Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Alureon.H [Closed]


  • This topic is locked This topic is locked

#1
bro1

bro1

    New Member

  • Member
  • Pip
  • 4 posts
Attached File  Extras.Txt   38.75KB   124 downloads

Welcome to Geeks to Go, aj95023.

I will be helping you with your malware issues.

Before we get started, please read the following.

  • Please completely read through all instructions given you before attempting to follow them. If you are confused about any part of the instructions, post back with your questions and we'll figure things out.
  • Please post all logs in their entirety. DO NOT attach logs to a post unless I ask you to do that. Rather copy and paste the contents of the logs directly into the post.
  • Please refrain from running any tools or otherwise performing any fixes other than what I ask you to do.
  • Finally, do not PM me directly for help. If you have any questions, post them in this topic.


You really shouldn't run ComboFix without being advised to do so.




Continue with these scans.



»» Step 1 ««

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.




»» Step 2 ««

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.





»» Step 3 ««

OTL Scan
  • Download OTL to your desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    beep.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    ahcix86s.sys
    KR10N.sys
    nvstor32.sys
    nvrd32.sys
    explorer.exe
    svchost.exe
    userinit.exe
    symmpi.sys
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    srsvc.dll
    adp3132.sys
    mv61xx.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.





»» Step 4 ««

Post Logs
Please post back with the following information:
  • GMER Log
  • MBAM Log
  • OTL Log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-17 22:32:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: G:\DOCUME~1\CARLBR~1\LOCALS~1\Temp\fxldqpod.sys


---- User code sections - GMER 1.0.15 ----

.text G:\Program Files\Internet Explorer\iexplore.exe[700] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text G:\Program Files\Internet Explorer\iexplore.exe[700] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text G:\Program Files\Internet Explorer\iexplore.exe[700] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100EC20C G:\Program Files\live-tv-software\tbliv0.dll (Conduit Toolbar/Conduit Ltd.)
.text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100EC3DC G:\Program Files\live-tv-software\tbliv0.dll (Conduit Toolbar/Conduit Ltd.)
.text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text G:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text G:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text G:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text G:\WINDOWS\System32\svchost.exe[1276] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02F0000A
.text G:\WINDOWS\System32\svchost.exe[1276] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 02EF000A
.text G:\WINDOWS\Explorer.EXE[2008] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text G:\WINDOWS\Explorer.EXE[2008] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text G:\WINDOWS\Explorer.EXE[2008] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100EC20C G:\Program Files\live-tv-software\tbliv0.dll (Conduit Toolbar/Conduit Ltd.)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100EC3DC G:\Program Files\live-tv-software\tbliv0.dll (Conduit Toolbar/Conduit Ltd.)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[2684] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT G:\Program Files\Internet Explorer\iexplore.exe[2684] @ G:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] G:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C6200 [email protected] 3252796
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C6200 series (Copy 1)@ChangeID 3252796

---- Files - GMER 1.0.15 ----

File G:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt 0 bytes

---- EOF - GMER 1.0.15 ----


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4110

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/17/2010 10:52:30 PM
mbam-log-2010-05-17 (22-52-30).txt

Scan type: Quick scan
Objects scanned: 122684
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rxbktyjc (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
G:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
G:\Program Files\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.

Files Infected:
G:\Program Files\BitDownload\BitDownload Setup Components (Trojan.Swizzor) -> Quarantined and deleted successfully.


OTL logfile created on: 5/17/2010 11:04:30 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = G:\Documents and Settings\Carl Bright\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 17.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): G:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 34.96 Gb Total Space | 23.82 Gb Free Space | 68.12% Space Free | Partition Type: NTFS
Drive D: | 10.32 Gb Total Space | 3.80 Gb Free Space | 36.84% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.04 Gb Total Space | 136.11 Gb Free Space | 91.32% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CPR4000
Current User Name: Carl Bright
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - G:\Documents and Settings\Carl Bright\Desktop\OTL.exe (OldTimer Tools)
PRC - G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - G:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Documents and Settings\Carl Bright\Local Settings\Temp\Rar$EX02.328\gmer.exe ()
PRC - G:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - G:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - G:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - G:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
PRC - G:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - G:\WINDOWS\system32\S3Trayp.exe (S3 Graphics Co., Ltd.)
PRC - G:\Program Files\RAXCO\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
PRC - G:\Program Files\RAXCO\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
PRC - G:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - G:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
PRC - G:\Program Files\WinRAR\WinRAR.exe ()
PRC - G:\WINDOWS\system32\drivers\dcfssvc.exe (Eastman Kodak Company)


========== Modules (SafeList) ==========

MOD - G:\Documents and Settings\Carl Bright\Desktop\OTL.exe (OldTimer Tools)
MOD - G:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- G:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- G:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TomTomHOMEService) -- G:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ZuneNetworkSvc) -- g:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- G:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- G:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (aawservice) -- G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (PDEngine) -- G:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
SRV - (PDAgent) -- G:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV - (Dcfssvc) -- G:\WINDOWS\system32\drivers\dcfssvc.exe (Eastman Kodak Company)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- G:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AvgTdiX) -- G:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- G:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- G:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (zumbus) -- G:\WINDOWS\system32\drivers\zumbus.sys (Microsoft Corporation)
DRV - (HDAudBus) -- G:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (S3GIGP) -- G:\WINDOWS\system32\drivers\S3gIGPm.sys (S3 Graphics Co., Ltd.)
DRV - (videX32) -- G:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (ViPrt) -- G:\WINDOWS\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)
DRV - (ViBus) -- G:\WINDOWS\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- G:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (VNICPKT5) -- G:\WINDOWS\system32\VNICPKT5.sys (VIA Technologies, Inc.)
DRV - (DefragFS) -- G:\WINDOWS\system32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (AsIO) -- G:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (ndiscm) -- G:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)
DRV - (MTsensor) -- G:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (filter) -- G:\WINDOWS\system32\drivers\filter.sys (Walter Oney Software)
DRV - (PalmUSBD) -- G:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (Exportit) -- G:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)
DRV - (DcCam) -- G:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)
DRV - (usbcm) -- G:\WINDOWS\system32\drivers\usbcm.sys (Microsystems Corp)
DRV - (DcFpoint) -- G:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)
DRV - (DcPTP) -- G:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)
DRV - (DCFS2K) -- G:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)
DRV - (DcLps) -- G:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = G:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = G:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - G:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: g:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: G:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/24 22:57:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: G:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/23 17:10:20 | 000,000,000 | ---D | M]

[2010/01/22 09:11:27 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Mozilla\Extensions
[2010/01/22 09:11:27 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\Carl Bright\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/06/02 08:08:41 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Mozilla\Extensions\[email protected]
[2010/01/22 09:13:02 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Mozilla\Firefox\Profiles\p339kv8a.default\extensions
[2010/01/22 09:13:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- G:\Documents and Settings\Carl Bright\Application Data\Mozilla\Firefox\Profiles\p339kv8a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - G:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - G:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (live-tv-software Toolbar) - {9adbbe57-3893-4392-aed6-e6cc7ba3d6f5} - G:\Program Files\live-tv-software\tbliv0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - G:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - G:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - G:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (live-tv-software Toolbar) - {9adbbe57-3893-4392-aed6-e6cc7ba3d6f5} - G:\Program Files\live-tv-software\tbliv0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - G:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - G:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - G:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - G:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (live-tv-software Toolbar) - {9ADBBE57-3893-4392-AED6-E6CC7BA3D6F5} - G:\Program Files\live-tv-software\tbliv0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - G:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - G:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] G:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] G:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FlashIcon] G:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe (Neodio Corp.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [ISTray] G:\Program Files\Spyware Doctor\pctsTray.exe File not found
O4 - HKLM..\Run: [Microsoft Works Portfolio] G:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] G:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PrinTray] G:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [RTHDCPL] G:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [rxbktyjc] G:\Documents and Settings\Carl Bright\Local Settings\Application Data\adhqxqpli\cneskustssd.exe File not found
O4 - HKLM..\Run: [S3Trayp] G:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SkyTel] G:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VTTimer] G:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [WorksFUD] G:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Zune Launcher] g:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] G:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] G:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] G:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - G:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - G:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - G:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - G:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://www.driverage...driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.76.227.40 208.180.42.68
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - G:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - G:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - G:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - G:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - G:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - G:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - G:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - G:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - G:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - G:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (G:\WINDOWS\system32\userinit.exe) - G:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - G:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - G:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - G:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - G:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - G:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - G:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - G:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - G:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - G:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - G:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - G:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - G:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - G:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - G:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - G:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: G:\Documents and Settings\Carl Bright\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: G:\Documents and Settings\Carl Bright\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - G:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - G:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - G:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - G:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - G:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - G:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - G:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - G:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - G:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - G:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/20 08:10:33 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2e68500c-f89d-11dd-97a1-000e9b0668a5}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - G:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - G:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - G:\WINDOWS\system32\ias [2007/11/26 16:14:38 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - G:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: aawservice - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - G:\WINDOWS\system32\drivers\filter.sys (Walter Oney Software)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - G:\WINDOWS\system32\drivers\filter.sys (Walter Oney Software)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection G:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection G:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - G:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - g:\WINDOWS\system32\Rundll32.exe g:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - G:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - G:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - G:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "G:\WINDOWS\system32\rundll32.exe" "G:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - G:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - G:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - G:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - G:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - G:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - G:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - G:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - G:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - G:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (11272609819787264)

========== Files/Folders - Created Within 30 Days ==========

[2100/02/08 17:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- G:\Program Files\ACMonitor_X73.exe
[2010/05/17 22:59:19 | 000,571,392 | ---- | C] (OldTimer Tools) -- G:\Documents and Settings\Carl Bright\Desktop\OTL.exe
[2010/05/17 22:41:37 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Carl Bright\Application Data\Malwarebytes
[2010/05/17 22:41:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/17 22:41:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbam.sys
[2010/05/17 22:41:26 | 000,000,000 | ---D | C] -- G:\Program Files\Malwarebytes' Anti-Malware
[2010/05/17 22:41:26 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/17 21:02:36 | 000,221,568 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\MpSigStub.exe
[2010/05/17 20:02:09 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\PC Tools
[2010/05/17 19:56:28 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Carl Bright\Application Data\GetRightToGo
[2010/05/15 07:18:16 | 000,000,000 | ---D | C] -- G:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/15 07:18:14 | 000,000,000 | ---D | C] -- G:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/13 07:50:53 | 000,000,000 | ---D | C] -- G:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/05/13 07:50:51 | 000,000,000 | ---D | C] -- G:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2010/05/13 07:50:51 | 000,000,000 | ---D | C] -- G:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/05/13 07:50:51 | 000,000,000 | ---D | C] -- G:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/05/10 11:57:01 | 000,000,000 | ---D | C] -- G:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/08 22:23:51 | 000,000,000 | ---D | C] -- G:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/08 22:18:38 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Carl Bright\Local Settings\Application Data\adhqxqpli
[2007/11/26 16:41:49 | 000,073,728 | ---- | C] ( ) -- G:\WINDOWS\System32\VNICPKT.DLL
[3 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/17 23:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At24.job
[2010/05/17 22:57:48 | 000,571,392 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\Carl Bright\Desktop\OTL.exe
[2010/05/17 22:41:30 | 000,000,696 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/17 22:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At23.job
[2010/05/17 21:24:39 | 000,284,915 | ---- | M] () -- G:\Documents and Settings\Carl Bright\Desktop\gmer.zip
[2010/05/17 21:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At22.job
[2010/05/17 20:35:51 | 000,000,006 | -H-- | M] () -- G:\WINDOWS\tasks\SA.DAT
[2010/05/17 20:35:43 | 000,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2010/05/17 20:34:28 | 005,238,784 | ---- | M] () -- G:\Documents and Settings\Carl Bright\ntuser.dat
[2010/05/17 20:34:28 | 000,000,278 | -HS- | M] () -- G:\Documents and Settings\Carl Bright\ntuser.ini
[2010/05/17 20:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At21.job
[2010/05/17 19:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At20.job
[2010/05/17 18:35:31 | 060,085,298 | ---- | M] () -- G:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/17 18:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At19.job
[2010/05/17 17:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At18.job
[2010/05/17 16:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At17.job
[2010/05/17 15:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At16.job
[2010/05/17 14:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At15.job
[2010/05/17 13:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At14.job
[2010/05/17 12:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At13.job
[2010/05/17 11:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At12.job
[2010/05/17 10:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At11.job
[2010/05/17 09:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At10.job
[2010/05/17 08:00:01 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At9.job
[2010/05/17 07:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At8.job
[2010/05/17 06:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At7.job
[2010/05/17 05:17:25 | 000,000,434 | -H-- | M] () -- G:\WINDOWS\tasks\User_Feed_Synchronization-{758E7D06-9256-4A8D-8B56-5006FE6A1FE1}.job
[2010/05/17 05:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At6.job
[2010/05/17 04:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At5.job
[2010/05/17 03:04:05 | 000,000,175 | ---- | M] () -- G:\WINDOWS\System32\MRT.INI
[2010/05/17 03:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At4.job
[2010/05/17 02:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At3.job
[2010/05/17 01:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At2.job
[2010/05/17 00:33:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\tasks\At1.job
[2010/05/16 07:40:57 | 000,013,646 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2010/05/13 13:52:34 | 000,054,156 | -H-- | M] () -- G:\WINDOWS\QTFont.qfn
[2010/05/09 15:22:33 | 000,001,146 | ---- | M] () -- G:\WINDOWS\win.ini
[2010/05/09 15:22:33 | 000,000,284 | ---- | M] () -- G:\WINDOWS\system.ini
[2010/05/09 08:26:11 | 000,001,409 | ---- | M] () -- G:\WINDOWS\QTFont.for
[2010/05/08 23:49:36 | 004,265,100 | -H-- | M] () -- G:\Documents and Settings\Carl Bright\Local Settings\Application Data\IconCache.db
[2010/05/08 23:05:10 | 000,380,416 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\rstrui.exe
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\MpSigStub.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbam.sys
[2010/04/21 09:37:07 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\WINDOWS\System32\drivers\avgtdix.sys
[3 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2100/02/23 15:35:34 | 000,000,768 | ---- | C] () -- G:\Program Files\x73_lut.dat
[2100/02/08 16:53:34 | 000,001,437 | ---- | C] () -- G:\Program Files\gtx73.ini
[2010/05/17 22:41:30 | 000,000,696 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/17 21:24:39 | 000,284,915 | ---- | C] () -- G:\Documents and Settings\Carl Bright\Desktop\gmer.zip
[2010/05/17 03:04:05 | 000,000,175 | ---- | C] () -- G:\WINDOWS\System32\MRT.INI
[2010/05/09 18:41:07 | 000,000,434 | -H-- | C] () -- G:\WINDOWS\tasks\User_Feed_Synchronization-{758E7D06-9256-4A8D-8B56-5006FE6A1FE1}.job
[2010/05/09 14:47:13 | 005,238,784 | ---- | C] () -- G:\Documents and Settings\Carl Bright\ntuser.dat
[2010/05/09 08:26:11 | 000,054,156 | -H-- | C] () -- G:\WINDOWS\QTFont.qfn
[2010/05/09 08:26:11 | 000,001,409 | ---- | C] () -- G:\WINDOWS\QTFont.for
[2009/05/07 16:49:31 | 000,000,000 | ---- | C] () -- G:\WINDOWS\hpqEmlSz.INI
[2009/01/26 01:39:16 | 000,000,388 | ---- | C] () -- G:\WINDOWS\System32\gmsblist.dll
[2008/07/16 22:16:12 | 000,000,376 | ---- | C] () -- G:\WINDOWS\ODBC.INI
[2008/07/15 08:59:03 | 000,000,062 | ---- | C] () -- G:\WINDOWS\ANS2000.INI
[2008/07/15 08:59:03 | 000,000,020 | -H-- | C] () -- G:\WINDOWS\akebook.ini
[2008/07/15 08:59:03 | 000,000,004 | -H-- | C] () -- G:\WINDOWS\a3kebook.ini
[2008/07/13 09:30:42 | 000,000,754 | ---- | C] () -- G:\WINDOWS\WORDPAD.INI
[2007/12/13 17:25:26 | 000,000,000 | ---- | C] () -- G:\WINDOWS\MSDraw.ini
[2007/11/27 19:50:06 | 000,000,116 | ---- | C] () -- G:\WINDOWS\NeroDigital.ini
[2007/11/26 18:13:49 | 000,013,421 | ---- | C] () -- G:\WINDOWS\Ascd_tmp.ini
[2007/11/26 18:13:33 | 000,010,288 | ---- | C] () -- G:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/11/26 17:00:10 | 000,024,576 | ---- | C] () -- G:\WINDOWS\System32\AsIO.dll
[2007/11/26 17:00:10 | 000,004,962 | ---- | C] () -- G:\WINDOWS\System32\drivers\AsIO.sys
[2007/11/26 16:59:54 | 000,005,810 | ---- | C] () -- G:\WINDOWS\System32\drivers\ASACPI.sys
[2007/11/26 16:59:02 | 000,069,632 | ---- | C] () -- G:\WINDOWS\System32\vuins32.dll
[2007/11/26 16:38:30 | 002,465,280 | ---- | C] () -- G:\WINDOWS\System32\s3gcil_inv.dll
[2006/02/28 08:00:00 | 000,755,200 | ---- | C] () -- G:\WINDOWS\System32\ir50_32.dll
[2006/02/28 08:00:00 | 000,338,432 | ---- | C] () -- G:\WINDOWS\System32\ir41_qcx.dll
[2006/02/28 08:00:00 | 000,200,192 | ---- | C] () -- G:\WINDOWS\System32\ir50_qc.dll
[2006/02/28 08:00:00 | 000,183,808 | ---- | C] () -- G:\WINDOWS\System32\ir50_qcx.dll
[2006/02/28 08:00:00 | 000,120,320 | ---- | C] () -- G:\WINDOWS\System32\ir41_qc.dll
[2004/05/28 00:21:46 | 000,073,728 | ---- | C] () -- G:\WINDOWS\System32\FlashIcon.dll
[2001/10/12 03:42:51 | 000,032,768 | ---- | C] () -- G:\WINDOWS\System32\LXARICO.DLL
[2001/10/12 03:42:49 | 000,000,643 | ---- | C] () -- G:\WINDOWS\LEXSTAT.INI
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- G:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- G:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/05/15 06:48:53 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/01 20:36:21 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\avg9
[2009/01/07 21:25:07 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/01/10 11:19:14 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/09/14 21:39:39 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\SkyGolf
[2010/05/17 20:34:16 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Temp
[2009/02/11 20:34:01 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\TomTom
[2009/08/03 13:17:21 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/15 21:34:38 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\GARMIN
[2010/05/17 20:01:32 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\GetRightToGo
[2009/01/08 12:21:11 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\LimeWire
[2007/11/27 20:08:27 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Pixela
[2009/01/10 11:19:04 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\PlayFirst
[2007/11/27 16:51:02 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Simple Star
[2009/10/28 16:08:19 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\SkyGolf
[2007/12/13 17:21:07 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Template
[2008/06/02 08:08:38 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\TomTom
[2010/05/17 00:33:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At1.job
[2010/05/17 09:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At10.job
[2010/05/17 10:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At11.job
[2010/05/17 11:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At12.job
[2010/05/17 12:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At13.job
[2010/05/17 13:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At14.job
[2010/05/17 14:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At15.job
[2010/05/17 15:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At16.job
[2010/05/17 16:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At17.job
[2010/05/17 17:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At18.job
[2010/05/17 18:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At19.job
[2010/05/17 01:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At2.job
[2010/05/17 19:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At20.job
[2010/05/17 20:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At21.job
[2010/05/17 21:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At22.job
[2010/05/17 22:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At23.job
[2010/05/17 23:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At24.job
[2010/05/17 02:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At3.job
[2010/05/17 03:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At4.job
[2010/05/17 04:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At5.job
[2010/05/17 05:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At6.job
[2010/05/17 06:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At7.job
[2010/05/17 07:00:00 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At8.job
[2010/05/17 08:00:01 | 000,000,350 | ---- | M] () -- G:\WINDOWS\Tasks\At9.job
[2010/05/17 05:17:25 | 000,000,434 | -H-- | M] () -- G:\WINDOWS\Tasks\User_Feed_Synchronization-{758E7D06-9256-4A8D-8B56-5006FE6A1FE1}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Application Data\*. >
[2010/02/16 10:28:58 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Adobe
[2010/05/15 06:48:53 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/01 20:36:21 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\avg9
[2009/01/10 09:15:49 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Google
[2009/01/08 12:28:35 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/12/01 08:42:58 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\HP
[2009/12/01 08:42:32 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2007/11/26 16:26:51 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/17 22:41:26 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/07/13 09:10:00 | 000,000,000 | --SD | M] -- G:\Documents and Settings\All Users\Application Data\Microsoft
[2009/01/07 21:25:07 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/08/07 03:14:56 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\NOS
[2010/05/17 20:34:06 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\PC Tools
[2009/01/10 11:19:14 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/11/27 16:55:57 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\QuickTime
[2007/11/26 16:28:53 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Raxco
[2008/09/14 21:39:39 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\SkyGolf
[2010/05/13 12:57:15 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/17 20:34:16 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Temp
[2009/02/11 20:34:01 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\TomTom
[2009/01/08 16:01:04 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\WEBREG
[2007/11/26 18:33:44 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/08/03 13:10:55 | 000,086,016 | ---- | M] () -- G:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
[2010/01/25 08:38:50 | 003,777,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Documents and Settings\All Users\Application Data\Temp\AVG\setup.exe

< %APPDATA%\*. >
[2009/08/03 13:41:24 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Adobe
[2008/10/31 07:05:18 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Ahead
[2009/08/03 13:17:21 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/15 21:34:38 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\GARMIN
[2010/05/17 20:01:32 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\GetRightToGo
[2008/05/04 11:27:05 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Google
[2008/06/08 07:58:12 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Help
[2009/01/08 15:24:10 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\HP
[2010/05/09 18:14:04 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\HPAppData
[2010/05/01 19:27:06 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\HpUpdate
[2010/05/13 04:59:22 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Identities
[2009/01/08 12:21:11 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\LimeWire
[2007/11/26 17:03:46 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Macromedia
[2010/05/17 22:41:37 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Malwarebytes
[2010/05/08 06:15:00 | 000,000,000 | --SD | M] -- G:\Documents and Settings\Carl Bright\Application Data\Microsoft
[2008/07/16 22:14:49 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Microsoft Web Folders
[2008/05/16 07:55:26 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Move Networks
[2010/01/22 09:10:50 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Mozilla
[2008/01/16 20:03:54 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Nero
[2007/11/27 20:08:27 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Pixela
[2009/01/10 11:19:04 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\PlayFirst
[2007/11/27 16:51:02 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Simple Star
[2009/10/28 16:08:19 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\SkyGolf
[2008/03/23 11:03:42 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Sun
[2007/12/13 17:21:07 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\Template
[2008/06/02 08:08:38 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Carl Bright\Application Data\TomTom

< %APPDATA%\*.exe /s >
[2008/02/13 22:22:16 | 004,506,256 | ---- | M] (Lime Wire LLC) -- G:\Documents and Settings\Carl Bright\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
[2009/02/12 05:35:52 | 000,038,208 | ---- | M] () -- G:\Documents and Settings\Carl Bright\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009/02/10 00:56:30 | 001,887,176 | ---- | M] (Adobe Systems Incorporated) -- G:\Documents and Settings\Carl Bright\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009/01/24 22:18:26 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- G:\Documents and Settings\Carl Bright\Application Data\Microsoft\Installer\{9B52B30C-F65C-4244-ABCE-215E46E27AF0}\ARPPRODUCTICON.exe
[2009/01/24 22:18:26 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- G:\Documents and Settings\Carl Bright\Application Data\Microsoft\Installer\{9B52B30C-F65C-4244-ABCE-215E46E27AF0}\PalmDesktopShortcut.exe
[2008/01/12 01:11:46 | 000,099,704 | ---- | M] () -- G:\Documents and Settings\Carl Bright\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2008/05/16 07:55:05 | 000,034,050 | ---- | M] () -- G:\Documents and Settings\Carl Bright\Application Data\Move Networks\ie_bin\Uninst.exe


< MD5 for: AGP440.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- G:\I386\sp2.cab:AGP440.sys
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/27 12:11:35 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/27 12:11:35 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- G:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- G:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- G:\I386\sp2.cab:atapi.sys
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/27 12:11:35 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/27 12:11:35 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- G:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- G:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- G:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- G:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- G:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- G:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- G:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- G:\WINDOWS\system32\autochk.exe
[2006/02/28 08:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- G:\I386\AUTOCHK.EXE
[2006/02/28 08:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- G:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2006/02/28 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- G:\WINDOWS\system32\dllcache\beep.sys
[2006/02/28 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- G:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- G:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- G:\WINDOWS\system32\eventlog.dll
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- G:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- G:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- G:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- G:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- G:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- G:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/13 20:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- G:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 20:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- G:\WINDOWS\system32\imm32.dll
[2006/02/28 08:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- G:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 12:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- G:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/02/28 08:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- G:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2007/04/16 11:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- G:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- G:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- G:\WINDOWS\system32\kernel32.dll
[2008/04/13 20:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- G:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 20:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- G:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 09:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- G:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 13:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- G:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 13:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- G:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2006/02/28 08:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- G:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- G:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- G:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- G:\WINDOWS\system32\mswsock.dll
[2008/04/13 20:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- G:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 20:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- G:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- G:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- G:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- G:\WINDOWS\system32\drivers\ndis.sys
[2006/02/28 08:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- G:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- G:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- G:\WINDOWS\system32\netlogon.dll
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- G:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 07:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- G:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 07:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- G:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- G:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- G:\WINDOWS\system32\drivers\ntfs.sys
[2006/02/28 08:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- G:\I386\NTFS.SYS
[2006/02/28 08:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- G:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- G:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- G:\WINDOWS\system32\ntmssvc.dll
[2006/02/28 08:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- G:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2006/02/28 08:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- G:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- G:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- G:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- G:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2006/02/28 08:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- G:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- G:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- G:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- G:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- G:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- G:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- G:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2006/02/28 08:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- G:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- G:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- G:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2006/02/28 08:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- G:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 20:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- G:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- G:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- G:\WINDOWS\system32\spoolsv.exe
[2005/06/10 19:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- G:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- G:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- G:\WINDOWS\system32\srsvc.dll
[2006/02/28 08:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- G:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- G:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- G:\WINDOWS\system32\svchost.exe
[2006/02/28 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- G:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2006/02/28 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- G:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- G:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- G:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- G:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- G:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- G:\WINDOWS\system32\userinit.exe

< MD5 for: VIPRT.SYS >
[2007/03/26 16:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- G:\WINDOWS\system32\drivers\ViPrt.sys

< MD5 for: WS2_32.DLL >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- G:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- G:\WINDOWS\system32\ws2_32.dll
[2006/02/28 08:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- G:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- G:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- G:\WINDOWS\system32\xmlprov.dll
[2006/02/28 08:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- G:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\WINDOWS\system32\dxtrans.dll
[3 G:\WINDOWS\system32\*.tmp files -> G:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/11/26 23:58:18 | 000,094,208 | ---- | M] () -- G:\WINDOWS\system32\config\default.sav
[2007/11/26 23:58:18 | 000,634,880 | ---- | M] () -- G:\WINDOWS\system32\config\software.sav
[2007/11/26 23:58:18 | 000,921,600 | ---- | M] () -- G:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/13 10:19:56 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\WINDOWS\system32\drivers\avgldx86.sys
[2010/03/13 10:20:29 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/21 09:37:07 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\WINDOWS\system32\drivers\avgtdix.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\drivers\mrxsmb.sys

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> G:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
< End of report >

Attached Files

  • Attached File  GMER.txt   10.35KB   177 downloads
  • Attached File  OTL.Txt   159.21KB   70 downloads

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you try this guide

http://www.geekstogo...ts-t267407.html
  • 0

#3
bro1

bro1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I am not certain Rorschach112 are you trying to help me now ?
  • 0

#4
bro1

bro1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

can you try this guide

http://www.geekstogo...ts-t267407.html


I am not certain Rorschach112 are you trying to help me now ?
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
follow the steps in that link above
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP