Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Rootkit.Agent.ODG in memory


  • Please log in to reply

#1
peejayw

peejayw

    New Member

  • Member
  • Pip
  • 1 posts
Vista Home Premium/ Acer Aspire 5735

Eset Nod finds the above in memory on startup and is unable to remove. Full scan with Nod stops at 90% reading C:\Users\Default\AppData\Local\Microsoft\Windows (an empty folder)

I have done the following.............

Run AFT Cleaner
Create Restore Point
Run Erunt
Run AntiMalware, nothing found.
Run Rooter, results below.......

===================================================================================
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:114242 Mo/Free:1632 Mo)
D:\ [Fixed] - NTFS - (Total:114229 Mo/Free:1734 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Wed 22/04/2009|15:12

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- ??
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
---------- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
---------- C:\Windows\System32\igfxtray.exe
---------- C:\Windows\System32\hkcmd.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\System32\igfxpers.exe
---------- C:\Windows\RtHDVCpl.exe
---------- C:\Windows\system32\agrsmsvc.exe
---------- C:\PROGRA~1\AVG\AVGLS\avgwdsvc.exe
---------- C:\Windows\PLFSetI.exe
---------- C:\Windows\system32\igfxsrvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\PROGRA~1\AVG\AVGLS\avgnsx.exe
---------- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
---------- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
---------- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
---------- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Acer\Mobility Center\MobilityService.exe
---------- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
---------- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Users\Pat\AppData\Local\Temp\RtkBtMnt.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Program Files\Launch Manager\LManager.exe
---------- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
---------- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
---------- ??
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
---------- C:\Program Files\AVG\AVGLS\avgtray.exe
---------- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
---------- C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
---------- D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
---------- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Windows\ehome\ehtray.exe
---------- D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
---------- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
---------- C:\Windows\ehome\ehmsas.exe
---------- C:\Program Files\OpenOffice.org 3\program\soffice.exe
---------- C:\Windows\system32\igfxext.exe
---------- C:\Windows\system32\igfxsrvc.exe
---------- C:\Program Files\OpenOffice.org 3\program\soffice.bin
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
---------- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
---------- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
---------- C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
---------- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
---------- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
---------- C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
---------- C:\Windows\System32\mobsync.exe
---------- C:\Windows\System32\svchost.exe

===============================================================================================

Run OTListIt2, results below..........

===============================================================================================
OTListIt logfile created on: 22/04/2009 3:30:11 p.m. - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\Pat\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.93 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 46.95% Memory free
4.00 Gb Paging File | 2.74 Gb Available in Paging File | 68.41% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 93.58 Gb Free Space | 83.88% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 109.79 Gb Free Space | 98.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAT-PC
Current User Name: Pat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Windows\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\AVG\AVGLS\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\AVG\AVGLS\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Users\Pat\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\system32\igfxext.exe (Intel Corporation)
PRC - C:\Windows\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\AVG\AVGLS\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe ()
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Users\Pat\Documents\Downloads\OTListIt2 (1).exe (OldTimer Tools)
PRC - \?\C:\Windows\system32\wbem\WMIADAP.EXE File not found
PRC - C:\Users\Pat\Documents\Downloads\OTListIt2 (1).exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\system32\agrsmsvc.exe (Agere Systems)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVGLS\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BUNAgentSvc [Auto | Stopped]) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService [Auto | Running]) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
SRV - (eDataSecurity Service [Auto | Running]) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (ETService [Auto | Running]) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Irmon [Auto | Running]) -- C:\Windows\System32\irmon.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MobilityService [Auto | Running]) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NTIBackupSvc [Auto | Running]) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc [Auto | Running]) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (SBSDWSCService [Auto | Running]) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (b57nd60x [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (btwaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt [On_Demand | Stopped]) -- C:\Windows\system32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdGuard [System | Running]) -- C:\Windows\System32\DRIVERS\cmdguard.sys (COMODO)
DRV - (cmdHlp [System | Running]) -- C:\Windows\System32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DKbFltr [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\DKbFltr.sys (Dritek System Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eamon [Auto | Running]) -- C:\Windows\system32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\Windows\system32\DRIVERS\ehdrv.sys (ESET)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (epfwwfpr [Auto | Running]) -- C:\Windows\system32\DRIVERS\epfwwfpr.sys (ESET)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (inspect [System | Running]) -- C:\Windows\system32\DRIVERS\inspect.sys (COMODO)
DRV - (int15 [Auto | Running]) -- C:\Windows\system32\drivers\int15.sys (Acer, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw5v32 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\NETw5v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\Windows\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\Windows\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (NSCIRDA [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nscirda.sys (National Semiconductor Corporation)
DRV - (NTIDrvr [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (NTIPPKernel [Auto | Running]) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (pcouffin [On_Demand | Running]) -- C:\Windows\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PSDFilter [Boot | Running]) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ [Auto | Running]) -- C:\Windows\system32\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV - (psdvdisk [Auto | Running]) -- C:\Windows\system32\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTSTOR [On_Demand | Running]) -- C:\Windows\system32\drivers\RTSTOR.SYS (Realtek Semiconductor Corp.)
DRV - (SASDIFSV [System | Running]) -- D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (StillCam [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (UBHelper [Boot | Running]) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (upperdev [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (usbser [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbser.sys (Microsoft Corporation)
DRV - (UsbserFilt [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\yk60x86.sys (Marvell)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796} [Auto | Running]) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...p;m=aspire_5735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...p;m=aspire_5735

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...p;m=aspire_5735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...p;m=aspire_5735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVGLS\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVGLS\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVGLS\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" (CyberLink)
O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm (www.BitComet.com)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/22 15:22:47 | 02,668,298 | -H-- | C] () -- C:\Users\Pat\AppData\Local\IconCache.db
[2009/04/22 15:11:54 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/22 15:01:04 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/04/22 15:00:14 | 00,000,569 | ---- | C] () -- C:\Users\Pat\Desktop\NTREGOPT.lnk
[2009/04/22 15:00:14 | 00,000,556 | ---- | C] () -- C:\Users\Pat\Desktop\ERUNT.lnk
[2009/04/22 13:19:05 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/04/22 13:18:43 | 00,000,700 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/22 13:18:41 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\SUPERAntiSpyware.com
[2009/04/22 13:17:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/22 12:21:37 | 00,000,000 | ---D | C] -- C:\fixwareout
[2009/04/22 11:17:13 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009/04/22 11:17:13 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/04/22 10:15:35 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/04/22 10:15:21 | 25,398,8861 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/04/22 09:20:06 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/04/22 08:32:35 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Xilisoft Corporation
[2009/04/21 21:20:58 | 00,251,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/04/21 21:20:57 | 00,108,296 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/04/21 21:20:52 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/21 21:20:51 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8ls
[2009/04/21 18:07:50 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Malwarebytes
[2009/04/21 18:07:35 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/21 18:07:35 | 00,000,620 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/21 18:07:25 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/21 18:07:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/04/21 16:44:28 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VCdRom.sys
[2009/04/21 12:01:04 | 00,000,000 | ---D | C] -- C:\ProgramData\WeFi
[2009/04/21 12:00:53 | 00,000,000 | ---D | C] -- C:\Program Files\WeFi
[2009/04/21 11:15:15 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\DVDFab
[2009/04/21 10:46:53 | 00,010,344 | ---- | C] () -- C:\Users\Pat\Documents\DVD's.ods
[2009/04/20 22:10:07 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Thinstall
[2009/04/20 22:10:07 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Thinstall
[2009/04/20 21:57:50 | 00,000,000 | ---D | C] -- C:\Users\Pat\Desktop\TriblerDownloads
[2009/04/20 21:57:49 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\.Tribler
[2009/04/20 21:57:21 | 00,000,622 | ---- | C] () -- C:\Users\Pat\Desktop\Tribler.lnk
[2009/04/19 19:01:03 | 00,299,552 | ---- | C] () -- C:\Windows\wmsysprx.prx
[2009/04/19 18:59:41 | 00,000,000 | ---D | C] -- C:\Users\Pat\Documents\Acoustica
[2009/04/19 18:59:41 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Acoustica
[2009/04/19 17:37:09 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Canon
[2009/04/19 08:08:36 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\HiT-MM
[2009/04/19 08:04:42 | 00,001,070 | ---- | C] () -- C:\Users\Pat\Desktop\Hidden in Time - Mirror Mirror.lnk
[2009/04/19 07:47:03 | 43,025,744 | ---- | C] (Big Fish Games ) -- C:\Users\Pat\Desktop\Hidden in Time Mirror Mirror Strategy Guide.exe
[2009/04/18 22:38:56 | 00,000,000 | ---D | C] -- C:\Program Files\VistaCodecPack
[2009/04/18 22:38:18 | 00,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2009/04/18 22:05:30 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\PowerCinema
[2009/04/18 22:04:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Temp
[2009/04/18 21:57:15 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009/04/18 21:54:42 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Media Player Classic
[2009/04/18 21:50:21 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2009/04/18 21:50:21 | 00,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2009/04/18 21:50:20 | 00,000,000 | ---D | C] -- C:\Program Files\VSO
[2009/04/18 21:42:50 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/04/18 21:42:42 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/04/18 21:42:42 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/04/18 21:24:26 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2009/04/18 20:54:02 | 00,006,144 | ---- | C] () -- C:\Users\Pat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/18 20:41:53 | 00,010,071 | ---- | C] () -- C:\Users\Pat\Documents\CarRepayments.ods
[2009/04/18 19:24:05 | 00,082,193 | ---- | C] () -- C:\Users\Pat\Documents\3dglasses.pdf
[2009/04/18 16:32:55 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\uTorrent
[2009/04/18 08:00:35 | 00,001,032 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
[2009/04/18 07:59:55 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\OpenOffice.org
[2009/04/18 07:13:13 | 00,001,422 | ---- | C] () -- C:\Users\Pat\Documents\ult_intrvl.bas
[2009/04/17 20:33:02 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\WinRAR
[2009/04/17 20:31:16 | 00,000,000 | ---D | C] -- C:\Windows\WinRAR
[2009/04/17 18:14:00 | 00,123,891 | ---- | C] () -- C:\Users\Pat\Documents\IMG.jpg
[2009/04/17 17:17:36 | 00,000,680 | ---- | C] () -- C:\Users\Pat\AppData\Local\d3d9caps.dat
[2009/04/16 21:14:06 | 00,000,000 | ---D | C] -- C:\Users\Pat\Documents\E-Books
[2009/04/16 17:55:38 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\2talkPhone
[2009/04/16 17:41:25 | 00,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2009/04/16 17:40:27 | 00,000,000 | ---D | C] -- C:\ProgramData\NtiDvdCopy
[2009/04/16 07:14:31 | 00,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2009/04/16 07:14:31 | 00,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2009/04/16 07:14:31 | 00,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2009/04/16 07:14:31 | 00,054,784 | RHS- | C] (RadLight) -- C:\Windows\System32\RLAPEDec.ax
[2009/04/16 07:14:31 | 00,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2009/04/16 07:14:31 | 00,037,888 | RHS- | C] (RadLight) -- C:\Windows\System32\RLMPCDec.ax
[2009/04/16 07:14:30 | 00,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2009/04/16 07:14:30 | 00,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2009/04/16 07:14:30 | 00,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2009/04/16 07:14:30 | 00,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2009/04/16 07:14:30 | 00,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2009/04/16 07:14:30 | 00,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2009/04/16 07:14:30 | 00,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2009/04/16 07:14:30 | 00,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2009/04/16 07:14:30 | 00,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2009/04/16 07:14:30 | 00,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2009/04/16 06:55:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/04/16 06:52:01 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/04/16 06:51:56 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/04/16 06:46:47 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/04/16 06:46:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/04/16 06:46:41 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/16 06:43:15 | 00,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack
[2009/04/16 05:39:25 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\IsolatedStorage
[2009/04/16 05:39:16 | 00,000,000 | ---D | C] -- C:\Users\Pat\Documents\Family Tree Maker
[2009/04/16 05:39:02 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\The_Generations_Network
[2009/04/16 05:38:48 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/04/16 05:38:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2009/04/16 05:36:48 | 00,000,000 | ---D | C] -- C:\Program Files\BCL Technologies
[2009/04/15 21:37:31 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\CD-LabelPrint
[2009/04/15 21:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\Canon
[2009/04/15 21:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\CD-LabelPrint
[2009/04/15 21:31:50 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2009/04/15 21:31:38 | 00,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2009/04/15 21:30:38 | 00,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2009/04/15 21:03:10 | 00,000,000 | ---D | C] -- C:\Users\Pat\Documents\DVDFab
[2009/04/15 20:44:46 | 00,000,668 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\vso_ts_preview.xml
[2009/04/15 20:43:34 | 00,087,608 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\inst.exe
[2009/04/15 20:43:34 | 00,047,360 | ---- | C] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
[2009/04/15 20:43:34 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Pat\AppData\Roaming\pcouffin.sys
[2009/04/15 20:43:34 | 00,007,887 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\pcouffin.cat
[2009/04/15 20:43:34 | 00,001,144 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\pcouffin.inf
[2009/04/15 20:43:34 | 00,000,000 | ---D | C] -- C:\Users\Pat\Documents\PcSetup
[2009/04/15 20:43:34 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Vso
[2009/04/15 20:14:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/04/15 20:08:47 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/04/15 19:06:05 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2009/04/15 19:04:56 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009/04/15 18:44:43 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\PC Suite
[2009/04/15 18:44:16 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2009/04/15 18:44:15 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Nokia
[2009/04/15 18:41:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2009/04/15 18:41:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2009/04/15 18:41:15 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/04/15 18:41:13 | 00,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2009/04/15 18:40:21 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/04/15 18:40:08 | 00,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2009/04/15 18:38:15 | 00,091,136 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2009/04/15 18:36:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Installations
[2009/04/15 16:09:26 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/04/15 16:09:19 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/04/15 16:07:22 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/04/15 16:07:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009/04/15 15:28:54 | 00,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2009/04/15 15:19:34 | 00,000,000 | ---D | C] -- C:\Program Files\NZ Open Autorouting GPS Project
[2009/04/15 15:15:10 | 00,000,000 | ---D | C] -- C:\Users\Pat\Documents\My Garmin
[2009/04/15 15:15:09 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\GARMIN
[2009/04/15 15:11:46 | 00,000,000 | ---D | C] -- C:\Garmin
[2009/04/15 14:57:53 | 00,000,000 | ---D | C] -- C:\Users\Pat\Documents\Downloads
[2009/04/15 14:56:23 | 00,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1930057645-3519687672-4227020109-1000.job
[2009/04/15 14:55:42 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Apps
[2009/04/15 14:55:41 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Deployment
[2009/04/15 14:37:37 | 00,000,000 | ---D | C] -- C:\Users\Pat\Documents\Bluetooth Exchange Folder
[2009/04/15 14:35:48 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/15 14:35:47 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\skypePM
[2009/04/15 14:34:50 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Skype
[2009/04/15 14:34:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/04/15 14:34:37 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/04/15 14:26:57 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/04/15 14:22:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/04/15 14:08:04 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/04/15 14:08:03 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/04/15 14:08:03 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/04/15 14:08:03 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/04/15 14:08:03 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/04/15 14:08:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/04/15 14:08:01 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/04/15 14:08:00 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/04/15 14:02:32 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/04/15 14:02:30 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/04/15 14:02:28 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/04/15 14:02:21 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/04/15 14:02:19 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/04/15 14:00:35 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/04/15 14:00:33 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/15 14:00:33 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/15 14:00:33 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/15 14:00:33 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/15 14:00:33 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/15 14:00:25 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/15 14:00:25 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/15 14:00:25 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/15 14:00:25 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/15 14:00:24 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/15 14:00:24 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/15 14:00:24 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/15 14:00:24 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/15 14:00:24 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/15 14:00:24 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/15 14:00:09 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/04/15 14:00:09 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/04/15 14:00:09 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/04/15 14:00:08 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/04/15 14:00:08 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/04/15 14:00:03 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/04/15 14:00:02 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/04/15 14:00:00 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/04/15 14:00:00 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/04/15 13:59:58 | 02,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/04/15 13:59:58 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/04/15 13:59:57 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/04/15 13:59:57 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/04/15 13:59:53 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/04/15 13:59:52 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/04/15 13:59:52 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/04/15 13:59:52 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/04/15 13:59:52 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/04/15 13:59:50 | 01,191,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/04/15 13:59:47 | 11,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/04/15 13:59:41 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/04/15 13:59:40 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/04/15 13:59:38 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/04/15 13:59:38 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/04/15 13:59:38 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/04/15 13:59:36 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/04/15 13:59:34 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/15 13:59:34 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/15 13:59:33 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/04/15 13:59:32 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/15 13:59:31 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/04/15 13:59:05 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/04/15 13:59:03 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/04/15 13:59:03 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/04/15 13:59:03 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/04/15 13:59:03 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/04/15 13:59:03 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/04/15 13:59:01 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/04/15 13:58:55 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/15 13:58:54 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/15 13:58:54 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/15 13:58:53 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/15 13:58:53 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/15 13:58:53 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/15 13:58:53 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/15 13:58:53 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/15 13:58:53 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/15 13:58:53 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/15 13:58:53 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/15 13:58:53 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/15 13:58:53 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/15 13:58:52 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/15 13:58:52 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/15 13:58:50 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/04/15 13:58:49 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/04/15 13:58:49 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/04/15 13:55:49 | 01,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/04/15 13:49:55 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/04/15 13:49:55 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/04/15 13:49:55 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/04/15 13:49:55 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/04/15 13:49:39 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/04/15 13:49:39 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/04/15 13:49:39 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/04/15 13:49:31 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/04/15 13:49:31 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/04/15 13:46:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2009/04/15 13:46:22 | 00,155,384 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2009/04/15 13:46:22 | 00,108,560 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009/04/15 13:46:22 | 00,068,112 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/04/15 13:46:22 | 00,028,688 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009/04/15 13:46:21 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/04/15 13:44:16 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/04/15 13:29:16 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Adobe
[2009/04/15 13:23:33 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Seven Zip
[2009/04/15 12:54:17 | 00,000,000 | -HSD | C] -- C:\Users\Pat\AppData\Roaming\.#
[2009/04/15 12:53:44 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\CyberLink
[2009/04/15 12:53:40 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\SoftDMA
[2009/04/15 12:53:34 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\CyberLink
[2009/04/15 11:57:41 | 00,000,000 | ---D | C] -- C:\Users\Pat\Documents\My Google Gadgets
[2009/04/15 11:57:30 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Macromedia
[2009/04/15 11:57:29 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\PlayMovie
[2009/04/15 11:57:26 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\PowerCinema
[2009/04/15 11:57:19 | 00,073,056 | ---- | C] () -- C:\Users\Pat\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/04/15 11:57:08 | 00,000,402 | -HS- | C] () -- C:\Users\Pat\Documents\desktop.ini
[2009/04/15 11:57:08 | 00,000,174 | -HS- | C] () -- C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/04/15 11:57:07 | 00,000,282 | -HS- | C] () -- C:\Users\Pat\Desktop\desktop.ini
[2009/04/15 11:56:54 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Identities
[2009/04/15 11:56:44 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Google
[2009/04/15 11:56:44 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Google
[2009/04/15 11:56:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/04/15 11:55:59 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/04/15 11:55:11 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\VirtualStore
[2009/04/15 11:55:06 | 00,000,000 | -HSD | C] -- C:\Users\Pat\AppData\Local\Temporary Internet Files
[2009/04/15 11:55:05 | 00,000,000 | -HSD | C] -- C:\Users\Pat\AppData\Local\History
[2009/04/15 11:55:05 | 00,000,000 | -HSD | C] -- C:\Users\Pat\AppData\Local\Application Data
[2009/04/15 11:55:04 | 00,000,000 | --SD | C] -- C:\Users\Pat\AppData\Roaming\Microsoft
[2009/04/15 11:55:04 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Media Center Programs
[2009/04/15 11:55:04 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Acer GameZone Console
[2009/04/15 11:55:04 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Temp
[2009/04/15 11:55:04 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Microsoft
[2009/04/06 03:18:46 | 00,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/04/05 20:37:12 | 00,000,395 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\settings.ini
[2009/03/30 01:57:56 | 00,062,149 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2008/12/12 14:28:15 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2008/12/12 14:13:29 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/12/12 13:49:24 | 00,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/12/12 13:47:27 | 00,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/12/12 13:47:27 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/12/12 13:43:26 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/12/07 14:08:06 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/07 14:08:04 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/09/12 16:21:02 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/04/30 21:56:55 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/04/30 21:54:06 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/30 21:54:06 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/30 20:09:06 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/30 20:09:01 | 00,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/04/30 20:09:01 | 00,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/04/30 20:09:01 | 00,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/09/04 12:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/03/29 22:00:40 | 00,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll
[2007/02/05 21:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/03 00:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 22:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 22:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 19:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/27 11:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/15 08:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 18:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 11:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 17:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Files - Modified Within 30 Days ==========

[2009/04/22 15:31:19 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/22 15:31:19 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/22 15:31:19 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/22 15:24:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/22 15:24:40 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/04/22 15:24:40 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/04/22 15:24:31 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/22 15:23:32 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/04/22 15:22:47 | 02,668,298 | -H-- | M] () -- C:\Users\Pat\AppData\Local\IconCache.db
[2009/04/22 15:00:14 | 00,000,569 | ---- | M] () -- C:\Users\Pat\Desktop\NTREGOPT.lnk
[2009/04/22 15:00:14 | 00,000,556 | ---- | M] () -- C:\Users\Pat\Desktop\ERUNT.lnk
[2009/04/22 13:18:43 | 00,000,700 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/22 12:55:18 | 25,398,8861 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/04/22 09:20:06 | 00,717,296 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/04/21 21:20:58 | 00,251,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/04/21 21:20:57 | 00,108,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/04/21 18:07:35 | 00,000,620 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/21 17:46:19 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/04/21 16:38:10 | 00,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2009/04/21 15:05:05 | 00,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1930057645-3519687672-4227020109-1000.job
[2009/04/21 10:52:57 | 00,010,344 | ---- | M] () -- C:\Users\Pat\Documents\DVD's.ods
[2009/04/20 21:57:21 | 00,000,622 | ---- | M] () -- C:\Users\Pat\Desktop\Tribler.lnk
[2009/04/20 17:52:52 | 00,000,668 | ---- | M] () -- C:\Users\Pat\AppData\Roaming\vso_ts_preview.xml
[2009/04/20 06:51:22 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/04/19 20:22:46 | 00,006,144 | ---- | M] () -- C:\Users\Pat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 19:16:49 | 00,000,680 | ---- | M] () -- C:\Users\Pat\AppData\Local\d3d9caps.dat
[2009/04/19 08:04:42 | 00,001,070 | ---- | M] () -- C:\Users\Pat\Desktop\Hidden in Time - Mirror Mirror.lnk
[2009/04/19 08:02:59 | 43,025,744 | ---- | M] (Big Fish Games ) -- C:\Users\Pat\Desktop\Hidden in Time Mirror Mirror Strategy Guide.exe
[2009/04/18 21:50:30 | 00,087,608 | ---- | M] () -- C:\Users\Pat\AppData\Roaming\inst.exe
[2009/04/18 21:50:30 | 00,047,360 | ---- | M] (VSO Software) -- C:\Users\Pat\AppData\Roaming\pcouffin.sys
[2009/04/18 21:50:30 | 00,007,887 | ---- | M] () -- C:\Users\Pat\AppData\Roaming\pcouffin.cat
[2009/04/18 21:50:30 | 00,001,144 | ---- | M] () -- C:\Users\Pat\AppData\Roaming\pcouffin.inf
[2009/04/18 21:42:42 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/04/18 21:42:42 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/18 20:44:46 | 00,010,071 | ---- | M] () -- C:\Users\Pat\Documents\CarRepayments.ods
[2009/04/18 19:24:05 | 00,082,193 | ---- | M] () -- C:\Users\Pat\Documents\3dglasses.pdf
[2009/04/18 08:00:35 | 00,001,032 | ---- | M] () -- C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
[2009/04/18 07:50:51 | 00,123,891 | ---- | M] () -- C:\Users\Pat\Documents\IMG.jpg
[2009/04/18 07:13:13 | 00,001,422 | ---- | M] () -- C:\Users\Pat\Documents\ult_intrvl.bas
[2009/04/16 06:51:02 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/04/16 03:48:30 | 00,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/04/15 20:43:34 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
[2009/04/15 19:08:59 | 00,073,056 | ---- | M] () -- C:\Users\Pat\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/04/15 19:07:59 | 00,309,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/04/15 19:06:05 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2009/04/15 19:04:56 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009/04/15 14:35:48 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/04/15 13:46:21 | 00,155,384 | ---- | M] () -- C:\Windows\System32\guard32.dll
[2009/04/15 13:46:21 | 00,108,560 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009/04/15 13:46:21 | 00,068,112 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/04/15 13:46:21 | 00,028,688 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009/04/15 11:58:36 | 00,000,201 | ---- | M] () -- C:\Windows\USER.XML
[2009/04/15 11:57:08 | 00,000,402 | -HS- | M] () -- C:\Users\Pat\Documents\desktop.ini
[2009/04/15 11:57:08 | 00,000,174 | -HS- | M] () -- C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/04/15 11:57:07 | 00,000,282 | -HS- | M] () -- C:\Users\Pat\Desktop\desktop.ini
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/04/06 03:18:46 | 00,084,480 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2009/04/05 20:37:12 | 00,000,395 | ---- | M] () -- C:\Users\Pat\AppData\Roaming\settings.ini
[2009/03/30 01:57:56 | 00,062,149 | ---- | M] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:FC1E84C9
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:C07A6A6B
< End of report >
============================================================================================

OTListIt Extras logfile created on: 22/04/2009 3:30:11 p.m. - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\Pat\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.93 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 46.95% Memory free
4.00 Gb Paging File | 2.74 Gb Available in Paging File | 68.41% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 93.58 Gb Free Space | 83.88% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 109.79 Gb Free Space | 98.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAT-PC
Current User Name: Pat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{7078B4DE-B9C5-45D2-845C-F67F9BD8065D}" = Garmin Mobile PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.3.139
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CBD8A89-45F4-4203-9923-673F72603747}" = Adobe Photoshop Lightroom 2.3
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0FB354-3D85-483A-A899-99FB3084942D}" = Garmin MapSource
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDF97135-7FD2-4289-96B8-DD4505267ACD}" = ESET NOD32 Antivirus
"{CE1B03BC-3C99-4580-A2AC-A41DB9B83378}" = EasyWeather
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"2talkPhone" = 2talkPhone 2.1
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avg8LsUninstall" = AVG LinkScanner® 8.5
"BitComet" = BitComet 1.10
"CanonMyPrinter" = Canon Utilities My Printer
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO Internet Security" = COMODO Internet Security
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"Dynamic-Photo HDR 4_is1" = Dynamic-Photo HDR 4.3
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Family Tree Maker 2009" = Family Tree Maker 2009
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hidden in Time - Mirror Mirror 1.00" = Hidden in Time - Mirror Mirror 1.00
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Neat Image_is1" = Neat Image v6.0 Pro+
"Nokia PC Suite" = Nokia PC Suite
"NZ Open Autorouting GPS Project" = NZ Open Autorouting GPS Project Version - Refer to filename prefix yyyymmdd
"POKATUninstall_is1" = POKATreader
"Revo Uninstaller" = Revo Uninstaller 1.80
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tribler" = Tribler (remove only)
"WeFi" = WeFi 3.6.0.7
"WinRAR" = WinRAR
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/04/2009 7:32:50 p.m. | Computer Name = Pat-PC | Source = Application Error | ID = 1000
Description = Faulting application UPNP.exe, version 1.0.6.8, time stamp 0x46683866,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x00044675, process id 0x880, application start time
0x01c9c21051ba5867.

Error - 20/04/2009 8:08:50 p.m. | Computer Name = Pat-PC | Source = VSS | ID = 8194
Description =

Error - 20/04/2009 8:14:09 p.m. | Computer Name = Pat-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/04/2009 1:46:09 a.m. | Computer Name = Pat-PC | Source = Application Error | ID = 1000
Description = Faulting application sched.exe, version 9.0.0.5, time stamp 0x49afd481,
faulting module MSVCR90.dll, version 9.0.30729.1, time stamp 0x488ef6c5, exception
code 0xc0000417, fault offset 0x0006c955, process id 0x590, application start time
0x01c9c2447604a3b8.

Error - 21/04/2009 1:46:11 a.m. | Computer Name = Pat-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/04/2009 1:54:39 a.m. | Computer Name = Pat-PC | Source = Application Error | ID = 1000
Description = Faulting application sched.exe, version 9.0.0.5, time stamp 0x49afd481,
faulting module MSVCR90.dll, version 9.0.30729.1, time stamp 0x488ef6c5, exception
code 0xc0000417, fault offset 0x0006c955, process id 0x42c, application start time
0x01c9c245a74df541.

Error - 21/04/2009 1:54:47 a.m. | Computer Name = Pat-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/04/2009 2:00:16 a.m. | Computer Name = Pat-PC | Source = Application Error | ID = 1000
Description = Faulting application sched.exe, version 9.0.0.5, time stamp 0x49afd481,
faulting module MSVCR90.dll, version 9.0.30729.1, time stamp 0x488ef6c5, exception
code 0xc0000417, fault offset 0x0006c955, process id 0x550, application start time
0x01c9c24670044f57.

Error - 21/04/2009 2:00:25 a.m. | Computer Name = Pat-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/04/2009 2:37:05 a.m. | Computer Name = Pat-PC | Source = Application Error | ID = 1000
Description = Faulting application UPNP.exe, version 1.0.6.8, time stamp 0x46683866,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x00044675, process id 0x1698, application start time
0x01c9c24b95a1d1b7.

[ System Events ]
Error - 18/04/2009 2:47:51 p.m. | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/04/2009 2:47:51 p.m. | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 18/04/2009 3:49:41 p.m. | Computer Name = Pat-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
00216B059C04 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent
a DHCPNACK message).

Error - 19/04/2009 12:20:11 a.m. | Computer Name = Pat-PC | Source = HTTP | ID = 15016
Description =

Error - 19/04/2009 12:20:31 a.m. | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19/04/2009 12:20:31 a.m. | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 19/04/2009 12:56:12 a.m. | Computer Name = Pat-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
00216B059C04 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent
a DHCPNACK message).

Error - 19/04/2009 2:31:40 p.m. | Computer Name = Pat-PC | Source = HTTP | ID = 15016
Description =

Error - 19/04/2009 2:32:05 p.m. | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19/04/2009 2:32:05 p.m. | Computer Name = Pat-PC | Source = Service Control Manager | ID = 7024
Description =


< End of report >
=========================================================================================

Thanks for any help with this
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP