Access Auto Connection Driver [System | Running]
File not found - C:\Windows\System32\DRIVERS\rasacd.sys

(Rasl2tp) WAN Miniport (L2TP) [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\rasl2tp.sys

(RasPppoe) Remote Access PPPOE Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\raspppoe.sys

(RasSstp) WAN Miniport (SSTP) [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\rassstp.sys

(rdbss) Redirected Buffering Sub Sysytem [System | Running]
File not found - C:\Windows\System32\DRIVERS\rdbss.sys

(RDPCDD) RDPCDD [System | Running]
File not found - C:\Windows\System32\DRIVERS\RDPCDD.sys

(rdpdr) Terminal Server Device Redirector Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\rdpdr.sys

(RDPENCDD) RDP Encoder Mirror Driver [System | Running]
File not found - C:\Windows\System32\drivers\rdpencdd.sys

(rspndr) Link-Layer Topology Discovery Responder [Auto | Running]
File not found - C:\Windows\System32\DRIVERS\rspndr.sys

(sbp2port) SBP-2 Transport/Protocol Bus Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\sbp2port.sys

(secdrv) Security Driver [Auto | Running]
File not found -

(Serenum) Serenum Filter Driver [On_Demand | Stopped]
File not found - C:\Windows\system32\drivers\serenum.sys

(Serial) Serial Port Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\serial.sys

(sermouse) Serial Mouse Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\sermouse.sys

(sffdisk) SFF Storage Class Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\sffdisk.sys

(sffp_mmc) SFF Storage Protocol Driver for MMC [On_Demand | Stopped]
File not found - C:\Windows\system32\drivers\sffp_mmc.sys

(sffp_sd) SFF Storage Protocol Driver for SDBus [On_Demand | Stopped]
File not found - C:\Windows\system32\drivers\sffp_sd.sys

(sfloppy) High-Capacity Floppy Disk Drive [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\sfloppy.sys

(SiSRaid2) SiSRaid2 [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\sisraid2.sys

(SiSRaid4) SiSRaid4 [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\sisraid4.sys

(Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) [System | Running]
File not found - C:\Windows\System32\DRIVERS\smb.sys

(spldr) Security Processor Loader Driver [Boot | Running]
File not found -

(sptd) sptd [Boot | Running]
File not found - C:\Windows\System32\Drivers\sptd.sys

(srv) srv [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\srv.sys

(srv2) srv2 [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\srv2.sys

(srvnet) srvnet [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\srvnet.sys

(swenum) Software Bus Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\swenum.sys

(Symc8xx) Symc8xx [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\symc8xx.sys

(Sym_hi) Sym_hi [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\sym_hi.sys

(Sym_u3) Sym_u3 [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\sym_u3.sys

(Tcpip) TCP/IP Protocol Driver [Boot | Running]
File not found - C:\Windows\System32\drivers\tcpip.sys

(Tcpip6) Microsoft IPv6 Protocol Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\tcpip.sys

(tcpipreg) TCP/IP Registry Compatibility [Auto | Running]
File not found - C:\Windows\System32\drivers\tcpipreg.sys

(TDPIPE) TDPIPE [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\tdpipe.sys

(TDTCP) TDTCP [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\tdtcp.sys

(tdx) NetIO Legacy TDI Support Driver [System | Running]
File not found - C:\Windows\System32\DRIVERS\tdx.sys

(TermDD) Terminal Device Driver [System | Running]
File not found - C:\Windows\System32\DRIVERS\termdd.sys

(tssecsrv) Terminal Services Security Filter Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\tssecsrv.sys

(tunmp) Microsoft Tun Miniport Adapter Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\tunmp.sys

(tunnel) Microsoft IPv6 Tunnel Miniport Adapter Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\tunnel.sys

(uagp35) Microsoft AGPv3.5 Filter [On_Demand | Stopped]
File not found - C:\Windows\system32\drivers\uagp35.sys

(udfs) udfs [Disabled | Stopped]
File not found - C:\Windows\System32\DRIVERS\udfs.sys

(uliagpkx) Uli AGP Bus Filter [On_Demand | Stopped]
File not found - C:\Windows\system32\drivers\uliagpkx.sys

(uliahci) uliahci [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\uliahci.sys

(UlSata) UlSata [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\ulsata.sys

(ulsata2) ulsata2 [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\ulsata2.sys

(umbus) UMBus Enumerator Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\umbus.sys

(usbccgp) Microsoft USB Generic Parent Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\usbccgp.sys

(usbcir) eHome Infrared Receiver (USBCIR) [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\usbcir.sys

(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\usbehci.sys

(usbhub) USB2 Enabled Hub [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\usbhub.sys

(usbohci) Microsoft USB Open Host Controller Miniport Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\usbohci.sys

(usbprint) Microsoft USB PRINTER Class [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\usbprint.sys

(USBSTOR) USB Mass Storage Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\USBSTOR.SYS

(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Disabled | Stopped]
File not found - C:\Windows\System32\DRIVERS\usbuhci.sys

(vga) vga [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\vgapnp.sys

(VgaSave) VgaSave [System | Running]
File not found - C:\Windows\System32\drivers\vga.sys

(vhidmini) Virtual Hid Device [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\vhidmini.sys

(viaide) viaide [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\viaide.sys

(vmm) Virtual Machine Monitor [System | Running]
File not found - C:\Windows\system32\Drivers\vmm.sys

(volmgr) Volume Manager Driver [Boot | Running]
File not found - C:\Windows\system32\drivers\volmgr.sys

(volmgrx) Dynamic Volume Manager [Boot | Running]
File not found - C:\Windows\System32\drivers\volmgrx.sys

(volsnap) Storage volumes [Boot | Running]
File not found - C:\Windows\system32\drivers\volsnap.sys

(VPCNetS2) Virtual Machine Network Services Driver [On_Demand | Running]
File not found - C:\Windows\System32\DRIVERS\VMNetSrv.sys

(vsmraid) vsmraid [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\vsmraid.sys

(WacomPen) Wacom Serial Pen HID Driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\wacompen.sys

(Wanarp) Remote Access IP ARP Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\wanarp.sys

(Wanarpv6) Remote Access IPv6 ARP Driver [System | Running]
File not found - C:\Windows\System32\DRIVERS\wanarp.sys

(Wd) Microsoft Watchdog Timer Driver [Boot | Running]
File not found - C:\Windows\system32\drivers\wd.sys

(Wdf01000) Kernel Mode Driver Frameworks service [Boot | Running]
File not found - C:\Windows\system32\drivers\Wdf01000.sys

(WmiAcpi) Microsoft Windows Management Interface for ACPI [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\wmiacpi.sys

(ws2ifsl) Winsock IFS driver [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\ws2ifsl.sys

(WUDFRd) WUDFRd [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\WUDFRd.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"Adobe Reader Speed Launcher" = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software)
"DeathAdder" = "C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe" [09/07/2007 03:54 PM | 00,159,744 | ---- | M] ()
"Jomantha" = "C:\Program Files (x86)\n52te\razerhid.exe" [12/12/2007 11:58 AM | 00,163,840 | ---- | M] (Razer USA Ltd.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun [07/24/2008 10:02 AM | 00,490,952 | ---- | M] (DT Soft Ltd)
"NVIDIA nTune" = "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [09/04/2007 08:31 PM | 00,098,304 | ---- | M] (NVIDIA)
"SpybotSD TeaTimer" = C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [07/07/2008 09:42 AM | 02,156,368 | RHS- | M] (Safer Networking Limited)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Key does not exist or could not be opened.
"run" = Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Key does not exist or could not be opened.
"run" = Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-1661854043-3290920731-3084093886-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun [07/24/2008 10:02 AM | 00,490,952 | ---- | M] (DT Soft Ltd)
"NVIDIA nTune" = "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [09/04/2007 08:31 PM | 00,098,304 | ---- | M] (NVIDIA)
"SpybotSD TeaTimer" = C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [07/07/2008 09:42 AM | 02,156,368 | RHS- | M] (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1661854043-3290920731-3084093886-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
HKLM CLSID: (Adobe PDF Conversion Toolbar Helper) - [05/10/2007 11:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/10/2007 11:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/10/2007 11:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_USERS\S-1-5-21-1661854043-3290920731-3084093886-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/10/2007 11:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]
"NoAddingComponents" = 1
"NoComponents" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments]
"ScanWithAntiVirus" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop" = 1
"NoActiveDesktopChanges" = 1
"ForceActiveDesktopOn" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin" = 2
"ConsentPromptBehaviorUser" = 1
"EnableInstallerDetection" = 1
"EnableLUA" = 1
"EnableSecureUIAPaths" = 1
"EnableVirtualization" = 1
"PromptOnSecureDesktop" = 1
"ValidateAdminCodeSignatures" = 0
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"scforceoption" = 0
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"FilterAdministratorToken" = 0
"EnableUIADesktopToggle" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT" = 1
"CF_BITMAP" = 2
"CF_OEMTEXT" = 7
"CF_DIB" = 8
"CF_PALETTE" = 9
"CF_UNICODETEXT" = 13
"CF_DIBV5" = 17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoWinKeys" = 1
Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> ->
Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> ->

[HKEY_USERS\S-1-5-21-1661854043-3290920731-3084093886-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoWinKeys" = 1

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ not found. -> ->

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ not found. -> ->

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"explorer.exe" - [01/19/2008 02:33 AM | 02,927,104 | ---- | M] (Microsoft Corporation) C:\Windows\System32\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"userinit.exe" - [01/19/2008 02:33 AM | 00,025,088 | ---- | M] (Microsoft Corporation) C:\Windows\System32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/23/2008 11:58 PM | 11,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\System32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [01/19/2008 02:32 AM | 00,242,688 | ---- | M] (Microsoft Corporation) C:\Windows\System32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ not found. -> ->

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{28907143-9C99-42B4-86ED-3FCDE1799D60}]
Servers: | Description: NVIDIA nForce Networking Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{DF605880-272B-4F50-97BE-A7A57C0C0340}]
Servers: | Description: NVIDIA nForce Networking Controller

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
"AutoRunAlwaysDisable" = TORiSAN CD-ROM CDR_C36;NEC MBR-7 ;NEC MBR-7.4 ;PIONEER CHANGR DRM-1804X;PIONEER CD-ROM DRM-6324X;PIONEER CD-ROM DRM-624X ;
"DisplayName" = CD-ROM Driver
"Group" = SCSI CDROM Class
"ImagePath" = system32\DRIVERS\cdrom.sys
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"Tag" = 3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum]
"0" = IDE\CdRom_NEC_DVD_RW_ND-2500A____________________1.06____\5&346e82bb&0&0.0.0
"Count" = 2
"NextInstance" = 2
"1" = SCSI\CdRom&Ven_DSN&Prod_H2ZCTUJ&Rev_1.03\5&2c4f72d4&0&000000

===== CDRom AutoRun Settings =====

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N]
"BaseClass" = Drive

===== Hosts File =====

HOSTS File = (257752 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net



[Files/Folders - Created Within 90 days]
[07/16/2008 12:46 PM | ---D | C] - C:\d3tr
[08/07/2008 12:24 AM | ---D | C] - C:\Deckard
[08/16/2008 07:42 PM | ---D | C] - C:\TcpView
[06/13/2008 02:01 PM | ---D | C] - C:\UBCD4Win
[06/13/2008 01:19 PM | ---D | C] - C:\Virtual Machines
[08/06/2008 11:22 PM | ---D | C] - C:\VundoFix Backups
[06/23/2008 10:42 PM | 00,031,104 | ---- | M] (Cypress Semiconductor) - C:\Windows\System32\drivers\cyusb.sys
[07/30/2008 08:07 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\Windows\System32\drivers\mbam.sys
[07/30/2008 08:07 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\Windows\System32\drivers\mbamswissarmy.sys
[10/21/2005 05:01 PM | 00,019,200 | ---- | M] (Motorola) - C:\Windows\System32\drivers\USBICP.sys
[05/23/2008 06:21 PM | 00,081,920 | ---- | M] (S!Ri.URZ) - C:\Windows\System32\404Fix.exe
[01/09/2004 04:13 AM | 00,380,928 | ---- | M] () - C:\Windows\System32\actskin4.ocx
[07/19/2008 09:43 AM | 01,163,960 | ---- | M] (ALWIL Software) - C:\Windows\System32\aswBoot.exe
[08/04/2008 01:34 PM | 00,000,000 | ---- | M] () - C:\Windows\System32\config.nt
[05/07/2007 06:19 PM | 00,085,504 | ---- | M] (Razer USA Ltd.) - C:\Windows\System32\DeathAdder64.cpl
[07/31/2004 06:50 PM | 00,051,200 | ---- | M] () - C:\Windows\System32\dumphive.exe
[03/07/2008 09:08 PM | 04,240,384 | ---- | M] (Microsoft) - C:\Windows\System32\GameUXLegacyGDFs.dll
[07/02/2008 01:33 PM | 00,082,432 | ---- | M] (S!Ri.URZ) - C:\Windows\System32\IEDFix.C.exe
[05/18/2008 09:40 PM | 00,082,944 | ---- | M] (S!Ri.URZ) - C:\Windows\System32\IEDFix.exe
[12/06/2007 03:16 PM | 00,049,152 | ---- | M] (Razer USA Ltd.) - C:\Windows\System32\Jomantha.cpl
[11/08/2007 04:04 AM | 11,967,524 | ---- | M] () - C:\Windows\System32\korwbrkr.lex
[06/11/2008 02:48 PM | 00,188,960 | ---- | M] () - C:\Windows\System32\nvapps.xml
[06/05/2003 09:13 PM | 00,053,248 | ---- | M] (http://www.beyondlogic.org) - C:\Windows\System32\Process.exe
[04/27/2006 05:49 PM | 00,288,417 | ---- | M] (S!Ri) - C:\Windows\System32\SrchSTS.exe
[05/26/2008 11:59 PM | 00,106,605 | ---- | M] () - C:\Windows\System32\StructuredQuerySchema.bin
[05/26/2008 11:59 PM | 00,018,904 | ---- | M] () - C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[08/29/2006 07:43 PM | 00,135,168 | ---- | M] (SteelWerX) - C:\Windows\System32\swreg.exe
[01/09/2006 10:36 AM | 00,040,960 | ---- | M] () - C:\Windows\System32\swsc.exe
[12/01/2006 06:20 AM | 00,079,360 | ---- | M] (SteelWerX) - C:\Windows\System32\swxcacls.exe
[08/06/2008 11:12 AM | 00,001,750 | ---- | M] () - C:\Windows\System32\tmp.reg
[05/29/2008 09:35 AM | 00,086,528 | ---- | M] (S!Ri.URZ) - C:\Windows\System32\VACFix.exe
[09/06/2007 12:22 AM | 00,289,144 | ---- | M] (S!Ri) - C:\Windows\System32\VCCLSID.exe
[10/04/2007 12:36 AM | 00,025,600 | ---- | M] () - C:\Windows\System32\WS2Fix.exe
[08/07/2008 12:24 AM | ---D | C] - C:\Windows\ERDNT
[08/17/2008 04:35 PM | 00,000,000 | ---- | M] () - C:\Windows\nsreg.dat
[08/21/2008 09:00 AM | 00,000,324 | ---- | M] () - C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[08/18/2008 11:28 AM | 00,000,332 | ---- | M] () - C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[08/04/2008 04:47 PM | ---D | C] - C:\ProgramData\Lavasoft
[08/06/2008 11:49 PM | ---D | C] - C:\ProgramData\Malwarebytes
[08/04/2008 01:54 PM | ---D | C] - C:\ProgramData\NOS
[08/04/2008 02:05 PM | ---D | C] - C:\ProgramData\Spybot - Search & Destroy
[08/06/2008 11:49 PM | ---D | C] - C:\Users\accountX\AppData\Roaming\Malwarebytes
[08/17/2008 04:35 PM | ---D | C] - C:\Users\accountX\AppData\Roaming\Mozilla
[08/20/2008 10:10 PM | 02,622,689 | -H-- | M] () - C:\Users\accountX\AppData\Local\IconCache.db
[08/17/2008 04:35 PM | ---D | C] - C:\Users\accountX\AppData\Local\Mozilla
[06/13/2008 01:18 PM | ---D | C] - C:\Users\accountX\Documents\My Virtual Machines
[08/05/2008 02:43 PM | 00,000,897 | ---- | M] () - C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[08/17/2008 04:35 PM | 00,001,778 | ---- | M] () - C:\Users\Public\Desktop\Mozilla Firefox.lnk
[08/23/2008 08:19 PM | 01,274,880 | ---- | M] (OldTimer Tools) - C:\Users\accountX\Desktop\OTViewIt.exe
[08/06/2008 11:58 PM | ---D | C] - C:\Users\accountX\Desktop\Tools
[08/04/2008 01:38 PM | ---D | C] - C:\Program Files (x86)\Common Files\Adobe AIR
[08/05/2008 02:43 PM | ---D | C] - C:\Program Files (x86)\DAEMON Tools Lite
[08/05/2008 01:46 AM | ---D | C] - C:\Program Files (x86)\Enigma Software Group
[08/04/2008 04:46 PM | ---D | C] - C:\Program Files (x86)\Lavasoft
[08/06/2008 11:49 PM | ---D | C] - C:\Program Files (x86)\Malwarebytes' Anti-Malware
[06/13/2008 01:17 PM | ---D | C] - C:\Program Files (x86)\Microsoft Virtual PC
[08/17/2008 04:35 PM | ---D | C] - C:\Program Files (x86)\Mozilla Firefox
[06/24/2008 05:35 PM | ---D | C] - C:\Program Files (x86)\n52te
[08/04/2008 01:54 PM | ---D | C] - C:\Program Files (x86)\NOS
[06/23/2008 10:43 PM | ---D | C] - C:\Program Files (x86)\Razer
[08/04/2008 01:57 PM | ---D | C] - C:\Program Files (x86)\Spybot - Search & Destroy
[08/05/2008 12:27 AM | ---D | C] - C:\Program Files (x86)\Trend Micro
[08/04/2008 01:40 PM | ---D | C] - C:\Program Files (x86)\Uniblue

[Files/Folders - Modified Within 90 days]
[07/16/2008 12:46 PM | ---D | M] - C:\d3tr
[08/07/2008 12:24 AM | ---D | M] - C:\Deckard
[08/01/2008 11:26 AM | ---D | M] - C:\mp3s
[08/23/2008 08:20 PM | ---D | M] - C:\Outlook Email
[06/19/2008 10:53 AM | ---D | M] - C:\PerfLogs
[08/04/2008 01:34 PM | R--D | M] - C:\Program Files
[08/17/2008 04:35 PM | R--D | M] - C:\Program Files (x86)
[08/06/2008 11:49 PM | -H-D | M] - C:\ProgramData
[08/06/2008 03:20 PM | -HSD | M] - C:\System Volume Information
[08/16/2008 07:42 PM | ---D | M] - C:\TcpView
[08/16/2008 06:32 PM | ---D | M] -

[razer4040]

[08/16/2008 07:42 PM | ---D | M] - C:\TcpView
[08/16/2008 06:32 PM | ---D | M] - C:\Temp
[06/13/2008 02:01 PM | ---D | M] - C:\UBCD4Win
[06/13/2008 01:19 PM | ---D | M] - C:\Virtual Machines
[08/06/2008 11:22 PM | ---D | M] - C:\VundoFix Backups
[08/17/2008 04:35 PM | ---D | M] - C:\Windows
[06/23/2008 10:42 PM | 00,031,104 | ---- | M] (Cypress Semiconductor) - C:\Windows\System32\drivers\cyusb.sys
[07/30/2008 08:07 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\Windows\System32\drivers\mbam.sys
[07/30/2008 08:07 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\Windows\System32\drivers\mbamswissarmy.sys
[07/19/2008 09:43 AM | 01,163,960 | ---- | M] (ALWIL Software) - C:\Windows\System32\aswBoot.exe
[08/04/2008 01:34 PM | 00,000,000 | ---- | M] () - C:\Windows\System32\config.nt
[08/06/2008 11:49 PM | ---D | M] - C:\Windows\System32\drivers
[08/16/2008 06:23 PM | ---D | M] - C:\Windows\System32\en-US
[07/02/2008 01:33 PM | 00,082,432 | ---- | M] (S!Ri.URZ) - C:\Windows\System32\IEDFix.C.exe
[08/04/2008 01:49 PM | ---D | M] - C:\Windows\System32\Macromed
[08/16/2008 06:23 PM | ---D | M] - C:\Windows\System32\migration
[06/11/2008 02:48 PM | 00,188,960 | ---- | M] () - C:\Windows\System32\nvapps.xml
[05/26/2008 11:59 PM | 00,106,605 | ---- | M] () - C:\Windows\System32\StructuredQuerySchema.bin
[05/26/2008 11:59 PM | 00,018,904 | ---- | M] () - C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[08/06/2008 11:12 AM | 00,001,750 | ---- | M] () - C:\Windows\System32\tmp.reg
[05/29/2008 09:35 AM | 00,086,528 | ---- | M] (S!Ri.URZ) - C:\Windows\System32\VACFix.exe
[08/16/2008 06:23 PM | ---D | M] - C:\Windows\AppPatch
[08/16/2008 06:16 PM | R-SD | M] - C:\Windows\assembly
[08/23/2008 09:56 AM | 00,067,584 | --S- | M] () - C:\Windows\bootstat.dat
[08/07/2008 07:25 PM | --SD | M] - C:\Windows\Downloaded Program Files
[06/30/2008 09:22 AM | ---D | M] - C:\Windows\ehome
[08/07/2008 12:24 AM | ---D | M] - C:\Windows\ERDNT
[08/23/2008 10:04 AM | ---D | M] - C:\Windows\inf
[08/16/2008 06:19 PM | -HSD | M] - C:\Windows\Installer
[06/30/2008 09:30 AM | ---D | M] - C:\Windows\Microsoft.NET
[08/17/2008 04:35 PM | 00,000,000 | ---- | M] () - C:\Windows\nsreg.dat
[08/04/2008 11:44 AM | ---D | M] - C:\Windows\PolicyDefinitions
[08/23/2008 08:20 PM | ---D | M] - C:\Windows\Prefetch
[08/16/2008 06:41 PM | ---D | M] - C:\Windows\rescache
[08/23/2008 10:04 AM | ---D | M] - C:\Windows\System32
[08/16/2008 06:23 PM | ---D | M] - C:\Windows\SysWOW64
[08/17/2008 05:48 PM | ---D | M] - C:\Windows\Tasks
[08/23/2008 08:20 PM | ---D | M] - C:\Windows\Temp
[08/16/2008 06:35 PM | ---D | M] - C:\Windows\winsxs
[08/23/2008 09:56 AM | 00,000,006 | -H-- | M] () - C:\Windows\tasks\SA.DAT
[08/21/2008 09:00 AM | 00,000,324 | ---- | M] () - C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[08/18/2008 11:28 AM | 00,000,332 | ---- | M] () - C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[08/04/2008 01:38 PM | ---D | M] - C:\ProgramData\Adobe
[08/04/2008 04:47 PM | ---D | M] - C:\ProgramData\Lavasoft
[08/06/2008 11:49 PM | ---D | M] - C:\ProgramData\Malwarebytes
[08/16/2008 06:19 PM | ---D | M] - C:\ProgramData\Microsoft Help
[08/04/2008 01:54 PM | ---D | M] - C:\ProgramData\NOS
[07/12/2008 10:35 AM | ---D | M] - C:\ProgramData\NVIDIA
[08/04/2008 02:05 PM | ---D | M] - C:\ProgramData\Spybot - Search & Destroy
[08/06/2008 11:49 PM | ---D | M] - C:\Users\accountX\AppData\Roaming\Malwarebytes
[06/13/2008 01:18 PM | --SD | M] - C:\Users\accountX\AppData\Roaming\Microsoft
[08/17/2008 04:35 PM | ---D | M] - C:\Users\accountX\AppData\Roaming\Mozilla
[08/04/2008 11:37 PM | ---D | M] - C:\Users\accountX\AppData\Local\CurseClient
[08/06/2008 10:00 PM | 00,001,460 | ---- | M] () - C:\Users\accountX\AppData\Local\d3d9caps64.dat
[08/20/2008 10:10 PM | 02,622,689 | -H-- | M] () - C:\Users\accountX\AppData\Local\IconCache.db
[08/17/2008 04:35 PM | ---D | M] - C:\Users\accountX\AppData\Local\Mozilla
[08/23/2008 08:19 PM | ---D | M] - C:\Users\accountX\AppData\Local\Temp
[08/04/2008 06:51 PM | ---D | M] - C:\Users\accountX\AppData\Local\VirtualStore
[06/13/2008 01:18 PM | ---D | M] - C:\Users\accountX\Documents\My Virtual Machines
[08/05/2008 02:43 PM | 00,000,897 | ---- | M] () - C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[08/17/2008 04:35 PM | 00,001,778 | ---- | M] () - C:\Users\Public\Desktop\Mozilla Firefox.lnk
[08/23/2008 08:19 PM | 01,274,880 | ---- | M] (OldTimer Tools) - C:\Users\accountX\Desktop\OTViewIt.exe
[08/06/2008 11:58 PM | ---D | M] - C:\Users\accountX\Desktop\Tools
[08/04/2008 01:38 PM | ---D | M] - C:\Program Files (x86)\Common Files\Adobe
[08/04/2008 01:38 PM | ---D | M] - C:\Program Files (x86)\Common Files\Adobe AIR
[08/04/2008 04:46 PM | ---D | M] - C:\Program Files (x86)\Common Files\Wise Installation Wizard

< End of report >

[razer4040]

OTViewIt Extras logfile created on: 8/23/2008 20:20:34 - Run 1
OTViewIt by OldTimer - Version 1.0.0.8 Folder = C:\Users\accountx\Desktop
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 63.91% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.10 Gb Total Space | 167.49 Gb Free Space | 56.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{1AFF2298-CC00-4A3B-866A-C62B8373794E}" = Security Update for 2007 Microsoft Office System (KB951596)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{4AD3A076-427C-491F-A5B7-7D1DE788A756}" = Update for Microsoft Office Outlook 2007 (KB952142)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{558B709B-821B-4FC5-90FC-9A8890641E77}" = Security Update for Microsoft Office PowerPoint 2007 (KB951338)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6BAD036C-261F-4BEF-96CF-C20678D07A41}" = Security Update for Visio 2007 (KB947590)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{7399DD71-8E24-4E60-B6A8-6CED89C0AC26}" = Security Update for Microsoft Office Excel 2007 (KB951546)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{8F375E11-4FD6-4B89-9E2B-A76D48B51E00}" = Security Update for Microsoft Office system 2007 (KB951808)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{A420F522-7395-4872-9882-C591B4B92278}" = Update for Office 2007 (KB946691)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{AD72BABE-C733-4FCF-9674-4314466191B9}" = Security Update for Microsoft Office Word 2007 (KB950113)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{D9806966-6AA1-4B55-9528-6748E37CEE86}" = Update for Outlook 2007 Junk Email Filter (kb955433)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}" = Security Update for Microsoft Office Publisher 2007 (KB950114)
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"avast!" = avast! Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"M929729" = Microsoft .NET Framework 1.1 Hotfix (KB929729)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"ProcessScanner_is1" = Uniblue ProcessScanner
"Steam App 440" = Team Fortress 2
"UBCD4Win_is1" = UBCD4Win 3.13
"ULTIMATER" = Microsoft Office Ultimate 2007
"Winamp" = Winamp

===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====


===== Winsock2 Catalogs =====

===== Protocol Defaults =====


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap - 4 = Restricted sites (Not a Default Protocol)
news - 4 = Restricted sites (Not a Default Protocol)
nntp - 4 = Restricted sites (Not a Default Protocol)
oecmd - 4 = Restricted sites (Not a Default Protocol)
snews - 4 = Restricted sites (Not a Default Protocol)

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt - @ivt protocol not assigned
file - file protocol not assigned
ftp - ftp protocol not assigned
http - http protocol not assigned
https - https protocol not assigned
shell - shell protocol not assigned

===== Protocol Defaults =====


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt - @ivt protocol not assigned
file - file protocol not assigned
ftp - ftp protocol not assigned
http - http protocol not assigned
https - https protocol not assigned
shell - shell protocol not assigned

===== Protocol Defaults =====


===== Protocol Handlers =====

===== Protocol Filters =====

< End of report >

[Essexboy]

OK that is the base files checked out and no pparent problems there. Lets now check for rootkits

Please Download Avast Rootkit Cleaner to your desktop

Close all running programmes

Run the ASWAR file and select Scan Now

[attachment=22843:start.png]

On completion of the scan you will then have this screen up

[attachment=22844:mid.png]

Now close the programme and on the desktop will be a text file called ASWAR please post that. Do not fix anything yet

The programme will take from 3 to 5 minutes to run.

[razer4040]

hi essexboy, avast found some hidden items:

avast! Antirootkit, version 0.9.6
Scan started: Sunday, August 24, 2008 10:04:31

Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheSizeInMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheStatus=2 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] USBVersion=131072 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] ReadSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] WriteSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] PhysicalDeviceSizeMB=4094 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] RecommendedCacheSizeMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] HasSlowRegions=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DoRetestDevice=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DeviceStatus=1 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] LastTestedTime=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheSizeInMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheStatus=2 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] USBVersion=131072 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] ReadSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] WriteSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] PhysicalDeviceSizeMB=19461 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] RecommendedCacheSizeMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] HasSlowRegions=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DoRetestDevice=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DeviceStatus=1 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] LastTestedTime=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheSizeInMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheStatus=2 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] USBVersion=131072 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] ReadSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] WriteSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] PhysicalDeviceSizeMB=4094 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] RecommendedCacheSizeMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] HasSlowRegions=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DoRetestDevice=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DeviceStatus=1 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] LastTestedTime=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheSizeInMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheStatus=2 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] USBVersion=131072 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] ReadSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] WriteSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] PhysicalDeviceSizeMB=4094 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] RecommendedCacheSizeMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] HasSlowRegions=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DoRetestDevice=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DeviceStatus=1 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] LastTestedTime=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheSizeInMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheStatus=2 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] USBVersion=131072 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] ReadSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] WriteSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] PhysicalDeviceSizeMB=4094 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] RecommendedCacheSizeMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] HasSlowRegions=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DoRetestDevice=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DeviceStatus=1 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] LastTestedTime=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheSizeInMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheStatus=2 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] USBVersion=131072 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] ReadSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] WriteSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] PhysicalDeviceSizeMB=4094 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] RecommendedCacheSizeMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] HasSlowRegions=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DoRetestDevice=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DeviceStatus=1 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] LastTestedTime=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheSizeInMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheStatus=2 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] USBVersion=131072 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] ReadSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] WriteSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] PhysicalDeviceSizeMB=4094 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] RecommendedCacheSizeMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] HasSlowRegions=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DoRetestDevice=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DeviceStatus=1 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] LastTestedTime=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheSizeInMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheStatus=2 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] USBVersion=131072 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] ReadSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] WriteSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] PhysicalDeviceSizeMB=8189 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] RecommendedCacheSizeMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] HasSlowRegions=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DoRetestDevice=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DeviceStatus=1 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] LastTestedTime=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheSizeInMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] CacheStatus=2 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] USBVersion=131072 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] ReadSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] WriteSpeedKBs=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] PhysicalDeviceSizeMB=4094 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] RecommendedCacheSizeMB=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] HasSlowRegions=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DoRetestDevice=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] DeviceStatus=1 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\Ž`Ž`] LastTestedTime=0 **HIDDEN**

Scan finished: Sunday, August 24, 2008 10:15:56
Hidden files found: 0
Hidden registry items found: 108
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


----------

[Essexboy]

That is ready boost, so it is OK - do you use ready boost ?

Apart from that you appear clean - Are you experiencing any problems ?

[razer4040]

hi, i'm not sure if i use ready boost honestly ... not that i'm aware of.

so far the system seems to be running fine.

I appreciate your help!

[Essexboy]

Now the best part of the day ----- Your log now appears clean

A good workman allways cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. With the exception of ASWRAR

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

You are now done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Secunia Software inspector To check your programme update status
• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.