Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Constant attempts to access malware IPs

Started by therealex , May 18 2010 09:15 PM

  • This topic is locked This topic is locked

#1
therealex
Posted 18 May 2010 - 09:15 PM

therealex

    Member

  • Member
  • PipPipPip
  • 112 posts
I have MBAM installed (full product), and am getting constant notices about it blocking suspicious IPs. I also get a setup file spontaneously generating in Windows\temp.

When I try to go into Safe Mode, I get this weird high pitched sound (I believe from one of the drives). This doesn't happen when I'm in normal mode or if I boot from an external disk, like UBCD. I've checked the drives repeatedly, and there is nothing physically wrong with them. They pass every test. It's as if something is trying to over-access them in Safe Mode.

When I try to run GMER, I get a BSOD after a short period with a 0x000000f4 error. The same thing happens in regular mode, btw.

Very, very weird. Avast can't find anything, although it ocassionally reports stopping a virus. I get spontaneous audio from websites such as travel sites that play for a few seconds.

I have Comodo installed as a firewall, and it doesn't seem to think anything is wrong (Clean PC Mode for Defense & Security Level, and Training Mode for the firewall.)

I've also run Hitman 3.5, and it found a few things but the problem persists.

I'd appreciate any help!
  • 0

Advertisements

#2
therealex
Posted 19 May 2010 - 01:44 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
I seem to have found and neutralized the rootkit infection. I'm still having a problem with GMER bombing out (no BSOD anymore, though) and that weird situation in Safe Mode with the screaming hard drive.
Very odd, and I can't find anything about it online.
As I said, I seem to have found the rootkit and subsequent infections. Please leave this thread open for a day or so, and I can see if it rears its ugly head again!

Edited by therealex, 19 May 2010 - 01:45 PM.

  • 0

#3
therealex
Posted 19 May 2010 - 10:04 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Okay, I guess I didn't neutralize it. Still getting the re-generating file in Windows\temp, still getting the blocked IP attempts.

Help!
  • 0

#4
Mjöllnir
Posted 20 May 2010 - 02:03 AM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Welcome to Geeks to Go, therealex.

I will be helping you with your malware issues.

Before we get started, please read the following.
  • Please completely read through all instructions given you before attempting to follow them. If you are confused about any part of the instructions, post back with your questions and we'll figure things out.
  • Please post all logs in their entirety. DO NOT attach logs to a post unless I ask you to do that. Rather copy and paste the contents of the logs directly into the post.
  • Please refrain from running any tools or otherwise performing any fixes other than what I ask you to do.
  • Finally, do not PM me directly for help. If you have any questions, post them in this topic.



I see you are in GeekU - we'll see if we can't get this problem solved for you.


I need to get a couple of logs to see what is happening on your PC. The screeching sound is new to me, but we'll see if that clears up as we're fixing things.




Let's try a different ark scan.

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post





OTL Scan
  • Download OTL to your desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    beep.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    ahcix86s.sys
    KR10N.sys
    nvstor32.sys
    nvrd32.sys
    explorer.exe
    svchost.exe
    userinit.exe
    symmpi.sys
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    srsvc.dll
    adp3132.sys
    mv61xx.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

#5
therealex
Posted 20 May 2010 - 10:59 AM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Hi Mjöllnir,

Problem right from the start! RootRepeal gives me this error when I try to run it:
Exception Address: 0x004eca19 (I've seen this on Google, but not any answer as to why it happens!)

Here's the OTL log. Since I'm training, I'm really curious to see what's on there that I've missed. I saw the dmdcap.sys entry, which is possible malware, but that's about it (except for all the Reg Error: Key error entries).

OTL logfile created on: 5/20/2010 11:45:01 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Russell Alexander\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.02 Gb Total Space | 14.14 Gb Free Space | 29.44% Space Free | Partition Type: NTFS
Drive D: | 12.65 Gb Total Space | 3.02 Gb Free Space | 23.88% Space Free | Partition Type: FAT32
Drive E: | 35.94 Gb Total Space | 23.75 Gb Free Space | 66.08% Space Free | Partition Type: NTFS
Drive F: | 35.74 Gb Total Space | 20.17 Gb Free Space | 56.45% Space Free | Partition Type: NTFS
Drive G: | 35.80 Gb Total Space | 23.42 Gb Free Space | 65.41% Space Free | Partition Type: NTFS
Drive H: | 35.79 Gb Total Space | 13.67 Gb Free Space | 38.20% Space Free | Partition Type: NTFS
Drive I: | 41.59 Gb Total Space | 31.77 Gb Free Space | 76.39% Space Free | Partition Type: NTFS
Drive J: | 10.65 Gb Total Space | 3.62 Gb Free Space | 33.99% Space Free | Partition Type: FAT32
Drive K: | 8.65 Gb Total Space | 3.08 Gb Free Space | 35.65% Space Free | Partition Type: FAT32
Drive L: | 11.74 Gb Total Space | 2.54 Gb Free Space | 21.60% Space Free | Partition Type: FAT32
Drive M: | 9.47 Gb Total Space | 4.89 Gb Free Space | 51.63% Space Free | Partition Type: FAT32
Drive N: | 21.32 Gb Total Space | 4.09 Gb Free Space | 19.19% Space Free | Partition Type: FAT32
Drive O: | 2.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Q: | 465.76 Gb Total Space | 287.04 Gb Free Space | 61.63% Space Free | Partition Type: NTFS
Drive W: | 149.05 Gb Total Space | 64.38 Gb Free Space | 43.20% Space Free | Partition Type: NTFS

Computer Name: RUSSELL
Current User Name: Russell Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Russell Alexander\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)
PRC - C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe (Linksys)
PRC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - F:\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
PRC - C:\WINDOWS\SYSTEM32\Crypserv.exe (Kenonic Controls Ltd.)
PRC - H:\Roland\VSC32\vscvol.exe (Roland)
PRC - H:\Roland\VSC32\Vsc32Cnf.exe (Roland)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Russell Alexander\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54Gv42SVC) -- File not found
SRV - (RoxWatch9) -- File not found
SRV - (RoxMediaDB9) -- File not found
SRV - (RoxLiveShare9) -- File not found
SRV - (PnkBstrA) -- File not found
SRV - (MSIU-f36decbb) -- File not found
SRV - (MSIU-e9580d6b) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (TomTomHOMEService) -- e:\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (ES lite Service) -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (ServiceLayer) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (RoxLiveShare) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (Sonic Solutions)
SRV - (RoxMediaDB) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)
SRV - (RoxWatch) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)
SRV - (RoxUPnPRenderer) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (Sonic Solutions)
SRV - (RoxUpnpServer) -- N:\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe (Sonic Solutions)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (UPHClean) -- F:\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (GEARSecurity) -- C:\WINDOWS\SYSTEM32\gearsec.exe (GEAR Software)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (Kenonic Controls Ltd.)


========== Driver Services (SafeList) ==========

DRV - (rootrepeal) -- File not found
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (hitmanpro35) -- C:\WINDOWS\SYSTEM32\DRIVERS\hitmanpro35.sys ()
DRV - (aswTdi) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys (ALWIL Software)
DRV - (MBAMProtector) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys (Malwarebytes Corporation)
DRV - (afcdp) -- C:\WINDOWS\SYSTEM32\DRIVERS\afcdp.sys (Acronis)
DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (cmdGuard) -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdguard.sys (COMODO)
DRV - (L6DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\l6dp.sys (Line 6)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (NPF) -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys (CACE Technologies, Inc.)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\SYSTEM32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (atksgt) -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys ()
DRV - (L6TPortB) -- C:\WINDOWS\SYSTEM32\DRIVERS\L6TPortB.sys (Line 6)
DRV - (mcdbus) -- C:\WINDOWS\SYSTEM32\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\SYSTEM32\DRIVERS\RtKHDMI.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SBRE) -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys (Sunbelt Software)
DRV - (RTLE8023xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (LMIRfsDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (MPE) -- C:\WINDOWS\SYSTEM32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys (Microsoft Corporation)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\yk51x86.sys (Marvell)
DRV - (LVcKap) -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys (Logitech Inc.)
DRV - (DNE) -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (MCSTRM) -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys (RealNetworks, Inc.)
DRV - (U6000ALL) HDTV110 TV Box(ALL) -- C:\WINDOWS\SYSTEM32\DRIVERS\dmdcap.sys ()
DRV - (AmdPPM) -- C:\WINDOWS\SYSTEM32\DRIVERS\AmdPPM.sys (Advanced Micro Devices)
DRV - (SCDEmu) -- C:\WINDOWS\SYSTEM32\DRIVERS\scdemu.sys (PowerISO Computing, Inc.)
DRV - (emuumidi) -- C:\WINDOWS\SYSTEM32\DRIVERS\emuumidi.sys (E-MU Systems)
DRV - (mirrorv3) -- C:\WINDOWS\SYSTEM32\DRIVERS\rminiv3.sys (Famatech International Corp.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (RxFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\RxFilter.sys (Sonic Solutions)
DRV - (AnyDVD) -- C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys (SlySoft, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS (Adaptec)
DRV - (dvd_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\dvd_2k.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\mmc_2k.sys (Sonic Solutions)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (MDC8021X) WPA Security Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (CX23880) -- C:\WINDOWS\SYSTEM32\DRIVERS\cx88vid.sys (Conexant Systems, Inc.)
DRV - (CX88XBAR) -- C:\WINDOWS\SYSTEM32\DRIVERS\cx88xbar.sys (Conexant Systems, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (CdaC15BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC15BA.SYS ()
DRV - (VGAUTI) -- C:\WINDOWS\SYSTEM32\DRIVERS\vgauti.sys ()
DRV - (cmudau) -- C:\WINDOWS\SYSTEM32\DRIVERS\cmudau.sys (C-Media Inc)
DRV - (DgiVecp) -- C:\WINDOWS\SYSTEM32\DRIVERS\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (SI3112r) -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys (Silicon Image, Inc.)
DRV - (PalmUSBD) -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys (Palm, Inc.)
DRV - (NSNDIS5) -- C:\WINDOWS\SYSTEM32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RD1006) -- C:\WINDOWS\SYSTEM32\DRIVERS\rdwm1006.sys (Roland Corporation)
DRV - (incdrm) -- C:\WINDOWS\SYSTEM32\DRIVERS\incdrm.sys (Ahead Software AG)
DRV - (AR5211) -- C:\WINDOWS\SYSTEM32\DRIVERS\ar5211.sys ()
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\SYSTEM32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\SYSTEM32\DRIVERS\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\SYSTEM32\DRIVERS\nvax.sys (NVIDIA Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys (Prolific Technology Inc.)
DRV - (NVENET) -- C:\WINDOWS\SYSTEM32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (QCPro) Logitech QuickCam Pro USB(PID_D001) -- C:\WINDOWS\SYSTEM32\DRIVERS\p35u.sys (Logitech Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys (Microsoft Corporation)
DRV - (s3legacy) -- C:\WINDOWS\SYSTEM32\DRIVERS\s3legacy.sys (Microsoft Corporation)
DRV - (HCF_MSFT) -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys (Conexant)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (vsc32) -- C:\WINDOWS\SYSTEM32\DRIVERS\vsc.sys (Roland)
DRV - (RVIEGVST) -- C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys (Roland)
DRV - (RVIEG01) -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys (Roland)
DRV - (sysid) -- C:\WINDOWS\SYSTEM32\DRIVERS\sysid.sys ()
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (aslm75) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASLM75.SYS ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = MSN Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.msn.co...a...1&noredir=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://F%3A%5Cnetscape%5Csearchplugins%5CSBWeb_01.src"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {50997114-a686-4585-8fb9-ce1093a1cf75}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/18 15:14:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 21:23:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/13 18:40:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/19 17:15:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: f:\netscape\Components [2010/01/18 14:10:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: f:\netscape\Plugins [2010/05/19 17:15:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: f:\netscape\Components [2010/01/18 14:10:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: f:\netscape\Plugins [2010/05/19 17:15:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.3\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/07/22 22:44:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.3\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/09/09 21:42:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/07/22 22:44:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/09/09 21:42:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.0.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/07/22 22:44:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.0.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/09/09 21:42:55 | 000,000,000 | ---D | M]

[2009/06/11 18:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Extensions
[2008/05/21 22:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/11 18:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Extensions\[email protected]
[2010/05/20 10:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions
[2010/04/27 21:50:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/15 16:55:49 | 000,000,000 | ---D | M] (audiocandy.com Radio Toolbar) -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\{50997114-a686-4585-8fb9-ce1093a1cf75}
[2009/06/13 14:28:31 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2007/01/04 15:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\[email protected]
[2008/09/21 18:56:18 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\searchplugins\conduit.xml
[2010/05/20 10:22:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/13 18:39:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/08 00:40:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/14 10:38:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/12/16 11:09:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/05/19 17:15:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/04/10 16:00:54 | 000,044,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/04/10 16:00:54 | 000,107,928 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2007/03/22 14:57:10 | 000,057,504 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/01/04 16:57:08 | 001,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/01/07 18:14:26 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2007/05/03 17:36:48 | 000,493,608 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPil86.dll
[2008/06/27 16:03:12 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2003/11/18 13:37:32 | 000,241,664 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2004/12/14 02:19:18 | 000,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/01/12 19:07:00 | 002,633,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2005/08/09 13:42:54 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/07/18 15:54:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/05/12 13:57:49 | 000,394,487 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13648 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vsc32cnf.exe] h:\Roland\VSC32\Vsc32Cnf.exe (Roland)
O4 - HKLM..\Run: [vscvol.exe] h:\Roland\VSC32\vscvol.exe (Roland)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE File not found
O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O12 - Plugin for: .pl - M:\Internet Explorer\PLUGINS\NPSibelius.dll (Sibelius Software Ltd)
O15 - HKCU\..Trusted Domains: accountonline.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {00000160-0000-0010-8000-00AA00389B71} http://codecs.micros...pha/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} Reg Error: Value error. (SupportSoft SmartIssue)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} Reg Error: Value error. (SupportSoft Script Runner Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Value error. (QuickTime Object)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} Reg Error: Value error. (MetaStreamCtl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1261064503109 (WUWebControl Class)
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} Reg Error: Value error. (PWMediaSendControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1222030767203 (MUWebControl Class)
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} Reg Error: Value error. (InstallShield International Setup Player)
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} http://aerial.leepa....plugins/NCS.cab (Reg Error: Key error.)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft...tail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8C6C6922-6258-44AC-9912-53964AC55276} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7998.7923842593 (Reg Error: Key error.)
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} Reg Error: Value error. (HeartbeatCtl Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate...en/actsetup.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} Reg Error: Value error. (ActiveDataObj Class)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} Reg Error: Value error. (Live Collaboration)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} Reg Error: Value error. (IERPCtl Class)
O16 - DPF: ChatSpace Java Client 2.1.0.84 http://63.102.227.45/Java/cs4ms084.cab (Reg Error: Key error.)
O16 - DPF: Dialpad Java Applet http://www.dialpad.c...et/src/vscp.cab (Reg Error: Key error.)
O16 - DPF: Dialpad US Java Applet http://www.dialpad.c...et/src/vscp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\CASTLE.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\CASTLE.BMP
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/05/07 17:24:24 | 000,000,928 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2004/11/19 00:25:40 | 000,000,728 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/04/15 14:23:36 | 000,000,898 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [2000/06/21 17:17:56 | 000,001,014 | -HS- | M] () - C:\AUTOEXEC.OLD -- [ NTFS ]
O32 - AutoRun File - [2009/05/25 16:18:41 | 000,000,000 | ---D | M] - E:\auto hypnosis -- [ NTFS ]
O32 - AutoRun File - [2009/05/25 21:27:50 | 000,000,000 | ---D | M] - H:\Auto-Tune -- [ NTFS ]
O32 - AutoRun File - [2005/11/06 19:36:30 | 000,000,000 | ---D | M] - M:\autorun - list startup autoruns -- [ FAT32 ]
O32 - AutoRun File - [2007/09/26 23:02:52 | 000,000,063 | R--- | M] () - O:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\ias [2004/11/20 02:57:38 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "wuauserv"
MsConfig - Services: "wscsvc"
MsConfig - Services: "tmproxy"
MsConfig - Services: "TmPfw"
MsConfig - Services: "Tmntsrv"
MsConfig - Services: "PcCtlCom"
MsConfig - Services: "AOL TopSpeedMonitor"
MsConfig - Services: "AOL ACS"
MsConfig - Services: "Adobe LM Service"
MsConfig - Services: "RoxLiveShare"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "iPodService"
MsConfig - Services: "GoToMyPC"
MsConfig - Services: "C-DillaCdaC11BA"
MsConfig - Services: "iPod Service"
MsConfig - Services: "UleadBurningHelper"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "IntuitUpdateService"
MsConfig - Services: "QBFCService"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "TomTomHOMEService"
MsConfig - Services: "Ati HotKey Poller"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk - J:\Common\Bin\WinCinemaMgr.exe - (InterVideo Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Russell Alexander^Start Menu^Programs^Startup^HotSync Manager.lnk - E:\Palm\HOTSYNC.EXE - (Palm, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Russell Alexander^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Russell Alexander^Start Menu^Programs^Startup^World Community Grid Agent.lnk - M:\WorldCommunityGrid\UD.EXE - (United Devices, Inc.)
MsConfig - StartUpReg: AOLDialer - hkey= - key= - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online)
MsConfig - StartUpReg: DataLayer - hkey= - key= - C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Russell Alexander\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1110494747\EE\AOLHostManager.exe (America Online, Inc.)
MsConfig - StartUpReg: MoneyAgent - hkey= - key= - E:\Microsoft Money\System\mnyexpr.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
MsConfig - StartUpReg: SBAMTray - hkey= - key= - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
MsConfig - StartUpReg: SW20 - hkey= - key= - File not found
MsConfig - StartUpReg: SW24 - hkey= - key= - File not found
MsConfig - StartUpReg: SystemTray - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Reg Error: Value error.
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Reg Error: Value error.
SafeBootMin: SBAMSvc - Reg Error: Value error.
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - C:\WINDOWS\SYSTEM32\DRIVERS\hitmanpro35.sys ()
SafeBootNet: hitmanpro35.sys - C:\WINDOWS\SYSTEM32\DRIVERS\hitmanpro35.sys ()
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Reg Error: Value error.
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Reg Error: Value error.
SafeBootNet: SBAMSvc - Reg Error: Value error.
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0e547b80-7101-11d3-824e-0000f80697e6} - SpoofedRoute_98_Gold_3339
ActiveX: {0E8AF1C0-D275-11d2-B803-0000F81E8383} - WindowsScriptVersion5.0
ActiveX: {0E8AF1C1-D275-11d2-B803-0000F81E8383} - WindowsScriptVersion5.0
ActiveX: {0F30D99A-E88A-11D2-A0C2-00C04F8EF9B9} - IMG_SRC_3413
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {10ABA7E0-3236-11d2-B7B0-0000F81E8383} - WindowsScriptVersion5.0
ActiveX: {10ABA7E1-3236-11d2-B7B0-0000F81E8383} - WindowsScriptVersion5.0
ActiveX: {10e93000-e548-11d3-9741-00500483cae0} - Windows 98 Second Edition Q242975 Update
ActiveX: {11820ee0-b3c2-11d1-9948-00c04f98bbc9} - Media Player RealNetworks Codecs
ActiveX: {14e380f0-c285-4faf-bbd9-29efec36d1af} - Windows 98 Q323172 Update
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {18b6f603-bdc4-4eee-9598-d2a4d1375605} - MDAC
ActiveX: {1A06B5B0-A9D2-11D3-A0F7-00C04F8EF9B9} - Schannel_5.01_3361
ActiveX: {1A4D5610-6CB1-F341-D786-13B7AE006D21} - Internet Explorer
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1CDEE860-E95B-11CF-B1B0-00AA00BBAD66} - Microsoft Wallet
ActiveX: {20D949A5-2A8D-4cee-8C6A-43728AD58711} -
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {228C67C0-D718-11d2-8932-00C04FC983D7} - DirectX Media 6.0 Runtime Patch for DirectAnimation
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {23064720-c4f8-11d1-994d-00c04f98bbc9} - Media Player RealNetworks Support
ActiveX: {23A5AF35-9738-9999-7705-CB1546F0CDFE} - Outlook Express
ActiveX: {2806b4d1-cadf-4568-99df-1c8836a6b4bc} - Windows 98 Q823559 Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEEC729} - Macromedia Shockwave Flash
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C30259F-BF13-49d0-B002-19EBFC785800} - Windows 98 Q323255 Update
ActiveX: {3fe8dce3-19f0-35c9-aaf2-efc830dc2105} -
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {412890AC-45FD-FF6C-EA7F-873ED838CFE7} - SpoofedRoute_98_Gold_3339
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015D} - DirectX Layer
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4618d4ef-4d59-4f93-b03c-1aac4dacf903} - RTF_Control_3385
ActiveX: {4781B631-A33F-4897-AEB8-8B6A7C1D9BC2} - q279328
ActiveX: {47f67d00-9e55-11d1-baef-00c04fc2d130} - AOL Support Files
ActiveX: {4b4a3d7a-d586-11d2-afd7-00a0c9c724d0} - "C:\Program Files\Outlook Express\runins.exe"
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {4FF49BC3-3B8B-11d3-A90D-0080C79899C0} - DX7.0a_Patch_3367
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {59bed740-046a-11d3-824e-0000f80697e6} - y2kupdate20_774
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5c773859-bb96-48fa-875b-6a58aae072f4} - Windows 98 Q273991 Update
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {64093F50-686C-11D2-A09E-00C04F8EF9B9} - 'Dotless IP Address' Security Update
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {70e57a99-418a-444d-b570-e4ac84b74903} - Windows 98 Q256015 Update
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {716E024F-7F74-47F3-B93B-9FF7F3CBF94C} - Q313675
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {76C19B33-F0C8-11cf-87CC-0020AFEECF20} - Chinese (Traditional) Text Display Support
ActiveX: {76C19B36-F0C8-11cf-87CC-0020AFEECF20} - Hebrew Text Support
ActiveX: {76C19B38-F0C8-11cf-87CC-0020AFEECF20} - Arabic Text Support
ActiveX: {76C19B50-F0C8-11cf-87CC-0020AFEECF20} - Language Auto-Selection
ActiveX: {76E4599C-F2A7-49CD-B06B-BDADFB5413D0} - q273868
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {78BF7C8C-00B5-479D-9430-8A7EDA850C88} - ServerRedirectIE5.01_x86_3311
ActiveX: {8182cf00-75aa-11d3-824e-0000f80697e6} - Windows 98 Q168115 Update
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8ad8d4e4-048b-4360-b13c-44a958405063} - Windows 98 Q249973 Update
ActiveX: {8d84e56e-fbac-4e09-af5e-6cde8294b998} -
ActiveX: {8dc99c40-26c5-11d4-a58a-00902766e933} - Windows 98 Q259728 Update
ActiveX: {8ea462d5-3332-4edb-a377-f2544dffb95f} - Windows 98 Q318307 Update
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9664fac0-26c5-11d4-a58a-00902766e933} -
ActiveX: {9a2e4ab0-9a7e-11d2-9da1-00c04f98bbc9} - Windows Media Player Codecs
ActiveX: {9a70de30-908b-4b2b-a978-423837455543} - Windows 98 Q314147 Update
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
ActiveX: {a2376760-98dd-11d2-b0d6-00c04f777f0c} - OLE Automation fix
ActiveX: {ab4d5fc0-e095-11d3-9741-00500483cae0} - Windows 98 Second Edition Q252958 Update
ActiveX: {ac1febac-747e-41e7-b002-fd2415e9f555} - Windows 98 Q249863 Update
ActiveX: {AC84C7C0-21A1-11d2-AF1D-00C04FA35D02} - Outlook Express 'File Attachment' Security Update
ActiveX: {b2bd81e0-979d-11d3-8000-0090276c5e3a} - W98_FileAccess_3306
ActiveX: {b4ca6480-3ab9-11d3-b054-00a0c922e5d5} - tshoot
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {b59c7da0-daea-11d2-83c7-0000f8051539} - RegWizCleanUp_590
ActiveX: {b6e23809-caf7-4c8f-93f8-5f40dfabaaa1} - Windows 98 Q329115 Update
ActiveX: {b7d5e460-8c8a-11d3-8e4a-0050da1d4065} - Windows 98 Second Edition Q239887 Update
ActiveX: {BEF6E001-A874-101A-8BBA-00AA00300CAB} - MFC40
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C0C31EA8-106B-4c1f-AB2D-B5FEFD693511} -
ActiveX: {C6EE82B1-BF65-4e0a-912E-A7B3BBA31F51} - Windows 98 Q811630 Update
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540300} - Additional Web Fonts
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA0A4247-44BE-11d1-A005-00805F8ABE06} - RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CB697765-2332-11d3-A90D-0080C79899C0} - libraries2
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {ce195cf6-3b36-4ffa-8df4-91a0f7ef577d} - Windows 98 Q840315 Update
ActiveX: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - RealPlayer by Progressive Networks
ActiveX: {D19E1023-4BE4-11d3-A90D-0080C79899C0} - w98SP1oe5_3116
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} - Agent 2.0
ActiveX: {D7B44F3E-77D3-44C5-8E03-4222D9A18B7B} - Q321232
ActiveX: {D885E5ED-AFAE-41f3-8BB7-AB4E2CF4E629} -
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E22B18AF-E333-F373-85D1-0EB96D255CD4} - Internet Explorer
ActiveX: {E5925FA0-73D1-11D2-BCC5-0000F83002C6} - Windows 98 Year 2000 Update
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {F4AD3F2B-D0F4-4D88-AA7D-583B66E695EE} - q240308
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {F94C2DA4-708E-11d3-AFB2-00C04F6814C4} - OLE Automation
ActiveX: {fa3798ce-3900-4461-961a-bc2568e17603} - Windows 98 TELNET Update
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: 128PATCH - 128 Bit Encryption Update
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
ActiveX: MmoptPreferredAudioDevices - Windows Setup - Multimedia

Drivers32: midi2 - C:\WINDOWS\System32\rddv1006.dll (Roland Corporation)
Drivers32: MIDI7 - C:\WINDOWS\System32\vscapi.dll (Roland)
Drivers32: mixer1 - C:\WINDOWS\System32\rddv1006.dll (Roland Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imc - C:\WINDOWS\SYSTEM32\IMC32.ACM (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\LHACM.ACM (Microsoft Corporation)
Drivers32: MSACM.MSNAUDIO - msnaudio.acm File not found
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vivog723 - C:\WINDOWS\System32\VIVOG723.ACM (Vivo Software)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....hors/VA012897/)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec_dec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: VIDC.DRAW - C:\WINDOWS\System32\DVIDEO.DLL (Microsoft Corporation)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPGL - C:\WINDOWS\System32\jpgl.dll (Tekom Technologies, Inc.)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg20.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MSUD - msulvc05.dll File not found
Drivers32: VIDC.TR20 - C:\WINDOWS\System32\TR2032.DLL (The Duck Corporation)
Drivers32: VIDC.TSCC - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UCOD - C:\WINDOWS\System32\CLRVIDDD.DLL (Iterated Systems, Inc.)
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: VIDC.VDOM - C:\WINDOWS\System32\vdowave.drv (VDOnet LTD..)
Drivers32: vidc.vivo - C:\WINDOWS\System32\IVVIDEO.DLL (Vivo Software)
Drivers32: VIDC.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
Drivers32: vidc.X264 - x264vfw.dll File not found
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vids.draw - C:\WINDOWS\System32\DVIDEO.DLL (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\rddv1006.dll (Roland Corporation)
Drivers32: WAVE6 - C:\WINDOWS\System32\vscapi.dll (Roland)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/20 11:12:38 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Russell Alexander\Desktop\OTL.exe
[2010/05/20 09:22:17 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Russell Alexander\Desktop\RootRepeal.exe
[2010/05/19 17:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/19 17:15:42 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/19 17:15:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/19 17:15:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/19 17:15:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/19 08:54:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/18 08:52:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/05/18 00:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/18 00:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/13 17:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/13 17:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/30 17:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/04/29 10:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\AzTools
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/20 11:12:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Alexander\Desktop\OTL.exe
[2010/05/20 11:07:29 | 000,089,643 | ---- | M] () -- C:\Documents and Settings\Russell Alexander\Desktop\RootRepeal.dmp
[2010/05/20 11:04:08 | 000,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/20 11:03:32 | 002,042,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/20 11:02:59 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/05/20 11:02:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 11:02:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/20 10:57:03 | 025,165,824 | ---- | M] () -- C:\Documents and Settings\Russell Alexander\ntuser.dat
[2010/05/20 10:57:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Russell Alexander\ntuser.ini
[2010/05/20 09:22:18 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Russell Alexander\Desktop\RootRepeal.exe
[2010/05/19 17:53:32 | 000,000,071 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2010/05/18 23:47:47 | 000,003,499 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/18 20:30:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.bad_dbl
[2010/05/18 20:21:22 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/18 19:03:32 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.bad_cap
[2010/05/18 08:52:22 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/05/16 13:47:19 | 003,666,506 | ---- | M] () -- G:\My Documents\country The guitar style of Jerry Reed - part 1.pdf
[2010/05/16 11:30:59 | 000,221,099 | ---- | M] () -- G:\My Documents\bookmarks-2010-05-16.json
[2010/05/13 23:05:12 | 000,001,462 | ---- | M] () -- C:\WINDOWS\tefview.ini
[2010/05/13 22:25:38 | 000,302,228 | ---- | M] () -- G:\My Documents\geico documentation 5-13-10.pdf
[2010/05/12 13:57:49 | 000,394,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/07 08:16:04 | 000,003,408 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/06 15:57:53 | 000,921,420 | ---- | M] () -- C:\Documents and Settings\Russell Alexander\Desktop\File_and_Print_Sharing_in_Windows_7_Overview.pdf
[2010/05/03 13:27:17 | 000,254,840 | ---- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/30 22:25:07 | 002,042,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.bad_DAT
[2010/04/30 21:05:42 | 000,000,229 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 12:32:44 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\mswin32.drv
[2010/04/29 12:32:01 | 000,013,308 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/27 18:06:03 | 000,000,000 | -H-- | M] () -- G:\My Documents\Default.rdp
[2010/04/27 17:45:45 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/26 21:43:47 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2010/04/26 21:41:39 | 002,470,752 | ---- | M] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2010/04/26 21:01:33 | 000,160,704 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2010/04/26 20:59:28 | 000,911,680 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm258.sys
[2010/04/26 20:59:02 | 000,581,984 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2010/04/26 20:56:48 | 000,166,272 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2010/04/22 17:38:56 | 000,002,107 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/21 21:00:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100512-135749.backup
[2010/04/20 13:02:17 | 000,000,135 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/20 11:07:29 | 000,089,643 | ---- | C] () -- C:\Documents and Settings\Russell Alexander\Desktop\RootRepeal.dmp
[2010/05/18 22:01:24 | 000,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/18 22:01:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/18 22:01:09 | 002,042,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/18 01:00:12 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/16 13:47:17 | 003,666,506 | ---- | C] () -- G:\My Documents\country The guitar style of Jerry Reed - part 1.pdf
[2010/05/16 11:30:57 | 000,221,099 | ---- | C] () -- G:\My Documents\bookmarks-2010-05-16.json
[2010/05/13 22:25:38 | 000,302,228 | ---- | C] () -- G:\My Documents\geico documentation 5-13-10.pdf
[2010/05/06 15:57:53 | 000,921,420 | ---- | C] () -- C:\Documents and Settings\Russell Alexander\Desktop\File_and_Print_Sharing_in_Windows_7_Overview.pdf
[2010/04/27 18:06:03 | 000,000,000 | -H-- | C] () -- G:\My Documents\Default.rdp
[2010/04/26 21:41:39 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.let
[2010/03/11 13:01:39 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/01/29 10:23:44 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/11/15 22:29:04 | 000,000,383 | ---- | C] () -- C:\WINDOWS\GearBox.ini
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/10 11:21:44 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/08/24 21:25:18 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/08/24 21:25:09 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/08/20 12:29:13 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/20 12:29:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/20 12:28:00 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2009/06/30 10:48:40 | 000,000,459 | ---- | C] () -- C:\WINDOWS\avpr.ini
[2009/04/14 00:58:14 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/01/15 09:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/15 09:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/15 09:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/15 09:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/12/16 04:50:46 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2008/12/14 20:58:09 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\GTTunerCard.dll
[2008/12/14 20:58:09 | 000,237,646 | ---- | C] () -- C:\WINDOWS\System32\Snap_device.dll
[2008/12/14 20:58:08 | 000,069,707 | ---- | C] () -- C:\WINDOWS\System32\DISP_OPT1.dll
[2008/12/13 21:53:49 | 000,230,784 | R--- | C] () -- C:\WINDOWS\System32\drivers\dmdcap.sys
[2008/12/13 21:53:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/11/19 01:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/11/04 00:29:20 | 000,002,294 | ---- | C] () -- C:\WINDOWS\U3DEDIT2.INI
[2008/09/12 20:40:30 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/06/28 16:47:22 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/06/28 16:47:01 | 000,000,650 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/05/26 17:00:02 | 000,001,762 | ---- | C] () -- C:\WINDOWS\System32\emuumidi.ini
[2008/05/26 17:00:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/03/28 16:22:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/03/14 13:20:10 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/02/22 00:26:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/04 23:01:31 | 000,002,777 | ---- | C] () -- C:\WINDOWS\TVC8XDrv.ini
[2007/06/19 08:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 07:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/03/22 14:57:50 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/03/06 13:39:44 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsProbe.sys
[2007/02/09 18:59:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/02/09 18:59:32 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/02/08 00:07:50 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2007/02/04 15:17:09 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p3now.sys
[2007/01/30 12:24:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/23 14:11:42 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2007/01/15 19:33:18 | 000,002,307 | R--- | C] () -- C:\WINDOWS\Cmudau.ini
[2006/11/03 19:49:11 | 000,000,958 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2006/11/03 19:16:11 | 000,000,095 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/06/26 00:57:04 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2006/06/17 20:04:40 | 000,000,174 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2006/05/07 18:19:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ciaUni40.dll
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2006/02/18 17:33:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AudACM.ini
[2006/02/08 23:29:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDEncoder.dll
[2006/02/07 12:59:00 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Kingdia DVD Ripper.INI
[2006/02/07 11:28:47 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Arc DVD Copy.INI
[2006/02/06 22:40:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/05 19:12:47 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Speed Video Converter.INI
[2006/01/01 22:32:18 | 000,000,229 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/18 11:40:27 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.DLL
[2005/11/14 03:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/11/10 00:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/11/07 00:17:24 | 000,000,059 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2005/11/07 00:17:21 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2005/11/07 00:17:21 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2005/11/01 11:09:23 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2005/11/01 11:09:23 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/11/01 11:09:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/11/01 11:09:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2005/11/01 11:09:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2005/10/24 02:16:11 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2005/09/29 15:18:34 | 000,000,072 | ---- | C] () -- C:\WINDOWS\NPRiff.INI
[2005/09/04 22:56:54 | 000,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll
[2005/09/04 22:56:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\yhl.dll
[2005/09/04 22:56:54 | 000,007,168 | ---- | C] () -- C:\WINDOWS\lq.dll
[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/09 23:36:57 | 000,000,101 | ---- | C] () -- C:\WINDOWS\FCJCP.INI
[2005/06/24 10:18:40 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\muangsys.dll
[2005/06/24 10:18:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\muadisp.dll
[2005/05/12 03:23:54 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2005/04/20 02:02:46 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll
[2005/04/15 10:41:12 | 000,005,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\sysid.sys
[2005/04/15 02:16:02 | 000,000,931 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/26 18:47:05 | 000,351,776 | R--- | C] () -- C:\WINDOWS\System32\drivers\ar5211.sys
[2005/02/26 18:47:05 | 000,351,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar52119x.sys
[2005/02/22 04:24:05 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/02/21 02:02:21 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/02/16 07:33:05 | 000,523,264 | ---- | C] () -- C:\WINDOWS\System32\pano12.dll
[2005/02/05 08:38:20 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\CIASecurity.dll
[2005/02/03 01:30:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2005/01/28 11:59:39 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\mswin32.drv
[2005/01/23 17:06:31 | 000,000,048 | ---- | C] () -- C:\WINDOWS\QFNONL.INI
[2004/12/31 13:15:06 | 000,000,351 | ---- | C] () -- C:\WINDOWS\WHOffice.INI
[2004/12/18 11:13:52 | 000,000,135 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/11/22 00:55:02 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2004/11/21 12:28:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NMH040A.DLL
[2004/11/21 02:42:52 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2004/11/20 16:19:05 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\wfxhelp21.dll
[2004/11/20 12:10:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/11/20 11:28:56 | 000,038,401 | ---- | C] () -- C:\WINDOWS\System32\RdCi1006.dll
[2004/11/20 11:09:29 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4w.DLL
[2004/11/20 09:45:36 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2004/11/20 09:40:40 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2004/11/20 09:36:01 | 000,003,611 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/11/20 09:35:59 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/11/20 03:10:14 | 000,172,128 | ---- | C] () -- C:\WINDOWS\HOST.INI
[2004/11/20 03:10:14 | 000,006,596 | ---- | C] () -- C:\WINDOWS\Astro.INI
[2004/11/20 03:10:14 | 000,005,737 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2004/11/20 03:10:14 | 000,002,472 | ---- | C] () -- C:\WINDOWS\INTUPROF.INI
[2004/11/20 03:10:14 | 000,002,297 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/11/20 03:10:14 | 000,001,604 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/11/20 03:10:14 | 000,001,401 | ---- | C] () -- C:\WINDOWS\webpos2.ini
[2004/11/20 03:10:14 | 000,001,205 | ---- | C] () -- C:\WINDOWS\HPFdjc16.ini
[2004/11/20 03:10:14 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2004/11/20 03:10:14 | 000,000,641 | ---- | C] () -- C:\WINDOWS\letsdraw.ini
[2004/11/20 03:10:14 | 000,000,546 | ---- | C] () -- C:\WINDOWS\epspmgr4.ini
[2004/11/20 03:10:14 | 000,000,530 | ---- | C] () -- C:\WINDOWS\Audition.ini
[2004/11/20 03:10:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/11/20 03:10:14 | 000,000,316 | ---- | C] () -- C:\WINDOWS\BELT.INI
[2004/11/20 03:10:14 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2004/11/20 03:10:14 | 000,000,217 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2004/11/20 03:10:14 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/11/20 03:10:14 | 000,000,124 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/11/20 03:10:14 | 000,000,108 | ---- | C] () -- C:\WINDOWS\epconfig.ini
[2004/11/20 03:10:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\IMPORTCLIENT.INI
[2004/11/20 03:10:14 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2004/11/20 03:10:13 | 000,042,352 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2004/11/20 03:10:13 | 000,025,607 | ---- | C] () -- C:\WINDOWS\CSTBOX.INI
[2004/11/20 03:10:13 | 000,022,109 | ---- | C] () -- C:\WINDOWS\cool.ini
[2004/11/20 03:10:13 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2004/11/20 03:10:13 | 000,011,568 | ---- | C] () -- C:\WINDOWS\CDEX.INI
[2004/11/20 03:10:13 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini
[2004/11/20 03:10:13 | 000,008,893 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2004/11/20 03:10:13 | 000,006,553 | ---- | C] () -- C:\WINDOWS\COUNTRY.INI
[2004/11/20 03:10:13 | 000,005,617 | R--- | C] () -- C:\WINDOWS\msosetup.ini
[2004/11/20 03:10:13 | 000,005,253 | ---- | C] () -- C:\WINDOWS\GWPRESET.INI
[2004/11/20 03:10:13 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2004/11/20 03:10:13 | 000,004,260 | ---- | C] () -- C:\WINDOWS\firstaid.ini
[2004/11/20 03:10:13 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2004/11/20 03:10:13 | 000,003,555 | ---- | C] () -- C:\WINDOWS\GWS.INI
[2004/11/20 03:10:13 | 000,003,148 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2004/11/20 03:10:13 | 000,002,707 | ---- | C] () -- C:\WINDOWS\WPUNIMIX.INI
[2004/11/20 03:10:13 | 000,002,481 | ---- | C] () -- C:\WINDOWS\WINCODE.INI
[2004/11/20 03:10:13 | 000,002,443 | ---- | C] () -- C:\WINDOWS\HPFCSS16.INI
[2004/11/20 03:10:13 | 000,002,292 | ---- | C] () -- C:\WINDOWS\7THLEVEL.INI
[2004/11/20 03:10:13 | 000,002,034 | ---- | C] () -- C:\WINDOWS\DATAFAX.INI
[2004/11/20 03:10:13 | 000,002,001 | ---- | C] () -- C:\WINDOWS\U3DEDIT.INI
[2004/11/20 03:10:13 | 000,001,944 | ---- | C] () -- C:\WINDOWS\FORGE32.INI
[2004/11/20 03:10:13 | 000,001,856 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/20 03:10:13 | 000,001,778 | ---- | C] () -- C:\WINDOWS\gvox.ini
[2004/11/20 03:10:13 | 000,001,770 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2004/11/20 03:10:13 | 000,001,462 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2004/11/20 03:10:13 | 000,001,357 | ---- | C] () -- C:\WINDOWS\PLTWIN02.INI
[2004/11/20 03:10:13 | 000,001,165 | ---- | C] () -- C:\WINDOWS\GL_MMP.INI
[2004/11/20 03:10:13 | 000,001,047 | ---- | C] () -- C:\WINDOWS\pae.ini
[2004/11/20 03:10:13 | 000,001,043 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/11/20 03:10:13 | 000,000,940 | ---- | C] () -- C:\WINDOWS\MEDIAPAQ.INI
[2004/11/20 03:10:13 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2004/11/20 03:10:13 | 000,000,856 | ---- | C] () -- C:\WINDOWS\PRESS BLASTER.INI
[2004/11/20 03:10:13 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2004/11/20 03:10:13 | 000,000,767 | ---- | C] () -- C:\WINDOWS\efscan.ini
[2004/11/20 03:10:13 | 000,000,764 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/11/20 03:10:13 | 000,000,739 | ---- | C] () -- C:\WINDOWS\Mpcwin02.ini
[2004/11/20 03:10:13 | 000,000,691 | ---- | C] () -- C:\WINDOWS\aaa erase - rdusbaud.ini
[2004/11/20 03:10:13 | 000,000,680 | ---- | C] () -- C:\WINDOWS\Tsc.ini
[2004/11/20 03:10:13 | 000,000,666 | ---- | C] () -- C:\WINDOWS\clikbook.ini
[2004/11/20 03:10:13 | 000,000,634 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2004/11/20 03:10:13 | 000,000,628 | ---- | C] () -- C:\WINDOWS\rtcwgoty.INI
[2004/11/20 03:10:13 | 000,000,612 | ---- | C] () -- C:\WINDOWS\aaa erase - Rdin0006.ini
[2004/11/20 03:10:13 | 000,000,581 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2004/11/20 03:10:13 | 000,000,549 | ---- | C] () -- C:\WINDOWS\rsagent.ini
[2004/11/20 03:10:13 | 000,000,448 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/11/20 03:10:13 | 000,000,445 | ---- | C] () -- C:\WINDOWS\CTDEL.INI
[2004/11/20 03:10:13 | 000,000,436 | ---- | C] () -- C:\WINDOWS\LAPLAYER.INI
[2004/11/20 03:10:13 | 000,000,404 | ---- | C] () -- C:\WINDOWS\TSCKL.INI
[2004/11/20 03:10:13 | 000,000,394 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2004/11/20 03:10:13 | 000,000,382 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2004/11/20 03:10:13 | 000,000,364 | ---- | C] () -- C:\WINDOWS\NETSCAPE.INI
[2004/11/20 03:10:13 | 000,000,337 | ---- | C] () -- C:\WINDOWS\MIDIPLYR.INI
[2004/11/20 03:10:13 | 000,000,336 | ---- | C] () -- C:\WINDOWS\dffont.ini
[2004/11/20 03:10:13 | 000,000,320 | ---- | C] () -- C:\WINDOWS\Fwupload.ini
[2004/11/20 03:10:13 | 000,000,319 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2004/11/20 03:10:13 | 000,000,305 | ---- | C] () -- C:\WINDOWS\Rdin0006.ini
[2004/11/20 03:10:13 | 000,000,300 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/20 03:10:13 | 000,000,300 | ---- | C] () -- C:\WINDOWS\JETSUITE.INI
[2004/11/20 03:10:13 | 000,000,296 | ---- | C] () -- C:\WINDOWS\moffice.ini
[2004/11/20 03:10:13 | 000,000,263 | ---- | C] () -- C:\WINDOWS\WAVEPLYR.INI
[2004/11/20 03:10:13 | 000,000,259 | ---- | C] () -- C:\WINDOWS\cbtsys.ini
[2004/11/20 03:10:13 | 000,000,247 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/11/20 03:10:13 | 000,000,247 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2004/11/20 03:10:13 | 000,000,243 | ---- | C] () -- C:\WINDOWS\HOMESITE.ini
[2004/11/20 03:10:13 | 000,000,240 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/11/20 03:10:13 | 000,000,237 | ---- | C] () -- C:\WINDOWS\swacnfg.ini
[2004/11/20 03:10:13 | 000,000,231 | ---- | C] () -- C:\WINDOWS\Ac3api.ini
[2004/11/20 03:10:13 | 000,000,217 | ---- | C] () -- C:\WINDOWS\oh4win.INI
[2004/11/20 03:10:13 | 000,000,214 | ---- | C] () -- C:\WINDOWS\CJBMF.INI
[2004/11/20 03:10:13 | 000,000,205 | ---- | C] () -- C:\WINDOWS\pcmagcd.ini
[2004/11/20 03:10:13 | 000,000,204 | ---- | C] () -- C:\WINDOWS\rtpatch.ini
[2004/11/20 03:10:13 | 000,000,194 | ---- | C] () -- C:\WINDOWS\appr.ini
[2004/11/20 03:10:13 | 000,000,190 | ---- | C] () -- C:\WINDOWS\ctsyn.ini
[2004/11/20 03:10:13 | 000,000,187 | ---- | C] () -- C:\WINDOWS\PROFILER.INI
[2004/11/20 03:10:13 | 000,000,186 | ---- | C] () -- C:\WINDOWS\HEXpert.ini
[2004/11/20 03:10:13 | 000,000,178 | ---- | C] () -- C:\WINDOWS\TESTOUT.INI
[2004/11/20 03:10:13 | 000,000,171 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/11/20 03:10:13 | 000,000,157 | ---- | C] () -- C:\WINDOWS\VSTUDIO.INI
[2004/11/20 03:10:13 | 000,000,156 | ---- | C] () -- C:\WINDOWS\JustAudio.ini
[2004/11/20 03:10:13 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ThumbsCD.ini
[2004/11/20 03:10:13 | 000,000,143 | ---- | C] () -- C:\WINDOWS\SYSMIXER.INI
[2004/11/20 03:10:13 | 000,000,131 | ---- | C] () -- C:\WINDOWS\NETSPEED.INI
[2004/11/20 03:10:13 | 000,000,127 | ---- | C] () -- C:\WINDOWS\MRCLOCK.INI
[2004/11/20 03:10:13 | 000,000,127 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/11/20 03:10:13 | 000,000,123 | ---- | C] () -- C:\WINDOWS\SURFSTATS.INI
[2004/11/20 03:10:13 | 000,000,121 | ---- | C] () -- C:\WINDOWS\WILD.INI
[2004/11/20 03:10:13 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINFILE.INI
[2004/11/20 03:10:13 | 000,000,116 | ---- | C] () -- C:\WINDOWS\MEDIARCK.INI
[2004/11/20 03:10:13 | 000,000,116 | ---- | C] () -- C:\WINDOWS\IELnkbak.ini
[2004/11/20 03:10:13 | 000,000,114 | ---- | C] () -- C:\WINDOWS\CDPLYR.INI
[2004/11/20 03:10:13 | 000,000,110 | ---- | C] () -- C:\WINDOWS\treeprt.ini
[2004/11/20 03:10:13 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2004/11/20 03:10:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\UABMAIN.INI
[2004/11/20 03:10:13 | 000,000,095 | ---- | C] () -- C:\WINDOWS\WAVEMAN.INI
[2004/11/20 03:10:13 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ap_bat.ini
[2004/11/20 03:10:13 | 000,000,083 | ---- | C] () -- C:\WINDOWS\photos30.ini
[2004/11/20 03:10:13 | 000,000,081 | ---- | C] () -- C:\WINDOWS\JAUDIO.INI
[2004/11/20 03:10:13 | 000,000,076 | ---- | C] () -- C:\WINDOWS\MC.INI
[2004/11/20 03:10:13 | 000,000,071 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2004/11/20 03:10:13 | 000,000,070 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2004/11/20 03:10:13 | 000,000,070 | ---- | C] () -- C:\WINDOWS\asym.ini
[2004/11/20 03:10:13 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MYNAPSTER.INI
[2004/11/20 03:10:13 | 000,000,068 | ---- | C] () -- C:\WINDOWS\FPXPRESS.INI
[2004/11/20 03:10:13 | 000,000,066 | ---- | C] () -- C:\WINDOWS\ds2000.ini
[2004/11/20 03:10:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2004/11/20 03:10:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\Patch.ini
[2004/11/20 03:10:13 | 000,000,063 | ---- | C] () -- C:\WINDOWS\CTDELLAU.INI
[2004/11/20 03:10:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\URLPROXY.INI
[2004/11/20 03:10:13 | 000,000,060 | ---- | C] () -- C:\WINDOWS\ZDDBVIEW.INI
[2004/11/20 03:10:13 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2004/11/20 03:10:13 | 000,000,058 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2004/11/20 03:10:13 | 000,000,058 | ---- | C] () -- C:\WINDOWS\JUSTAUDIO_BASE.INI
[2004/11/20 03:10:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\m2khd.ini
[2004/11/20 03:10:13 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2004/11/20 03:10:13 | 000,000,054 | ---- | C] () -- C:\WINDOWS\TCWIN.INI
[2004/11/20 03:10:13 | 000,000,054 | ---- | C] () -- C:\WINDOWS\setihome.ini
[2004/11/20 03:10:13 | 000,000,053 | ---- | C] () -- C:\WINDOWS\BYCLEAN.INI
[2004/11/20 03:10:13 | 000,000,051 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2004/11/20 03:10:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EXCHNG32.INI
[2004/11/20 03:10:13 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FILERECOVER.INI
[2004/11/20 03:10:13 | 000,000,039 | ---- | C] () -- C:\WINDOWS\VIDEOWAVE.INI
[2004/11/20 03:10:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\magix.ini
[2004/11/20 03:10:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2004/11/20 03:10:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\PROSYS.INI
[2004/11/20 03:10:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\JRMXDLL.INI
[2004/11/20 03:10:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\FZDUMP.INI
[2004/11/20 03:10:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\coolmp3.ini
[2004/11/20 03:10:13 | 000,000,036 | ---- | C] () -- C:\WINDOWS\CYBERD.INI
[2004/11/20 03:10:13 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2004/11/20 03:10:13 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aebpr.ini
[2004/11/20 03:10:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/11/20 03:10:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\LAVAPLAY.INI
[2004/11/20 03:10:13 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2004/11/20 03:10:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\NDW.INI
[2004/11/20 03:10:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\cleantray.ini
[2004/11/20 03:10:13 | 000,000,024 | ---- | C] () -- C:\WINDOWS\TB60.INI
[2004/11/20 03:10:13 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2004/11/20 03:10:13 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ms_shell.ini
[2004/11/20 03:10:13 | 000,000,024 | ---- | C] () -- C:\WINDOWS\@loha.ini
[2004/11/20 03:10:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SHAREMEM.INI
[2004/11/20 03:10:13 | 000,000,020 | ---- | C] () -- C:\WINDOWS\MP3com103best.ini
[2004/11/20 03:10:13 | 000,000,015 | ---- | C] () -- C:\WINDOWS\MTB40.INI
[2004/11/20 03:10:13 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Msdevctl.ini
[2004/11/04 16:08:33 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2004/09/24 10:00:36 | 000,039,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2004/09/24 09:58:38 | 000,039,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/11 19:36:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2004/07/20 20:15:15 | 000,022,464 | ---- | C] () -- C:\WINDOWS\System32\USB2SER.SYS
[2004/07/12 17:07:21 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/05/05 23:32:52 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2004/05/05 23:32:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2004/03/08 19:15:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\r105t1.dll
[2004/02/18 18:32:39 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/02/10 19:15:36 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2004/01/27 07:13:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/07/10 19:54:47 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2003/05/25 14:57:06 | 000,000,016 | ---- | C] () -- C:\WINDOWS\MOUSEDRW.DLL
[2003/05/22 09:06:21 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2003/05/14 07:37:10 | 000,009,472 | ---- | C] () -- C:\WINDOWS\unsqz.dll
[2003/05/14 07:37:07 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.A534.dll
[2003/05/14 07:37:07 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/05/14 07:37:07 | 000,000,117 | ---- | C] () -- C:\WINDOWS\smp32.dll
[2003/05/14 07:37:05 | 000,081,920 | ---- | C] () -- C:\WINDOWS\asr32311.dll
[2003/05/14 07:37:04 | 000,000,380 | ---- | C] () -- C:\WINDOWS\WINRDP10.SYS
[2003/05/14 07:36:52 | 000,001,077 | ---- | C] () -- C:\WINDOWS\Mgxclean.sys
[2003/05/14 07:36:51 | 000,025,600 | ---- | C] () -- C:\WINDOWS\MEMBOOT.DLL
[2003/05/14 07:36:50 | 000,187,392 | ---- | C] () -- C:\WINDOWS\LTANN62N.DLL
[2003/05/14 07:36:50 | 000,175,616 | ---- | C] () -- C:\WINDOWS\LFFAX62N.DLL
[2003/05/14 07:36:50 | 000,158,720 | ---- | C] () -- C:\WINDOWS\LFCMP62N.DLL
[2003/05/14 07:36:50 | 000,110,080 | ---- | C] () -- C:\WINDOWS\LFPNG62N.DLL
[2003/05/14 07:36:50 | 000,076,288 | ---- | C] () -- C:\WINDOWS\LTIMG62N.DLL
[2003/05/14 07:36:50 | 000,047,616 | ---- | C] () -- C:\WINDOWS\LFTIF62N.DLL
[2003/05/14 07:36:50 | 000,043,008 | ---- | C] () -- C:\WINDOWS\LTFIL62N.DLL
[2003/05/14 07:36:50 | 000,029,184 | ---- | C] () -- C:\WINDOWS\LTWND62N.DLL
[2003/05/14 07:36:50 | 000,027,136 | ---- | C] () -- C:\WINDOWS\LFLMA62N.DLL
[2003/05/14 07:36:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\LFICA62N.DLL
[2003/05/14 07:36:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\LTTWN62N.DLL
[2003/05/14 07:36:50 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFPCX62N.DLL
[2003/05/14 07:36:50 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFLMB62N.DLL
[2003/05/14 07:36:50 | 000,022,528 | ---- | C] () -- C:\WINDOWS\LFEPS62N.DLL
[2003/05/14 07:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFPCT62N.DLL
[2003/05/14 07:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFGIF62N.DLL
[2003/05/14 07:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFBMP62N.DLL
[2003/05/14 07:36:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LFPSD62N.DLL
[2003/05/14 07:36:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFWMF62N.DLL
[2003/05/14 07:36:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFTGA62N.DLL
[2003/05/14 07:36:50 | 000,019,456 | ---- | C] () -- C:\WINDOWS\LFWPG62N.DLL
[2003/05/14 07:36:50 | 000,018,944 | ---- | C] () -- C:\WINDOWS\LFIMG62N.DLL
[2003/05/14 07:36:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFRAS62N.DLL
[2003/05/14 07:36:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFMSP62N.DLL
[2003/05/14 07:36:50 | 000,017,920 | ---- | C] () -- C:\WINDOWS\LFMAC62N.DLL
[2003/05/14 07:36:50 | 000,017,920 | ---- | C] () -- C:\WINDOWS\LFCAL62N.DLL
[2003/05/14 07:36:50 | 000,017,408 | ---- | C] () -- C:\WINDOWS\LFWFX62N.DLL
[2003/05/14 07:36:49 | 000,058,368 | ---- | C] () -- C:\WINDOWS\ICQMAPI.DLL
[2003/05/14 07:36:49 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[2003/05/14 07:36:49 | 000,009,136 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2003/05/14 07:36:44 | 000,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2003/05/14 07:36:43 | 000,038,400 | ---- | C] () -- C:\WINDOWS\ARSENAL.DLL
[2003/03/25 05:49:02 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003/03/25 05:49:02 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/03/07 02:05:46 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\Crush32.dll
[2002/12/19 21:15:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SAWZip.dll
[2002/08/28 11:42:10 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2002/08/14 13:39:05 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\Oxfwapi.dll
[2002/07/28 01:03:15 | 000,308,928 | ---- | C] () -- C:\WINDOWS\System32\ivflt08.dll
[2002/07/28 01:03:10 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\ivbas08.dll
[2002/06/18 22:35:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2002/05/20 18:34:58 | 000,041,047 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2002/05/20 16:29:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\PTISTP.DLL
[2002/05/18 14:08:12 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\FXTLS432.DLL
[2002/05/11 11:26:39 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL
[2002/05/11 11:26:39 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFGIF61N.DLL
[2002/05/11 11:26:39 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFTGA61N.DLL
[2002/05/11 11:26:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\LFFAX61N.DLL
[2002/05/11 11:26:38 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL
[2002/05/11 11:26:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\LFPNG61N.DLL
[2002/05/11 11:26:38 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\LFTIF61N.DLL
[2002/05/11 11:26:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LFPCX61N.DLL
[2002/05/11 11:26:38 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\LFPCD61N.DLL
[2002/05/07 16:26:28 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\xfxdll.dll
[2002/05/07 16:24:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\WAVhsp32.dll
[2002/05/07 16:24:39 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\vboxp403.dll.bak
[2002/05/07 16:24:05 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2002/05/07 16:24:03 | 000,377,856 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2002/05/07 16:23:58 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\tsd2.dll
[2002/05/07 16:23:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\treeprt.dll
[2002/05/07 16:22:58 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\SETUPLIB.DLL
[2002/05/07 16:22:20 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rmmerge2.DLL
[2002/05/07 16:22:20 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\rmevents.DLL
[2002/05/07 16:22:18 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\regxplor.dll
[2002/05/07 16:21:57 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll
[2002/05/07 16:21:52 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2002/05/07 16:21:16 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\PIXTHK32.DLL
[2002/05/07 16:20:59 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2002/05/07 16:20:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\Nmocod.dll
[2002/05/07 16:13:14 | 001,513,984 | ---- | C] () -- C:\WINDOWS\System32\MgxRdr80.dll
[2002/05/07 16:12:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\LPNG.DLL
[2002/05/07 16:12:48 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\LSXConfig.dll
[2002/05/07 16:11:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2002/05/07 16:11:35 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2002/05/07 16:11:14 | 000,056,832 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2002/05/07 16:10:13 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\ifl_gif.dll
[2002/05/07 16:09:18 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\ide32.dll
[2002/05/07 16:09:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Hyperman.dll
[2002/05/07 16:09:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Gt4vqt.DLL
[2002/05/07 16:09:03 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2002/05/07 16:09:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\freeisys.dll
[2002/05/07 16:08:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\eabtstrp.dll
[2002/05/07 16:08:43 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\drumpad.dll
[2002/05/07 16:07:31 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\D2Icons.Dll
[2002/05/07 15:59:59 | 000,292,352 | ---- | C] () -- C:\WINDOWS\System32\cfproject.dll
[2002/05/07 15:59:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2002/05/07 15:59:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\CFFPTree.dll
[2002/05/07 15:57:52 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[2002/05/07 15:51:44 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\animation.dll
[2002/05/07 15:47:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/04/16 04:41:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\memtest.dll
[2002/04/11 20:53:44 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2002/04/11 10:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/03/25 10:03:26 | 001,865,572 | ---- | C] () -- C:\WINDOWS\System32\ewctl32.dll
[2002/01/06 05:08:16 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2001/09/17 12:20:02 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/09/05 05:43:14 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\vboxp403.dll
[1995/10/16 19:55:44 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[1980/01/01 00:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2008/05/26 22:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/02/04 20:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/04/26 21:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/03/16 19:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/07/21 00:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2009/05/18 19:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/06/04 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/01/17 14:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/01/17 14:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/09/04 19:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
[2010/05/18 01:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/07/23 07:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2008/02/02 14:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/04 16:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/03/23 23:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
[2008/06/07 14:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/10/27 12:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2004/11/20 03:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2008/09/14 11:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2007/06/23 01:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2006/07/20 23:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2004/12/18 22:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PowerQuest
[2006/07/26 07:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2004/11/20 03:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/11/06 18:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/24 21:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2007/02/07 23:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/06/14 21:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2009/06/11 18:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/08/05 20:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/07/23 07:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/18 21:52:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{04573380-C04E-4C13-A8A2-EC012D38220A}
[2009/10/23 02:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4982B6A5-FCD5-4198-BF09-66D2F6A7D312}
[2009/09/09 22:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2004/12/31 13:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\1-Step RoboPDF
[2009/08/10 18:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\A4DeskPro
[2008/05/26 22:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ableton
[2007/01/30 12:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\acccore
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ACD Systems
[2009/12/16 19:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Acronis
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Aim
[2010/03/14 15:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Amazon
[2009/02/13 18:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\AutoSync for Yahoo
[2008/10/07 22:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Blender Foundation
[2009/05/18 20:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Cakewalk
[2010/05/03 21:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Canon
[2004/12/10 02:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ContentGuard
[2005/05/12 03:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Downloaded Installations
[2007/03/30 08:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\eBookPro6
[2004/12/31 13:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\eHelp
[2005/10/20 01:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ethereal
[2008/09/04 19:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Future Systems Solutions
[2009/12/07 13:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Gearbox Software
[2007/03/20 09:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\GetRightToGo
[2009/02/17 12:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\IBP
[2008/06/29 16:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\iLike
[2009/10/30 20:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ImgBurn
[2007/06/22 22:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\InterVideo
[2008/02/02 14:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\iolo
[2004/12/18 22:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\IsolatedStorage
[2005/05/12 03:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Kinko's
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Leadertech
[2010/03/23 23:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Line 6
[2009/05/06 09:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\LogMeIn Rescue
[2009/12/21 17:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mael
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MailWasher
[2010/05/20 10:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MailWasherPro
[2007/09/03 19:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mobipocket
[2009/07/22 22:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MPEG Streamclip
[2004/11/23 16:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MusicLab
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\NetMedia Providers
[2005/10/01 20:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Netscape
[2004/12/22 03:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Nokia
[2005/11/21 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Opera
[2008/10/13 22:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\OverDrive
[2010/03/23 23:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PACE Anti-Piracy
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Palo Alto Software Inc
[2007/06/28 20:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PaRaMeter
[2006/07/21 01:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PC Suite
[2006/07/20 23:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PC Suite(2)
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PCForrest
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Publish Providers
[2009/05/05 16:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Radmin
[2009/12/26 16:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\RIM Palm&PPC Upgrade Wizard
[2006/07/26 07:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\River Past G4
[2006/07/26 07:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\RiverPast G4
[2008/08/28 21:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sammsoft
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ScanSoft
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\SmartDraw
[2004/11/22 12:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sony
[2009/10/23 02:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Stamps.com Internet Postage
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Steinberg
[2009/01/30 20:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\SystemRequirementsLab
[2006/06/14 21:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Tenebril
[2009/06/11 18:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\TomTom
[2009/08/05 20:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ulead Systems
[2006/12/22 17:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Uniblue
[2009/02/02 00:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Viewpoint
[2007/03/22 14:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\webex
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\WildPackets
[2008/03/26 00:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\WinBatch
[2009/04/14 18:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Windows Desktop Search
[2009/05/31 12:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Windows Search
[2010/03/09 00:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Wireshark
[2010/02/03 18:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\YouSendIt

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[1991/09/06 15:54:46 | 000,009,708 | ---- | M] () -- C:\MQSETUP.EXE

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Application Data\*. >
[2008/05/26 22:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/02/04 20:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/04/26 21:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/17 14:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/08/10 22:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2004/12/05 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/09/12 19:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2010/03/16 19:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/02/04 20:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2010/03/21 13:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/01/30 12:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/09/09 21:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/08/05 20:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/07/12 18:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/09/28 23:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2006/07/21 00:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2009/05/18 19:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/06/04 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/11/27 11:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\comodo
[2007/01/23 14:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010/01/17 14:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/01/17 14:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/09/12 07:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/09/04 19:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
[2009/11/08 19:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/06/28 16:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/05/18 01:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2007/05/21 10:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Identities
[2005/05/12 03:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/07/23 07:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/06/19 23:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/02/02 14:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/10/05 13:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/07/04 16:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/03/23 23:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
[2008/06/23 09:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2008/05/21 14:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2008/06/07 14:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2005/11/01 10:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2007/10/27 12:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/10/26 17:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2004/11/20 03:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2010/04/09 18:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/03/20 09:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2010/05/12 03:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2005/10/06 00:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MixMeister Technology
[2007/06/22 23:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2008/09/14 11:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2007/06/23 01:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2006/07/20 23:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2004/12/18 22:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PowerQuest
[2005/03/10 11:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/08/05 20:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2006/07/26 07:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2010/04/30 17:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2004/11/20 03:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/11/06 18:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/06/03 12:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/12/26 15:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/08/05 20:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/19 17:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/04/15 22:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/05/13 17:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2004/11/20 03:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/08/24 21:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2007/02/07 23:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/06/14 21:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2009/06/11 18:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/08/05 20:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/07/23 07:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/04 21:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/05/23 16:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/11/18 21:52:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{04573380-C04E-4C13-A8A2-EC012D38220A}
[2009/10/23 02:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4982B6A5-FCD5-4198-BF09-66D2F6A7D312}
[2009/09/09 22:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/10/21 19:07:35 | 005,121,264 | ---- | M] (Stamps.com, Inc. ) -- C:\Documents and Settings\All Users\Application Data\{4982B6A5-FCD5-4198-BF09-66D2F6A7D312}\stamps.exe
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
[2009/05/19 01:35:46 | 002,402,104 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\AIMinst.exe
[2009/05/19 01:35:48 | 000,550,024 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\AIMLang.exe
[2009/05/19 01:36:04 | 000,142,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
[2009/05/19 01:35:52 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\amoinst.exe
[2009/05/19 01:35:52 | 000,069,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\amos.exe
[2009/05/19 01:35:58 | 000,120,368 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\aoldlmgr.exe
[2009/05/19 01:36:04 | 000,097,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
[2009/05/19 01:35:52 | 000,231,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\migrator.exe
[2009/05/19 01:35:52 | 001,225,352 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\msvc9rt.exe
[2009/05/19 01:35:54 | 004,480,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\ocpinst.exe
[2009/05/19 01:35:44 | 000,036,704 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\postproc.exe
[2009/05/19 01:35:42 | 000,172,840 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\setup.exe
[2009/05/19 01:35:56 | 000,383,128 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\tbsetup.exe
[2009/05/19 01:36:04 | 001,484,856 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
[2009/05/19 01:35:56 | 000,376,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\unagi3.exe
[2009/05/19 01:36:02 | 000,030,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
[2009/05/19 01:36:04 | 002,884,832 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
[2009/12/15 07:14:36 | 000,095,568 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4482\RunOnce.exe
[2009/12/15 07:33:18 | 000,120,144 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4482\SBFix.exe
[2009/12/16 08:07:34 | 000,136,528 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4482\Vercopy.exe
[2007/04/18 21:57:24 | 001,272,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AIMinst.exe
[2007/04/18 22:01:12 | 000,481,360 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AIMLang.exe
[2007/04/18 21:59:02 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\alsetup.exe
[2007/04/18 21:59:16 | 000,120,368 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\aoldlmgr.exe
[2007/04/18 22:00:14 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\migrator.exe
[2007/04/18 22:00:08 | 005,312,840 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ocpinst.exe
[2007/04/18 21:58:58 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\postproc.exe
[2007/04/18 22:00:44 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\tbsetup.exe
[2007/04/18 22:00:56 | 000,376,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\unagi3.exe
[2007/04/18 22:00:34 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\Vwpt.exe
[2007/01/30 12:24:32 | 001,178,096 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\AIMinst.exe
[2007/01/30 12:25:02 | 000,560,784 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\AIMLang.exe
[2007/01/30 12:24:38 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\alsetup.exe
[2007/01/30 12:25:08 | 000,631,624 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ampx.exe
[2007/01/30 12:24:36 | 000,164,912 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\inst.exe
[2007/01/30 12:25:06 | 000,055,200 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\instopts.exe
[2007/01/30 12:24:22 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\migrator.exe
[2007/01/30 12:24:40 | 000,579,248 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\muinst.exe
[2007/01/30 12:24:56 | 005,358,864 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ocpinst.exe
[2007/01/30 12:25:06 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\postproc.exe
[2007/01/30 12:25:00 | 000,312,880 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\setup.exe
[2007/01/30 12:24:58 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\tbsetup.exe
[2007/01/30 12:24:34 | 001,082,064 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\toolbar.exe
[2007/01/30 12:25:04 | 000,409,640 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\vwpt.exe
[2009/12/15 13:38:18 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL\F_America Online 9.0\DialReg.exe
[2005/03/24 12:36:18 | 000,007,680 | ---- | M] (America Online, Inc) -- C:\Documents and Settings\All Users\Application Data\AOL\F_America Online 9.0\OptClean.exe
[2005/12/02 18:12:46 | 000,009,216 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\F_America Online 9.0\OptScan.exe
[2005/03/10 17:48:16 | 000,167,999 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\F_America Online 9.0\aolEULanPack\cswitch.exe
[2005/03/10 17:48:16 | 003,298,040 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL\F_America Online 9.0\aolEULanPack\langpack.exe
[2009/12/15 13:38:35 | 000,011,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL\F_America Online 9.0\AOLTEMP\ygprm.exe
[2009/06/05 13:57:34 | 000,075,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
[2006/09/01 17:32:20 | 000,081,920 | ---- | M] (Apple Computer, Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe
[2010/05/06 16:43:19 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2004/12/31 13:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\1-Step RoboPDF
[2009/08/10 18:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\A4DeskPro
[2008/05/26 22:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ableton
[2007/01/30 12:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\acccore
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ACD Systems
[2009/12/16 19:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Acronis
[2010/03/17 16:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Adobe
[2004/11/22 14:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\AdobeUM
[2004/12/05 16:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ahead
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Aim
[2010/03/14 15:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Amazon
[2005/03/10 11:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\AOL
[2009/08/05 20:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Apple Computer
[2007/05/30 18:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Arcsoft
[2009/05/24 09:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ATI
[2009/02/13 18:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\AutoSync for Yahoo
[2009/06/16 22:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\AVS4YOU
[2008/10/07 22:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Blender Foundation
[2009/05/18 20:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Cakewalk
[2010/05/03 21:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Canon
[2004/12/10 02:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ContentGuard
[2006/12/22 19:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\DivX
[2005/05/12 03:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Downloaded Installations
[2009/12/03 01:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\dvdcss
[2007/03/30 08:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\eBookPro6
[2004/12/31 13:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\eHelp
[2005/10/20 01:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ethereal
[2008/09/04 19:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Future Systems Solutions
[2009/12/07 13:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Gearbox Software
[2007/03/20 09:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\GetRightToGo
[2009/11/08 19:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Google
[2004/11/20 12:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Help
[2009/02/17 12:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\IBP
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Identities
[2009/08/24 17:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\IGN_DLM
[2008/06/29 16:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\iLike
[2009/10/30 20:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ImgBurn
[2007/03/02 00:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\InstallShield
[2007/06/22 22:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\InterVideo
[2009/06/19 23:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Intuit
[2008/02/02 14:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\iolo
[2004/12/18 22:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\IsolatedStorage
[2005/05/12 03:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Kinko's
[2004/12/17 18:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Lavasoft
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Leadertech
[2010/03/23 23:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Line 6
[2009/05/06 09:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\LogMeIn Rescue
[2008/12/11 19:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Macromedia
[2009/12/21 17:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mael
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MailWasher
[2010/05/20 10:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MailWasherPro
[2008/10/26 17:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Malwarebytes
[2007/01/23 13:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Media Player Classic
[2010/04/29 10:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft Web Folders
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MixMeister Technology
[2007/09/03 19:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mobipocket
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla
[2009/07/22 22:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MPEG Streamclip
[2004/11/23 16:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MusicLab
[2006/11/23 09:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MySpace
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\NetMedia Providers
[2005/10/01 20:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Netscape
[2004/12/22 03:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Nokia
[2010/01/14 01:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\OpenOffice.org2
[2005/11/21 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Opera
[2008/10/13 22:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\OverDrive
[2010/03/23 23:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PACE Anti-Piracy
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Palo Alto Software Inc
[2007/06/28 20:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PaRaMeter
[2006/07/21 01:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PC Suite
[2006/07/20 23:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PC Suite(2)
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PCForrest
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Publish Providers
[2009/05/05 16:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Radmin
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Real
[2009/12/26 16:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\RIM Palm&PPC Upgrade Wizard
[2006/07/26 07:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\River Past G4
[2006/07/26 07:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\RiverPast G4
[2009/12/26 16:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Roxio
[2008/08/28 21:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sammsoft
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ScanSoft
[2009/06/18 22:37:38 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\SecuROM
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Share-to-Web Upload Folder
[2008/06/03 12:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Skype
[2008/06/03 12:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\skypePM
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\SmartDraw
[2006/12/22 19:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sonic
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sonic Foundry
[2008/02/13 15:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\SonicWALL
[2004/11/22 12:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sony
[2008/10/05 14:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Spybot - Search & Destroy
[2009/10/23 02:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Stamps.com Internet Postage
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Steinberg
[2007/10/08 19:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sun
[2009/04/15 22:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sunbelt
[2005/10/24 02:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Symantec
[2010/02/04 02:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Syntrillium
[2009/01/30 20:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\SystemRequirementsLab
[2006/06/14 21:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Tenebril
[2009/06/11 18:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\TomTom
[2005/09/17 08:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Trend Micro
[2009/08/05 20:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ulead Systems
[2006/12/22 17:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Uniblue
[2009/02/02 00:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Viewpoint
[2007/03/22 14:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\webex
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\WildPackets
[2008/09/14 11:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Winamp
[2008/03/26 00:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\WinBatch
[2009/04/14 18:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Windows Desktop Search
[2009/05/31 12:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Windows Search
[2010/03/09 00:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Wireshark
[2005/03/10 11:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\You've Got Pictures Screensaver
[2010/02/03 18:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\YouSendIt

< %APPDATA%\*.exe /s >
[2007/01/10 19:43:54 | 000,015,872 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
[2010/04/16 10:02:10 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
[2010/02/17 23:26:37 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{2D314071-26CD-47EA-A01E-82FADDE951C5}\ARPPRODUCTICON.exe
[2010/02/17 23:26:37 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{2D314071-26CD-47EA-A01E-82FADDE951C5}\LiquidInstrument.exe_2D31407126CD47EAA01E82FADDE951C5.exe
[2005/03/14 13:59:56 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}\ARPPRODUCTICON.exe
[2005/03/14 13:59:56 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}\NewShortcut11_36495C59089C49D1BD159E5BD86DC9A1.exe
[2005/03/14 13:59:56 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}\NewShortcut1_36495C59089C49D1BD159E5BD86DC9A1.exe
[2010/02/17 13:45:09 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{36F0FA39-2875-4EFD-977C-C405A5E4A403}\ARPPRODUCTICON.exe
[2006/04/13 19:43:48 | 000,012,288 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{3CEA3FEC-1AF5-4818-89D5-406F627E7337}\IconF5FF112D.exe
[2010/03/04 00:10:18 | 000,002,238 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{8B46024A-8C90-4725-AE47-6444109CF5A9}\ARPPRODUCTICON.exe
[2010/03/04 00:10:18 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{8B46024A-8C90-4725-AE47-6444109CF5A9}\NewShortcut11_8B46024A8C904725AE476444109CF5A9.exe
[2010/03/04 00:10:18 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{8B46024A-8C90-4725-AE47-6444109CF5A9}\NewShortcut1_8B46024A8C904725AE476444109CF5A9.exe
[2010/03/04 00:10:18 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{8B46024A-8C90-4725-AE47-6444109CF5A9}\Uninstall_Don_t_Pani_8B46024A8C904725AE476444109CF5A9.exe
[2010/03/31 22:48:19 | 000,411,494 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{90CAF868-0B06-4C4A-A6E9-D0FD17C7BAE1}\controlPanelIcon.exe
[2009/06/19 23:13:55 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{91208A47-5D08-4C79-986F-1931940F51BB}\_bb32ea6.exe
[2007/03/02 00:28:28 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}\ARPPRODUCTICON.exe
[2007/03/02 00:28:28 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}\NewShortcut3_2E7595EC4FB14E2993D49083C8A9B107.exe
[2008/10/13 21:50:24 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}\ARPPRODUCTICON.exe
[2008/10/13 21:50:24 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}\NewShortcut3_D3621EAA00D6479197BF7E8EE3437BF2.exe
[2008/10/13 21:50:24 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}\VPhotoResize.exe_D3621EAA00D6479197BF7E8EE3437BF2.exe
[2006/04/04 19:41:10 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{F1E906E7-1120-428D-A124-4938C306427E}\ARPPRODUCTICON.exe
[2006/04/04 19:41:10 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{F1E906E7-1120-428D-A124-4938C306427E}\PalmDesktopShortcut.exe
[2008/06/21 01:18:18 | 006,850,312 | ---- | M] (MySpace Inc.) -- C:\Documents and Settings\Russell Alexander\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.756.0-static.exe


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/16 20:10:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/16 20:10:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/16 20:10:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/16 20:10:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 01:05:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SYSTEM32\autochk.exe
[2004/08/04 00:56:48 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2001/08/23 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2001/08/23 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\SYSTEM32\DRIVERS\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:04 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/13 20:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/13 20:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 20:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\SYSTEM32\imm32.dll
[2004/08/04 00:56:44 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 12:07:28 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2004/08/04 00:56:44 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2007/04/16 11:52:54 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\SYSTEM32\dllcache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\SYSTEM32\kernel32.dll
[2008/04/13 20:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 20:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 09:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 13:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 13:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\SYSTEM32\dllcache\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\SYSTEM32\mswsock.dll
[2008/04/13 20:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys
[2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 07:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 07:10:36 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SYSTEM32\DRIVERS\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SYSTEM32\ntmssvc.dll
[2004/08/04 00:56:46 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 00:56:56 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SYSTEM32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 00:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SYSTEM32\bits\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SYSTEM32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 00:56:46 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SYSTEM32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2004/08/04 00:56:58 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 20:17:14 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\SYSTEM32\spoolsv.exe
[2005/06/10 19:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SYSTEM32\srsvc.dll
[2004/08/04 00:56:46 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 00:56:48 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SYSTEM32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\Program Files\Internet Explorer\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\Program Files\Mozilla Firefox\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll
[2004/08/04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SYSTEM32\xmlprov.dll
[2004/08/04 00:56:48 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/11/20 02:59:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav
[2004/11/20 02:59:16 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2004/11/20 02:59:16 | 000,901,120 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
[2010/04/26 21:01:33 | 000,160,704 | ---- | M] (Acronis) -- C:\WINDOWS\SYSTEM32\DRIVERS\afcdp.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
[2010/03/09 21:47:26 | 000,134,344 | ---- | M] (COMODO) -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdguard.sys
[2010/05/18 20:21:22 | 000,015,944 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\hitmanpro35.sys
[2010/03/04 20:01:12 | 000,029,312 | ---- | M] (Line 6) -- C:\WINDOWS\SYSTEM32\DRIVERS\l6dp.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys
[2010/04/26 20:56:48 | 000,166,272 | ---- | M] (Acronis) -- C:\WINDOWS\SYSTEM32\DRIVERS\snapman.sys
[2010/04/26 20:59:28 | 000,911,680 | ---- | M] (Acronis) -- C:\WINDOWS\SYSTEM32\DRIVERS\tdrpm258.sys
[2010/04/26 20:59:02 | 000,581,984 | ---- | M] (Acronis) -- C:\WINDOWS\SYSTEM32\DRIVERS\timntr.sys

========== Files - Unicode (All) ==========
[2005/11/17 12:01:14 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?´) -- C:\WINDOWS\System32\´
[2005/11/17 12:01:13 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?´) -- C:\WINDOWS\System32\´
< End of report >

Extras:
OTL Extras logfile created on: 5/20/2010 11:45:01 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Russell Alexander\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.02 Gb Total Space | 14.14 Gb Free Space | 29.44% Space Free | Partition Type: NTFS
Drive D: | 12.65 Gb Total Space | 3.02 Gb Free Space | 23.88% Space Free | Partition Type: FAT32
Drive E: | 35.94 Gb Total Space | 23.75 Gb Free Space | 66.08% Space Free | Partition Type: NTFS
Drive F: | 35.74 Gb Total Space | 20.17 Gb Free Space | 56.45% Space Free | Partition Type: NTFS
Drive G: | 35.80 Gb Total Space | 23.42 Gb Free Space | 65.41% Space Free | Partition Type: NTFS
Drive H: | 35.79 Gb Total Space | 13.67 Gb Free Space | 38.20% Space Free | Partition Type: NTFS
Drive I: | 41.59 Gb Total Space | 31.77 Gb Free Space | 76.39% Space Free | Partition Type: NTFS
Drive J: | 10.65 Gb Total Space | 3.62 Gb Free Space | 33.99% Space Free | Partition Type: FAT32
Drive K: | 8.65 Gb Total Space | 3.08 Gb Free Space | 35.65% Space Free | Partition Type: FAT32
Drive L: | 11.74 Gb Total Space | 2.54 Gb Free Space | 21.60% Space Free | Partition Type: FAT32
Drive M: | 9.47 Gb Total Space | 4.89 Gb Free Space | 51.63% Space Free | Partition Type: FAT32
Drive N: | 21.32 Gb Total Space | 4.09 Gb Free Space | 19.19% Space Free | Partition Type: FAT32
Drive O: | 2.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Q: | 465.76 Gb Total Space | 287.04 Gb Free Space | 61.63% Space Free | Partition Type: NTFS
Drive W: | 149.05 Gb Total Space | 64.38 Gb Free Space | 43.20% Space Free | Partition Type: NTFS

Computer Name: RUSSELL
Current User Name: Russell Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "%1"
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "F:\Macromedia Studio 8\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "J:\ACD USE WITH HP PHOTOSMART\ACDSEE\ACDSEE.EXE" "%1" (ACD Systems, Ltd.)
Directory [ChangeCase] -- M:\CHANGE~1\chgcase.exe "%1" (Zeal SoftStudio)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Print_Directory_Listing] -- c:\windows\Dirlist.bat %1 ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"F:\America Online 9.0\waol.exe" = F:\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1110494747\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1110494747\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"F:\bittorrent\bittorrent.exe" = F:\bittorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\Messenger\Msmsgs.exe" = C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"F:\TurboTax\Home & Business 2006\32bit\ttax.exe" = F:\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"F:\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = F:\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"F:\TurboTax Deluxe 2006\TurboTax Deluxe 2006\32bit\ttax.exe" = F:\TurboTax Deluxe 2006\TurboTax Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"F:\TurboTax Deluxe 2006\TurboTax Deluxe 2006\32bit\updatemgr.exe" = F:\TurboTax Deluxe 2006\TurboTax Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\AnalogX\BitPump\bitpump.exe" = C:\Program Files\AnalogX\BitPump\bitpump.exe:*:Enabled:BitPump -- ()
"F:\TurboTax Business 2007\TurboTax Business 2007\32bit\ttax.exe" = F:\TurboTax Business 2007\TurboTax Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"F:\TurboTax Business 2007\TurboTax Business 2007\32bit\updatemgr.exe" = F:\TurboTax Business 2007\TurboTax Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"E:\TurboTax Premier 2007\TurboTax Premier 2007\32bit\ttax.exe" = E:\TurboTax Premier 2007\TurboTax Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"E:\TurboTax Premier 2007\TurboTax Premier 2007\32bit\updatemgr.exe" = E:\TurboTax Premier 2007\TurboTax Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"F:\QuickBooks 2007\QBDBMgrN.exe" = F:\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"H:\iTunes\iTunes.exe" = H:\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"D:\Painkiller Overdose\Bin\Overdose.exe" = D:\Painkiller Overdose\Bin\Overdose.exe:*:Enabled:Painkiller Overdose -- (Mindware Studios)
"D:\Painkiller Overdose\Bin\OverdoseEditor.exe" = D:\Painkiller Overdose\Bin\OverdoseEditor.exe:*:Enabled:Painkiller Overdose Editor -- (Mindware Studios)
"D:\Painkiller Overdose\Bin\OverdoseServer.exe" = D:\Painkiller Overdose\Bin\OverdoseServer.exe:*:Enabled:Painkiller Overdose Console Server -- (Mindware Studios)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01363D36-93FB-45C9-B7F3-7C2AF5F6BC27}" = Learning QuickBooks 2007
"{019210C1-32C8-423C-BEFD-763C8E7A188F}" = Microsoft Money 2003
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}" = Microsoft Money 2003 System Pack
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{0345F1FF-4A99-4D97-A0ED-579F03FDBB72}_is1" = Port Analyzer 1.0
"{038A4EB1-47BE-4B91-BF66-0E9B078944E5}" = uCertify M70-270: Windows XP Professional
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.1208.1
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A37AA80-885E-11D3-9AC4-00105A0D24F9}" = Sonicbox iM Tuner
"{0B72508E-A32C-40DD-9A26-C5E92A039595}" = AT&T Plug&Share 54Mbps Wireless PCI Adapter
"{0BA14EDE-4C45-482B-BBA2-B3159EFAD60B}" = DirectiXer 2.3
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E3CCCDC-3BB2-B5D5-A547-5F157E1BADB8}" = Catalyst Control Center Core Implementation
"{0E59731F-1CE5-46A4-A20D-854E6C815029}" = Calendar Upgrade
"{0E753927-F773-40D2-8504-F302A464ED9C}" = Boson Standardized Tests v5.02
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{131C976E-E991-40FA-163F-B29022346F01}" = CCC Help English
"{15E00491-0DE1-4A2A-B833-1B0F81EAF53C}" = CoffeeCup Free Flash Text Wizard
"{167E4A06-F407-11D3-95F5-0080AD910D79}" = Saitek Gaming Extensions
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18E70170-C334-44BB-ACCA-3DCCC65CE4C7}" = VOCALOID SKIN (Zero-G LOLA)
"{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}" = MGI VideoWave 4
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{223C0721-A6B0-4853-88C0-331029841734}" = HP Color LaserJet CP1510 Series 2.0
"{243FA669-BEA1-4FD7-906F-DAF000D6B33A}" = Casper XP
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2875A5F5-E613-4F99-9B47-8882C9DD24A5}" = OfotoNow
"{28C80CD6-14DF-42E7-B460-CBF194A6439C}" = Sonic Foundry CD Architect 5.0
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D314071-26CD-47EA-A01E-82FADDE951C5}" = LiquidInstrument Standalone 1.1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{32199E94-CA76-4BA8-B0B6-76A856A5DA98}" = QBWebConnector
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{32785539-3BB4-470C-962B-997FCD0232DA}" = Multi Direct Print Type S IPP port
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{36F0FA39-2875-4EFD-977C-C405A5E4A403}" = LiquidInstrumentDXi2 1.1
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CEA3FEC-1AF5-4818-89D5-406F627E7337}" = World Community Grid Agent
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{4424b048-5725-11dc-8314-0800200c9a66}" = FontLab ScanFont 5
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead DVD MovieFactory 4.0 SE
"{450A41F4-4511-4D5C-8412-6BA4DD88F65F}" = VIPRE Antivirus + Antispyware
"{49A44B9B-DF54-4BFD-BC15-55FFA6566053}" = Atomic Harvester III
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4C93C363-414E-11D4-9756-00C04F8EEB39}" = Macromedia Flash 5
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55D08777-EFAA-41AD-942A-5A2CD4B580F3}" = MixMeister Pro 4
"{55EE08EE-77A4-475E-A163-D6A673498ECF}" = VOCALOID Voice DB (Lola)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5A53992C-48D6-D4DB-75A7-5D13388DAB9A}" = ccc-core-static
"{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}" = PVR Plus
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}" = Paint.NET v3.10
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{5FEA7A01-D361-460D-8E7D-C1C96A5EC61B}" = sdTwoWav
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{62F9F352-A7F7-4051-B2AD-6D1A3C325407}" = OmniPage Pro 11.0
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 3
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B6F3A57-99B2-418F-9F30-A480E93C0746}" = Sonic Foundry DVD Architect 1.0c
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B23535-8136-4863-965C-33A60FFA3CE7}" = EASEUS Data Recovery Wizard Professional 3.3.4
"{745877DC-8FFE-4E4C-ABBC-589B887A47D1}" = Virtual Sound Canvas DXi
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 ESD
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{799118AC-7489-40BA-A7C1-498D84D451C5}" = Weed
"{7AE858CD-7AD6-D9E6-627E-E452A71896E7}" = Catalyst Control Center Graphics Full Existing
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Syste⑭ Utilit⑹
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E545666-F424-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier Edition 2007
"{7F1C5D75-E232-4C2B-A394-E5FB7FBB3D66}" = Sonic Foundry Sound Forge 6.0d
"{7FB37294-8155-11D3-A809-0050BAAFB1BB}" = Business Plan Pro 4.0
"{7FDE7746-74D2-4EAA-9F1E-BB6B0252657B}" = iLike Sidebar
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81E76DE9-BBCB-449C-91BB-6E4E5436D496}" = Adobe Audition 1.0
"{831053E0-79D4-11D4-B1C4-0050BAAABBFD}" = WOW Love
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{838F0053-8744-4B63-8819-CC44C06308AC}" = Visualizer Photo Resize
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B46024A-8C90-4725-AE47-6444109CF5A9}" = Don't Panic - Photo Edition
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.18
"{8BC8DA36-302D-14FA-55AE-5CAAF1CA4F25}" = Catalyst Control Center Graphics Light
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E832933-A073-4020-9FB8-DBADC480B69B}" = Roxio Easy Media Creator 8 Deluxe Suite
"{8F156C85-23F2-4F13-89A6-B0B286D1B4CD}" = File, Print FedEx Kinko's
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F3CF9E1-D738-4C2B-8193-F45AC8B0EC7C}" = Windows Vista Upgrade Advisor
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90CAF868-0B06-4C4A-A6E9-D0FD17C7BAE1}" = Casper 5.0
"{91108AD9-F983-4FDA-A089-ED269C75F21B}" = E-MU Xboard
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98B672F2-857C-4CC9-A25D-6B218077F4F6}" = Yahoo! Autosync
"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}" = GUIDE PLUS+™ for Windows® System
"{9B89EB0D-68C3-4E5D-A705-CD8D37DABF50}" = VOCALOID Expression DB (Standard)
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9E34B40A-CFF3-11D3-8302-00A024A89C17}" = Looper
"{9E34B40B-CFF3-11D3-8302-00A024A89C17}" = FixedLength
"{9E34B40D-CFF3-11D3-8302-00A024A89C17}" = VeloMaster Lite CW
"{9E34B40F-CFF3-11D3-8302-00A024A89C17}" = SlicyDrummer Lite
"{9E34B508-CFF3-11D3-8302-00A024A89C17}" = Rhythm'n'Chords 2 Lite CW
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.1
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A44C8D37-B36B-D378-2201-97137494E339}" = ccc-utility
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A7EC08D3-419E-4568-B59A-82D652450D48}" = WOW
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B123B3B1-C2A0-47E7-AAAB-D1E2DBE259CB}" = VOCALOID Editor V1.0.0.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}" = LogMeIn
"{BB37C263-9B7F-6A1C-A1B8-333C3FB80614}" = ccc-core-preinstall
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEE9DFE1-7CDF-4D1C-A473-3B3DF8FF1431}_is1" = Hot CPU Tester Pro 4.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1121C1F-1962-4A23-B2C2-B9515C837179}" = OverDrive Media Console
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2995A04-6209-40C2-B31D-4D85852B6D8B}" = TVR Update
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3A6202F-8F3E-424C-83B8-189F92A1AB43}" = One Touch Video Capture
"{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}" = EA Download Manager UI
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{CEE2C9FF-FAB4-4A36-B2CD-862C26A58E7E}" = ATI Multimedia Center
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D59967FF-4DCC-4695-BCD9-FA47B94047D6}" = Debugging Tools for Windows
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8EA8CB7-6FEE-49EB-A7FD-AD8F8CB1A924}" = Pitch Fix Trial
"{D917F618-DDB8-4653-95FF-14A9A29A4E3B}" = Zinio Reader
"{D925601D-25E3-4E95-A456-FBD8C2995289}" = E-MU Xboard
"{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in
"{D9C70541-ADA5-40A4-B176-6AAFCBA05C8F}" = Airfix Dogfighter
"{DA22A6BB-10B5-4595-BD59-1AD4023C8536}" = Virtual Sound Canvas VST
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = VC500 Driver
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE5CD0E9-9296-788D-F082-54454791A65E}" = Catalyst Control Center Graphics Previews Common
"{E0233B01-BE70-4D0B-8B69-64331593535C}" = eBook Pro Viewer 5.54
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EA82FF50-E258-4DFE-839B-8F26A01A34A7}" = Microsoft Tool Web Package:WntIpcfg.exe
"{EABACFC4-1CB1-438E-A418-0A3B21CD30D3}" = Waves Restoration
"{EBB15EA8-B7CF-E90C-B977-18777AFC63F0}" = Catalyst Control Center HydraVision Full
"{EC1F2687-6922-43E9-A6A5-73D750A8C8CE}" = MediaFACE II
"{EC27630A-EAFB-AB2A-56CC-7F5189845D85}" = Catalyst Control Center Graphics Full New
"{ED386A62-2BA2-4544-A723-5DFFDC283F6A}" = Mobipocket Reader 6.0
"{EEAA3E5E-1296-45AD-A59E-5D63F604867D}" = Radmin Viewer 3.3
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F01C1DBB-E5DE-49BE-97A6-483F128AEFAF}" = VOCALOID Expression DB (Lola)
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E906E7-1120-428D-A124-4938C306427E}" = Palm Desktop
"{F2472B05-AC59-4363-A8D9-3E722B778633}" = Liquid Player
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6E36639-10C8-4FAD-AF1F-E84D5B6653D1}" = FontLab Studio 5
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FAC611DA-E445-4D7A-8311-7389C627FA32}" = VOCALOID VSTi V1.0.0.1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBCCF9CE-61EE-425E-BE4D-959D76FA7701}" = Adobe GoLive 5.0 Tryout
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"0" = YASA MPEG/AVI to VCD/DVD/SVCD/MPEG/AVI Converter v2.4 (build 0047)
"1-0" = AltaVista FreeAccess
"123 Flash Menu" = 123 Flash Menu v3.2.0.1309
"3D Frog Frenzy" = 3D Frog Frenzy
"3D Pinball Express" = 3D Pinball Express
"3DCD" = Worlds
"3gp Player" = 3gp Player
"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)
"a4deskpro_webunion_is1" = A4DeskPro v1.38
"AAScripter_is1" = AAScripter v2.0
"AccuBurn-R" = AccuBurn-R
"ACDSee" = ACDSee
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica Effects Pack" = Acoustica Effects Pack
"Active Ports" = Active Ports
"Active@ UNDELETE Professional " = Active@ UNDELETE Professional
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 6.5" = Adobe PageMaker 6.5
"Adobe Premiere 6.0" = Adobe Premiere 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Advanced PDF Password Recovery Pro" = Advanced PDF Password Recovery Pro (remove only)
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer 5.1
"AFPL Ghostscript 8.51" = AFPL Ghostscript 8.51
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"After Effects 4.0" = Adobe After Effects 4.0
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"All Video to VCD SVCD DVD Converter_is1" = All Video to VCD SVCD DVD Converter 3.0
"Allok AVI to DVD SVCD VCD Converter_is1" = Allok AVI to DVD SVCD VCD Converter 1.5.8
"Alone in the Dark - The New Nightmare" = Alone in the Dark - The New Nightmare
"AnalogX BitPump" = AnalogX BitPump
"Antares Harmony Engine VST RTAS_is1" = Antares Harmony Engine VST RTAS v1.0
"AnyDVD" = AnyDVD
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Arc DVD Copy_is1" = Arc DVD Copy 1.1.3
"ASIO4ALL" = ASIO4ALL
"ASUS Probe V2.24.10" = ASUS Probe V2.24.10
"ATI Display Driver" = ATI Display Driver
"Audio Converter" = River Past Audio Converter
"avast5" = avast! Free Antivirus
"AVS Video Tools 5.1_is1" = AVS Video Tools 5.1
"AVSDiscCreator_is1" = AVS Disc Creator version 2.1
"Axandra's Reciprocal Links Solution_is1" = ARELIS 4.4.2
"BackupXpress Pro" = BackupXpress Pro 2.72
"BATTLEFIELDV1.0" = Battles of the World
"BB_is1" = Band-in-a-Box and RealBand 2010
"BBE Sonic Maximizer Plugin" = BBE Sonic Maximizer Plugin
"bbfinder 4.1" = bbfinder 4.1
"BBVIDPAK_is1" = Video Tutorial PAK
"BCWipe" = BCWipe 2.0
"BeatModel T1 Plug-in Pack v1.01" = BeatModel T1 Plug-in Pack v1.01
"BetZip_is1" = BetZip Version 2.0.6.91
"BHO Cop" = BHO Cop
"BHODemon_is1" = BHODemon 2.0.0.23
"Binaryfish All Mobile Mines - Pocket PC Edition" = All Mobile Mines - Pocket PC Edition 4.0.1
"BitTorrent" = BitTorrent 4.2.2
"Blender" = Blender (remove only)
"BLPMC1_1_is1" = Blues Piano MasterClass Volume 1
"Blueline_is1" = Blueline 1.1.1
"Board Games" = Board Games
"BookReader_is1" = BookReader 4.6
"Bookshop Classics" = Bookshop Classics
"Boson CCNA eBook" = Boson CCNA eBook
"Burstware - Windows Media Player Bridge" = Burstware - Windows Media Player Bridge
"CakeFX3" = Cakewalk Audio FX Pack3 v1.0
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
"CANONBJ_Deinstall_CNMCP4w.DLL" = Canon i450
"CatchUp V1.3" = CatchUp V1.3
"CdaC13Ba" = SafeCast Shared Components
"CDex" = CDex extraction audio
"CDex_is1" = Cdex version 1.30
"CD-R Inspector" = CD-R Inspector
"CD-R Verifier" = CD-R Verifier
"Cdrom List Creator" = Cdrom List Creator
"Certification Genie" = Certification Genie
"CFSC Chris Free Software Cleaner" = CFSC Chris Free Software Cleaner
"Change Case v3.1" = Change Case v3.1
"CJPDRV_Deinstall 4W" = Canon i450
"CJRSTR_Deinstall" = BJ Printer Driver
"Class Ad Factory V1.0" = Class Ad Factory V1.0
"Cleaner 5 EZ" = Cleaner 5 EZ
"C-Media USB Sound" = C-Media USB Sound
"C-Media USB Sound Driver" = C-Media USB Sound Driver
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"COMODO Internet Security" = COMODO Internet Security
"CopyScat" = CopyScat
"CoyoteWT_is1" = CoyoteWT 1.0
"Creative Launcher" = Creative Launcher
"Creative LAVA" = Creative LAVA!
"CrossFont_is1" = CrossFont version 4.3
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"CutePDF Writer Installation" = CutePDF Writer 2.8
"CWAFV3" = Cakewalk Audio Finder Tool
"CyberKit" = CyberKit
"DartPro 32" = DartPro 32
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Real Audio Codec" = dBpowerAMP Real Audio Codec
"DeClicker" = Steinberg DeClicker v1.21
"DeductionPro 2005-06" = DeductionPro 2005-06
"Dell Laser MFP 1600n" = Dell Laser MFP 1600n Software Uninstall
"Desktop Server 2000" = Desktop Server 2000
"DHTML_Menu_Builder" = DHTML Menu Builder 3.0
"Digital Editions" = Adobe Digital Editions
"DirectoryPrinter" = Directory Printer
"DiskCheckup_is1" = DiskCheckup V2.1
"Download Manager" = Download Manager 2.3.9
"DrawPlus 3.0" = DrawPlus 3.0
"DreamStation DXi2" = DreamStation DXi2
"DriverAgent.exe" = DriverAgent by eSupport.com
"DriverCleanerDotNET" = DH Driver Cleaner.NET
"DVD Ripper Platinum 4" = DVD Ripper Platinum 4
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"EACOM Game Installer" = EACOM Game Installer
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Emagic Logic Audio Platinum 5.5" = Emagic Logic Audio Platinum 5.5
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EnvelopV1.0" = Envelop
"ERUNT_is1" = ERUNT 1.1g
"Ethereal" = Ethereal 0.10.13
"EtherPeek 4.1 Demo" = WildPackets EtherPeek 4.1 Demo
"eWhiz Ad Creator V.1" = eWhiz Ad Creator V.1
"ExamForce Engine Installation CM 7.7" = ExamForce Engine Installation CM 7.7
"exPressit S.E. 3.0" = exPressit S.E. 3.0
"Faber Toys_is1" = Faber Toys
"FinePrint" = FinePrint
"FixYa" = FixYa Expert Utility
"Flaming Pear Photoshop Plug-ins" = Flaming Pear Photoshop Plug-ins
"Flash Designer 5" = Flash Designer 5 (5.0.22.6)
"Flash Renamer" = Flash Renamer
"Flash Website Design_is1" = Flash Website Design Free 1.1563(563 Templates/Unicode UTF8)
"FMJSoft Awave Audio v8.1" = FMJSoft Awave Audio v8.1
"Foxit PDF Editor" = Foxit PDF Editor
"FTP Commander" = FTP Commander
"Full Canvas Jacket Servicepack 1.2" = Full Canvas Jacket Servicepack 1.2
"Full Canvas Jacket Superpatch" = Full Canvas Jacket Superpatch
"gBurner" = gBurner
"GEARPME605" = GEAR PRO "Mastering Edition" 6.05
"GetRight" = GetRight
"Gsar-1.12_is1" = GnuWin32: Gsar version 1.12
"GSview 4.7" = GSview 4.7
"Handmark Solitaire for Palm OS" = Handmark Solitaire for Palm OS
"HijackThis" = HijackThis 2.0.2
"HolyGrail" = Holy Grail
"Home Improvement 1-2-3" = Home Improvement 1-2-3
"HouseCall (for Netscape)" = HouseCall (for Netscape)
"HP DeskJet 690C Series" = HP DeskJet 690C Series (Remove only)
"HP Photo Imaging Software" = HP Photo Imaging Software
"HP Photo Printing Software" = HP Photo Printing Software
"HTML Guard" = HTML Guard
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IIS 4 MMC Simulator" = IIS 4 MMC Simulator
"Image Convert_is1" = Image Convert 1.0
"ImgBurn" = ImgBurn
"InstallShield_{0E753927-F773-40D2-8504-F302A464ED9C}" = Boson Standardized Tests v5.02
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA System Utility
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Introduction to XML" = Introduction to XML
"inzider" = inzider
"IsoBuster_is1" = IsoBuster 1.9
"Java Web Start" = Java Web Start
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"Kingdia DVD Ripper_is1" = Kingdia DVD Ripper V2.5.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"KnowledgeLINK" = KnowledgeLINK
"LAPlayerPlugins" = Liquid Player Plugins (remove only)
"Lavasoft VX2 Cleaner" = Lavasoft VX2 Cleaner
"Line 6 Uninstaller" = Line 6 Uninstaller
"Linkbot 4.0" = Linkbot 4.0
"List Manager" = List Manager
"LivePerson Expert Messenger" = LivePerson Expert Messenger
"LSProSE" = LiveSynth Pro SE (DXi)
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Macallan Outlook Express Extraction" = Macallan Outlook Express Extraction
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Magic ISO Maker v5.3 (build 0216)" = Magic ISO Maker v5.3 (build 0216)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MailWasher" = MailWasher
"MailWasher Pro_is1" = MailWasher Pro
"MailWasher_is1" = MailWasher
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MasterClipsDeinstKey" = MasterClips Browser v2.03
"Mastering Edition" = Steinberg Mastering Edition v1.0
"MasterWriter 2.0" = MasterWriter 2.0
"Meta Whiz 1.0" = Meta Whiz 1.0
"MetPro001_is1" = Metronome Pro
"MFGS1_1_is1" = Master Flatpick Guitar Volume 1
"Microangelo 5.0" = Microangelo 5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Internet Gaming Zone" = MSN Gaming Zone
"Microsoft NetShow Tools 2.0" = Windows Media Tools 4.0
"Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MJGSolo_1-4_is1" = Master Jazz Guitar Solos SuperPAK
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP3 Plug-in" = Sonic Foundry MP3 Plug-In
"MPower" = MPower
"MRW!UninstallKey" = InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Player_is1" = Musicnotes Player V1.22.3
"MVApplication1" = Memorex exPressit Label Design Studio
"My Drivers 3.00" = My Drivers 3.00
"MySpaceIM" = MySpaceIM
"Myst 1.3" = Myst
"Myth II" = Myth II
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Netscape (7.1)" = Netscape (7.1)
"Netscape (7.2)" = Netscape (7.2)
"Netscape Browser" = Netscape Browser (remove only)
"Netscape Communicator 4.5" = Netscape Communicator 4.5
"Network Play System (Patching)" = Network Play System (Patching)
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"nLite_is1" = nLite 1.4.9.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSPVA" = Top-10 Word Tracker
"NVIDIA Drivers" = NVIDIA Drivers
"Open Contacts_is1" = Open Contacts v4.1.10
"Orb" = Winamp Remote
"OXFW900 Upload Utility" = OXFW900 Upload Utility
"Painkiller Overdose_is1" = Painkiller Overdose build 84 (NA)
"Panorama Tools (PTGui edition)" = Panorama Tools (PTGui edition) 2.7.0.9.nh1
"PaRaMeter_is1" = PaRaMeter 1.2
"Parrot 2.0" = Prody Parrot 2.0
"PayPal to QuickBooks Link" = PayPal to QuickBooks Link
"PCFriendly" = PCFriendly
"PE Builder_is1" = PE Builder 3.1.10a
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 2.0.0.0
"PG_DX_Plugins_is1" = PG Music DirectX Plugins 2.0.0.0
"Photo Organizer 1.8" = Photo Organizer
"Picasa2" = Picasa 2
"Power Retouche Pro" = Power Retouche Pro
"PowerISO" = PowerISO
"Print Server Driver" = Print Server Driver
"PrintMaster 10" = PrintMaster
"printQuick" = printQuick
"Product Quality Assurance" = Product Quality Assurance
"Pyro Drive Kit Software" = Pyro Drive Kit Software
"Pyst" = Pyst
"Quicken WillMaker 2004" = Quicken WillMaker 2004
"Radio@Netscape Plus" = Radio@Netscape Plus
"Rainbow Sentinel Driver" = Sentinel System Driver
"Reality 1.5" = Reality 1.5
"RealPlayer 6.0" = RealPlayer
"Recycle" = Recycle v1.71
"Red Baron II" = Red Baron II
"RegAlyzer_is1" = RegAlyzer 1.1
"Registrar Lite 2.00" = Registrar Lite 2.00
"Registry First Aid_is1" = Registry First Aid
"RegSupreme Pro_is1" = RegSupreme Pro 1.4
"Replay Media Catcher2.10" = Replay Media Catcher
"rgcAudio Triangle II DXi2 Synthesizer_is1" = rgcAudio Triangle II DXi2
"Rhymesaurus 1.3" = Rhymesaurus 1.3
"RiskDeinstKey" = Risk
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"ROI Forecaster V. 1" = ROI Forecaster V. 1
"Security Task Manager" = Security Task Manager 1.6f
"Selteco Flash Designer" = Selteco Flash Designer 4
"SETI@home" = SETI@home
"Shockwave" = Shockwave
"Sierra Superpatch conversion for FCJ" = Sierra Superpatch conversion for FCJ
"Sierra Utilities" = Sierra Utilities
"Slots 100" = Slots 100
"SmartForce Player" = SmartForce Player
"SnadBoy's Revelation" = SnadBoy's Revelation
"SONAR 5 Producer Edition" = SONAR 5 Producer Edition
"SONAR6Producer_is1" = SONAR 6.2 Producer Edition
"Sonic Foundry ACID Pro 3.0 Crack" = Sonic Foundry ACID Pro 3.0 Crack
"Sonic Foundry XFX vol2 v1.0b" = Sonic Foundry XFX vol2 v1.0b
"Sonic Foundry XFX vol3 v1.0b" = Sonic Foundry XFX vol3 v1.0b
"Sonic Foundry XFX1 v1.0b" = Sonic Foundry XFX1 v1.0b
"Sonic Timeworks Sonar 2 Plug-ins" = Sonic Timeworks Sonar 2 Plug-ins
"Sound Blaster Live!" = Sound Blaster Live!
"SoundDiver Line6" = SoundDiver Line6
"Space Hack_is1" = Space Hack
"Space Station_is1" = Space Station
"Speed Video Converter_is1" = Speed Video Converter 3.0.4
"SpyNet" = SpyNet
"SpywareBlaster_is1" = SpywareBlaster v2.6.1
"ST6UNST #1" = Beat Calc v2.5 By FUALI
"ST6UNST #2" = Driver Detective v2.0
"ST6UNST #3" = Backup To CD-RW (Made Simple) 3.0
"ST6UNST #4" = Stream Save 6.1
"ST6UNST #5" = Iron(FE)-Works - PictureClip v2.0
"Stamps.com" = Stamps.com
"StreetPlugin" = Learn.com Player (Uninstall Only)
"Style Enhancer Micro 1.28" = Style Enhancer Micro 1.28
"Style Enhancer Micro 2.0" = Style Enhancer Micro 2.0
"Sunrise Sunset Calculator_is1" = Sunrise Sunset Calculator 1.4
"SUPER ©" = SUPER © Version 2007.bld.22 (Mar 14, 2007)
"SWiSH v2.0" = SWiSH v2.0
"SWiSHmax" = SWiSHmax
"Sybex e-trainer" = Sybex e-trainer
"SystemRequirementsLab" = System Requirements Lab
"TagMaster" = TagMaster Remove
"TaxCut Deluxe 2005" = TaxCut Deluxe 2005
"TC Bundle" = TC Bundle v2.0
"tdp" = 3Deep
"The Sims" = The Sims
"The_Logo_Creator_v2.0" = The Logo Creator v2
"ThePlaya" = The Playa
"THOMSON mp3PRO Audio Player" = THOMSON mp3PRO Audio Player
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Toolbar optionsToolbar" = URSEARCH Toolbar. Release 2.2
"Top 20 Solid Gold" = Top 20 Solid Gold
"Top 30 Games 4 Kids" = Top 30 Games 4 Kids
"Top 50 Blazing Games" = Top 50 Blazing Games
"Total Video Converter 3.02_is1" = Total Video Converter 3.02
"T-RackS 24" = T-RackS 24
"Transcribe!" = Transcribe!
"TreePrint" = TreePrint
"True Internet Color" = E-Color Indicator
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Business 2007" = TurboTax Business 2007
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Premier 2005" = TurboTax Premier 2005
"TurboTax Premier 2007" = TurboTax Premier 2007
"TVC8XDrv" = KWorld PVR 883 WDM Drivers
"Tweak UI 2.10" = Tweak UI
"Type 103" = Type 103
"UA-100 Controller" = UA-100 Controller
"UBCD4Win_is1" = UBCD4Win 3.50
"Ulead ArtTexture.Plugin 1.0" = Ulead ArtTexture.Plugin 1.0
"Ulead Button.Applet 1.01" = Ulead Button.Applet 1.0
"Ulead COOL 3D 2" = Ulead COOL 3D 2
"Ulead COOL 3D 2.0" = Ulead COOL 3D 2.0 Trial
"Ulead FantasyWarp.Plugin 1.0" = Ulead FantasyWarp.Plugin 1.0
"Ulead Particle.Plugin 1.0" = Ulead Particle.Plugin 1.0
"Ulead Type.Plugin 1.0" = Ulead Type.Plugin 1.0
"Unit Converter" = Unit Converter
"Unlocker" = Unlocker 1.8.3
"Unreal Gold" = Unreal Gold
"Updates.Com" = Updates.Com
"VAEngine 2.1" = VAEngine 2.1
"Vienna" = Vienna SoundFont Studio
"ViewpointMediaPlayer" = Viewpoint Media Player
"Viscape Universal" = Superscape Viscape Universal
"VISPRO" = Microsoft Office Visio Professional 2007
"Vivitar ViviScan Compact II-VSF300" = Vivitar ViviScan Compact II-VSF300
"Voice Editor" = Voice Editor
"VoiceAssist 2.1" = VoiceAssist 2.1
"VSC32" = Virtual Sound Canvas 3.2
"vSim" = vSim
"Warcraft II BNE" = Warcraft II BNE
"Waves Audio Processors 3.2" = Waves Audio Processors 3.2
"Waves Gold Native bundle" = Waves Gold Native bundle
"WebVideoCap" = WebVideoCap
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media On-Demand Producer" = Windows Media On-Demand Producer
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.6.2.0
"WinMX" = WinMX v3.54 beta 4 Patch level: 3.0 mod 2
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Wireshark" = Wireshark 1.2.6
"WM Recorder 12.0" = WM Recorder 12.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV to AVI MPEG DVD WMV Converter_is1" = WMV to AVI MPEG DVD WMV Converter 1.7.8
"WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec
"Wondershare Flash Album Studio_is1" = Wondershare Flash Album Studio (1.6.5.0) Trial Version
"Wondershare Flash SlideShow Builder_is1" = Wondershare Flash SlideShow Builder (3.1.0.92) Trial Version
"Wondershare Flash SlideShow Suite Trial Version_is1" = Wondershare Flash SlideShow Suite (3.1.0.92) Trial Version
"Wondershare Pocket DVD Ripper_is1" = Wondershare Pocket DVD Ripper(Build 1.1.3.0) Trial Version
"Wondershare Pocket DVD Suite Trial Version_is1" = Pocket DVD Suite (Build 1.1.2.0)
"Wondershare Pocket Video Converter Trial Version_is1" = Pocket Video Converter (Build 1.1.2.0)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x2VCD" = Super DVD Ripper (remove only)
"XQXSetup_is1" = Xteq Systems X-Setup 6.1
"xSite" = xSite
"XviD" = XviD MPEG-4 Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"Zip Backup to CD" = Zip Backup to CD
"Zip Password Recovery" = Zip Password Recovery
"Zwei-Stein_is1" = Zwei-Stein Video Compositor 3.01 (Beta 2).

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"998502f2522abe8d" = FOREXTrader
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"cca7cf78de353a76" = QImport4
"FamilySearch Indexing (www.familysearchindexing.org)" = FamilySearch Indexing (www.familysearchindexing.org)
"Google Chrome" = Google Chrome
"Image Web Server IE Plugin" = Image Web Server 8.1 IE Plugins (Build:3,4,0,242)
"MOGClient" = MOG-O-MATIC -- Listening preferences and sharing
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/11/2009 11:30:19 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 11/11/2009 11:30:22 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 11/11/2009 11:30:23 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 11/11/2009 11:30:25 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 11/11/2009 11:30:27 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 11/11/2009 11:30:27 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 12/11/2009 1:13:27 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 3/11/2010 1:52:45 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 3/11/2010 1:52:45 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 3/11/2010 1:52:55 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 5/19/2010 12:52:09 PM | Computer Name = RUSSELL | Source = ESENT | ID = 455
Description = wuaueng.dll (11984) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/19/2010 12:52:24 PM | Computer Name = RUSSELL | Source = ESENT | ID = 489
Description = wuauclt (11648) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/19/2010 12:52:24 PM | Computer Name = RUSSELL | Source = ESENT | ID = 455
Description = wuaueng.dll (11648) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/19/2010 12:52:34 PM | Computer Name = RUSSELL | Source = ESENT | ID = 489
Description = wuauclt (11648) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/19/2010 12:52:34 PM | Computer Name = RUSSELL | Source = ESENT | ID = 455
Description = wuaueng.dll (11648) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/19/2010 12:52:52 PM | Computer Name = RUSSELL | Source = ESENT | ID = 489
Description = wuauclt (11260) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/19/2010 12:52:52 PM | Computer Name = RUSSELL | Source = ESENT | ID = 455
Description = wuaueng.dll (11260) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/19/2010 12:53:02 PM | Computer Name = RUSSELL | Source = ESENT | ID = 489
Description = wuauclt (11260) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/19/2010 12:53:02 PM | Computer Name = RUSSELL | Source = ESENT | ID = 455
Description = wuaueng.dll (11260) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/20/2010 11:44:18 AM | Computer Name = RUSSELL | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 8/21/2009 12:31:44 AM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 173335
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 11/7/2009 11:17:16 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 720002
seconds with 7380 seconds of active time. This session ended with a crash.

Error - 11/30/2009 5:44:18 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1146378
seconds with 15960 seconds of active time. This session ended with a crash.

Error - 12/2/2009 10:44:08 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 190775
seconds with 3120 seconds of active time. This session ended with a crash.

Error - 12/12/2009 1:25:06 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 93618
seconds with 1860 seconds of active time. This session ended with a crash.

Error - 12/14/2009 11:13:43 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 208048
seconds with 4140 seconds of active time. This session ended with a crash.

Error - 12/17/2009 11:39:58 AM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 58579
seconds with 780 seconds of active time. This session ended with a crash.

Error - 12/17/2009 7:44:27 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/27/2010 8:48:23 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 444651
seconds with 4380 seconds of active time. This session ended with a crash.

Error - 3/31/2010 4:50:01 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 92
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/19/2010 8:50:37 AM | Computer Name = RUSSELL | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000034'
while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 5/19/2010 8:56:26 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7000
Description = The WPA Security Protocol (IEEE 802.1x) v2.2.0.0 service failed to
start due to the following error: %%183

Error - 5/19/2010 8:56:26 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 5/19/2010 9:09:46 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AmdPPM aslm75 Aspi32 aswSP aswTdi cmdGuard Fips Lbd NetworkX RxFilter SCDEmu

Error - 5/19/2010 9:18:43 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7000
Description = The WPA Security Protocol (IEEE 802.1x) v2.2.0.0 service failed to
start due to the following error: %%183

Error - 5/19/2010 9:18:54 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 5/19/2010 2:30:00 PM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7000
Description = The WPA Security Protocol (IEEE 802.1x) v2.2.0.0 service failed to
start due to the following error: %%183

Error - 5/19/2010 2:30:12 PM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 5/20/2010 11:04:07 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7000
Description = The WPA Security Protocol (IEEE 802.1x) v2.2.0.0 service failed to
start due to the following error: %%183

Error - 5/20/2010 11:04:20 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >
  • 0

#6
Mjöllnir
Posted 20 May 2010 - 02:36 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Hello.


Please continue with the steps below.



»» Step 1 ««

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - (WUSB54Gv42SVC) -- File not foundSRV - (RoxWatch9) -- File not found
SRV - (RoxMediaDB9) -- File not foundSRV - (RoxLiveShare9) -- File not found
SRV - (PnkBstrA) -- File not foundSRV - (MSIU-f36decbb) -- File not found
SRV - (MSIU-e9580d6b) -- File not found
DRV - (rootrepeal) -- File not found
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - Reg Error: Key error. File not found
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE File not found
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - Reg Error: Key error. File not found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O32 - AutoRun File - [2002/05/07 17:24:24 | 000,000,928 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2004/11/19 00:25:40 | 000,000,728 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/04/15 14:23:36 | 000,000,898 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [2000/06/21 17:17:56 | 000,001,014 | -HS- | M] () - C:\AUTOEXEC.OLD -- [ NTFS ]
SafeBootMin: procexp90.Sys - Reg Error: Value error.
SafeBootNet: procexp90.Sys - Reg Error: Value error.
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2005/11/17 12:01:14 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?´) -- C:\WINDOWS\System32\´
[2005/11/17 12:01:13 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?´) -- C:\WINDOWS\System32\´

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.



»» Step 2 ««

Run this is Safe Mode with Networking.


Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post




»» Step 3 ««

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**





»» Step 4 ««

Post Logs
Please post back with the following information:
  • OTL Fix Log
  • Rootrepeal Log
  • ComboFix Log

  • 0

#7
therealex
Posted 20 May 2010 - 09:09 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Didn't work out very well. OTL froze when I tried to run the script (tried it numerous times.) I went into Safe Mode, with the accompanying squeal, and tried RootRepeal, which continued to give the error message. Ran OTL again, and it froze at a different spot.

I ran Combofix and the log is below. I also ran another scan with OTL, since I couldn't successfully complete the script. If you want, I'll post that as well. BTW - Combofix keeps insisting Avast is enabled - it wasn't. I disabled it, and I checked to make sure that the service weren't running. I also checked the main page in the Avast interface, which confirmed it wasn't running.


ComboFix 10-05-20.05 - Russell Alexander 05/20/2010 18:44:18.6.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1993 [GMT -4:00]
Running from: c:\documents and settings\Russell Alexander\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-20 21:48 . 2010-05-20 21:48 -------- d-----w- C:\_OTL
2010-05-19 21:15 . 2010-05-19 21:15 503808 ----a-w- c:\documents and settings\Russell Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-699156bc-n\msvcp71.dll
2010-05-19 21:15 . 2010-05-19 21:15 499712 ----a-w- c:\documents and settings\Russell Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-699156bc-n\jmc.dll
2010-05-19 21:15 . 2010-05-19 21:15 348160 ----a-w- c:\documents and settings\Russell Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-699156bc-n\msvcr71.dll
2010-05-19 21:15 . 2010-05-19 21:15 61440 ----a-w- c:\documents and settings\Russell Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5849b917-n\decora-sse.dll
2010-05-19 21:15 . 2010-05-19 21:15 12800 ----a-w- c:\documents and settings\Russell Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5849b917-n\decora-d3d.dll
2010-05-19 21:15 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 21:52 . 2010-05-18 21:52 86528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\aA555.dll
2010-05-18 12:52 . 2010-05-18 12:52 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-18 05:00 . 2010-05-19 00:21 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-18 04:59 . 2010-05-18 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-18 04:59 . 2010-05-18 04:59 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-13 21:24 . 2010-05-13 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-13 21:24 . 2010-05-17 22:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-30 21:54 . 2010-04-30 21:54 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-29 14:45 . 2010-04-29 14:45 -------- d-----w- c:\program files\AzTools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 22:30 . 2009-05-24 13:33 16608 ----a-w- c:\windows\gdrv.sys
2010-05-20 16:59 . 2004-11-20 07:09 -------- d-----w- c:\documents and settings\Russell Alexander\Application Data\MailWasherPro
2010-05-20 12:59 . 2007-04-05 01:55 -------- d-----w- c:\program files\LogMeIn
2010-05-19 21:16 . 2007-10-09 12:12 -------- d-----w- c:\program files\Common Files\Java
2010-05-19 21:15 . 2002-05-20 22:34 -------- d-----w- c:\program files\Java
2010-05-19 14:31 . 2002-05-07 18:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-19 13:52 . 2002-12-27 15:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-19 13:50 . 2009-01-08 04:30 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-19 13:47 . 2002-05-07 18:27 -------- d-----w- c:\program files\CleanTray
2010-05-19 07:00 . 2004-03-08 23:16 -------- d-----w- c:\program files\ursearch
2010-05-19 05:19 . 2009-08-20 16:27 -------- d-----w- c:\program files\3gp Player
2010-05-18 04:17 . 2009-05-26 20:05 94208 ----a-w- c:\windows\DUMP82eb.tmp
2010-05-18 02:38 . 2009-05-26 20:05 90112 ----a-w- c:\windows\DUMP8155.tmp
2010-05-17 22:46 . 2008-06-19 17:00 -------- d-----w- c:\program files\Citrix
2010-05-17 22:38 . 2009-04-23 03:25 -------- d-----w- c:\program files\Spyware Terminator
2010-05-12 22:29 . 2002-05-07 18:47 -------- d-----w- c:\program files\Symantec
2010-05-12 22:29 . 2002-05-07 18:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-12 22:28 . 2002-05-07 18:37 -------- d-----w- c:\program files\G-VOX Guitar
2010-05-12 07:19 . 2009-04-14 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-06 20:59 . 2009-04-29 22:48 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:57 . 2008-10-26 21:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 20:39 . 2009-04-29 22:49 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-04-29 22:49 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-04-29 22:49 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-04-29 22:49 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-04-29 22:49 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-04-29 22:49 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-04-29 22:49 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-04 01:46 . 2004-11-20 07:09 -------- d-----w- c:\documents and settings\Russell Alexander\Application Data\Canon
2010-04-30 21:55 . 2006-05-31 14:17 -------- d-----w- c:\program files\Roxio
2010-04-30 21:54 . 2003-01-30 15:14 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-30 21:32 . 2006-05-31 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-04-30 21:29 . 2003-02-09 20:19 -------- d-----w- c:\program files\DivX
2010-04-29 19:39 . 2008-10-26 21:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-10-26 21:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 16:32 . 2005-01-28 15:59 16 ----a-w- c:\windows\system32\mswin32.drv
2010-04-27 01:41 . 2009-12-16 12:59 2470752 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-04-27 01:29 . 2010-03-03 21:58 4178056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-27 01:01 . 2009-12-15 23:06 160704 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-04-27 00:59 . 2009-12-15 23:06 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-04-27 00:59 . 2009-05-25 15:28 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-04-27 00:56 . 2009-12-15 23:06 166272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-04-27 00:56 . 2009-05-25 15:27 -------- d-----w- c:\program files\Common Files\Acronis
2010-04-16 14:02 . 2010-04-16 14:02 388096 ----a-r- c:\documents and settings\Russell Alexander\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-15 20:09 . 2009-10-23 06:41 36 ---ha-w- c:\windows\system32\f9t.dat
2010-04-14 16:47 . 2009-04-29 22:49 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-01 02:48 . 2010-04-01 02:48 411494 ----a-r- c:\documents and settings\Russell Alexander\Application Data\Microsoft\Installer\{90CAF868-0B06-4C4A-A6E9-D0FD17C7BAE1}\controlPanelIcon.exe
2010-04-01 02:48 . 2010-04-01 02:48 -------- d-----w- c:\program files\Future Systems Solutions
2010-03-30 15:55 . 2010-03-30 15:55 -------- d-----w- c:\program files\Coyote
2010-03-27 04:21 . 2002-10-04 22:20 -------- d-----w- c:\program files\MailWasher
2010-03-24 03:19 . 2010-03-24 03:19 -------- d-----w- c:\documents and settings\Russell Alexander\Application Data\PACE Anti-Piracy
2010-03-24 03:19 . 2006-10-17 02:24 -------- d-----w- c:\documents and settings\Russell Alexander\Application Data\Line 6
2010-03-24 03:15 . 2006-10-17 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Line 6
2010-03-24 03:13 . 2010-01-15 21:27 -------- d-----w- c:\program files\Line6
2010-03-19 21:15 . 2010-04-15 20:55 52224 ----a-w- c:\documents and settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\{50997114-a686-4585-8fb9-ce1093a1cf75}\components\FFExternalAlert.dll
2010-03-19 21:15 . 2010-04-15 20:55 101376 ----a-w- c:\documents and settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\{50997114-a686-4585-8fb9-ce1093a1cf75}\components\RadioWMPCore.dll
2010-03-10 06:15 . 2004-11-20 06:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 01:47 . 2008-11-26 05:29 171552 ----a-w- c:\windows\system32\guard32.dll
2010-03-10 01:47 . 2008-11-26 05:29 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-03-09 22:42 . 2010-03-09 22:42 1974272 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXG\L6TWXG.dll
2010-03-09 22:41 . 2010-03-09 22:41 1521152 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXG\data\twx\L6TWX.dll
2010-03-05 00:01 . 2006-09-29 16:05 29312 ----a-w- c:\windows\system32\drivers\l6dp.sys
2010-03-04 04:10 . 2010-03-04 04:10 8854 ----a-r- c:\documents and settings\Russell Alexander\Application Data\Microsoft\Installer\{8B46024A-8C90-4725-AE47-6444109CF5A9}\Uninstall_Don_t_Pani_8B46024A8C904725AE476444109CF5A9.exe
2010-03-04 04:10 . 2010-03-04 04:10 40960 ----a-r- c:\documents and settings\Russell Alexander\Application Data\Microsoft\Installer\{8B46024A-8C90-4725-AE47-6444109CF5A9}\NewShortcut11_8B46024A8C904725AE476444109CF5A9.exe
2010-03-04 04:10 . 2010-03-04 04:10 40960 ----a-r- c:\documents and settings\Russell Alexander\Application Data\Microsoft\Installer\{8B46024A-8C90-4725-AE47-6444109CF5A9}\NewShortcut1_8B46024A8C904725AE476444109CF5A9.exe
2010-03-04 04:10 . 2010-03-04 04:10 2238 ----a-r- c:\documents and settings\Russell Alexander\Application Data\Microsoft\Installer\{8B46024A-8C90-4725-AE47-6444109CF5A9}\ARPPRODUCTICON.exe
2010-03-03 21:16 . 2010-04-09 02:21 3862528 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nc3fyxk4.default\extensions\[email protected]\plugins\npRACtrl.dll
2010-02-25 06:24 . 2004-11-20 06:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-11-20 06:48 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2002-05-08 03:42 . 2002-05-07 17:50 11079 ---h--w- c:\program files\folder.htt
2001-12-02 08:18 . 2002-05-07 18:26 1586 ------w- c:\program files\MSO_INST.LOG
2008-04-10 20:00 . 2007-03-22 18:57 44360 ------w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-04-10 20:00 . 2007-03-22 18:57 107928 ------w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2007-07-18 19:54 . 2007-04-05 01:56 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2009-11-18 18:03 . 2009-11-18 18:03 0 --sha-w- c:\windows\All Users\DRM\Cache\Indiv01.tmp
2002-06-24 11:59 . 2003-05-14 11:37 1025 --sh--w- c:\windows\page files\maxmeg.sys
2004-11-05 15:27 . 2004-07-24 17:45 10022 --sh--w- c:\windows\SYSTEM\KGyGaAvL.sys
2006-05-03 09:06 . 2007-02-09 22:58 163328 --sh--r- c:\windows\SYSTEM32\flvDX.dll
2007-02-21 10:47 . 2007-06-02 21:54 31232 --sh--r- c:\windows\SYSTEM32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-06-17 19:02 8461312 ----a-w- c:\windows\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-09-27 503808]
"vscvol.exe"="h:\roland\VSC32\vscvol.exe" [2000-02-09 36864]
"vsc32cnf.exe"="h:\roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-30 1800464]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"<NO NAME>"= 00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"<NO NAME>"= 00000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 20:20 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI7"=vscapi.dll
"WAVE6"=vscapi.dll
"wave1"=rddv1006.dll
"midi2"=rddv1006.dll
"mixer1"=rddv1006.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Russell Alexander^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Russell Alexander^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Russell Alexander^Start Menu^Programs^Startup^World Community Grid Agent.lnk]
backup=c:\windows\pss\World Community Grid Agent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-10-20 13:40 34904 ------w- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-14 15:28 133104 ----atw- c:\documents and settings\Russell Alexander\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 20:03 125528 ------w- c:\program files\Common Files\AOL\1110494747\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2002-07-17 15:00 200767 ------w- e:\microsoft money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2005-09-01 00:27 1658592 ------w- c:\program files\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ------w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-15 13:19 13680640 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-01-19 03:17 163840 ----a-w- c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBAMTray]
2009-03-17 17:28 955688 ----a-w- c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]
2006-01-03 14:58 208896 ------w- c:\windows\SYSTEM32\sw20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
2006-01-03 14:59 69632 ------w- c:\windows\SYSTEM32\sw24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
2001-08-23 18:00 3072 ------w- c:\windows\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PcCtlCom"=2 (0x2)
"AOL TopSpeedMonitor"=3 (0x3)
"AOL ACS"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"RoxLiveShare"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"GoToMyPC"=3 (0x3)
"C-DillaCdaC11BA"=3 (0x3)
"iPod Service"=3 (0x3)
"UleadBurningHelper"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"IntuitUpdateService"=3 (0x3)
"QBFCService"=3 (0x3)
"Bonjour Service"=3 (0x3)
"Apple Mobile Device"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ATI Launchpad"=
"RFAgent"=m:\registryfirstaid\rfagent.exe
"SpybotSD TeaTimer"=m:\spybot - search & destroy\TeaTimer.exe
"Steam"="m:\half-life 2\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"ATIPTA"=atiptaxx.exe
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"f:\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1110494747\\EE\\AOLServiceHost.exe"=
"f:\\bittorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AnalogX\\BitPump\\bitpump.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\Painkiller Overdose\\Bin\\Overdose.exe"=
"d:\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
"d:\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;\SystemRoot\\SystemRoot\system32\DRIVERS\SI3112r.sys --> \SystemRoot\\SystemRoot\system32\DRIVERS\SI3112r.sys [?]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\SYSTEM32\DRIVERS\tdrpm258.sys [12/15/2009 7:06 PM 911680]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [4/29/2009 6:49 PM 164048]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\SYSTEM32\DRIVERS\cmdguard.sys [11/26/2008 1:29 AM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\SYSTEM32\DRIVERS\cmdhlp.sys [11/26/2008 1:29 AM 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [4/29/2009 6:49 PM 19024]
R2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\SYSTEM32\DRIVERS\cx88xbar.sys [7/4/2007 11:01 PM 8960]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [5/24/2009 9:37 AM 68136]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [6/2/2007 5:58 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/26/2008 5:02 PM 304464]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [10/20/2009 2:19 PM 50704]
R2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [12/19/2009 8:02 PM 188276]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/2/2009 12:41 AM 24652]
R3 L6DP;L6DP;c:\windows\SYSTEM32\DRIVERS\l6dp.sys [9/29/2006 12:05 PM 29312]
R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\SYSTEM32\DRIVERS\L6TPortB.sys [1/15/2010 5:28 PM 532992]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [10/26/2008 5:02 PM 20952]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\SYSTEM32\DRIVERS\vsc.sys [1/1/2006 10:31 PM 951284]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 PQV2i;PQV2i; [x]
S1 c2scsi;c2scsi; [x]
S2 MSIU-f36decbb;MSIU-f36decbb;c:\windows\system32\-f36decbb.exe --> c:\windows\system32\-f36decbb.exe [?]
S3 afcdp;afcdp;c:\windows\SYSTEM32\DRIVERS\afcdp.sys [12/15/2009 7:06 PM 160704]
S3 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/15/2009 7:06 PM 2480048]
S3 emuumidi;E-MU USB-MIDI Driver;c:\windows\SYSTEM32\DRIVERS\emuumidi.sys [3/14/2007 2:11 PM 37120]
S3 gupdate1c929d241ac157c;Google Update Service (gupdate1c929d241ac157c);c:\program files\Google\Update\GoogleUpdate.exe [10/9/2008 1:45 AM 133104]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\SYSTEM32\DRIVERS\hitmanpro35.sys [5/18/2010 1:00 AM 15944]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\38.tmp --> c:\windows\system32\38.tmp [?]
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);c:\windows\SYSTEM32\DRIVERS\p35u.sys [7/28/2008 9:15 PM 116448]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys --> c:\windows\system32\DRIVERS\rcvpn.sys [?]
S3 RD1006;Roland UA-100;c:\windows\SYSTEM32\DRIVERS\rdwm1006.sys [11/20/2004 11:28 AM 169086]
S3 REGMON;REGMON;\??\c:\windows\system32\drivers\REGSYS.SYS --> c:\windows\system32\drivers\REGSYS.SYS [?]
S3 s3legacy;s3legacy;c:\windows\SYSTEM32\DRIVERS\s3legacy.sys [10/22/2006 7:40 PM 65664]
S3 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [10/22/2008 5:08 PM 92464]
S3 sysid;sysid;c:\windows\SYSTEM32\DRIVERS\sysid.sys [4/15/2005 10:41 AM 5568]
S3 TomTomHOMEService;TomTomHOMEService;e:\tomtom home 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
S3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\SYSTEM32\DRIVERS\dmdcap.sys [12/13/2008 9:53 PM 230784]
S3 VGAUTI;VGAUTI;c:\windows\SYSTEM32\DRIVERS\vgauti.sys [9/24/2004 10:00 AM 39208]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 14:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ------w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ------w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ------w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4b4a3d7a-d586-11d2-afd7-00a0c9c724d0}]
2003-01-09 14:43 47024 ------w- c:\program files\Outlook Express\RUNINS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ------w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ------w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2001-03-23 20:17 7168 ------w- c:\windows\SYSTEM32\updcrl.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title = Microsoft Internet Explorer provided by MSN
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search
IE: &search with URSEARCH Toolbar
IE: Add to Google Photos Screensa&ver
IE: Append to Existing PDF
IE: Convert link target to Adobe PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with BitPump - c:\program files\AnalogX\BitPump\ieint.htm
Trusted Zone: accountonline.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
Trusted Zone: turbotax.com
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\progra~1\GetRight\xx2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\progra~1\GetRight\xx2gr.dll
DPF: ChatSpace Java Client 2.1.0.84 - hxxp://63.102.227.45/Java/cs4ms084.cab
DPF: Dialpad Java Applet - hxxp://www.dialpad.com/applet/src/vscp.cab
DPF: Dialpad US Java Applet - hxxp://www.dialpad.com/applet/src/vscp.cab
DPF: DirectAnimation Java Classes
DPF: Internet Explorer Classes for Java
DPF: Microsoft XML Parser for Java
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://aerial.leepa.org/ecwplugins/NCS.cab
DPF: {8C6C6922-6258-44AC-9912-53964AC55276}
FF - ProfilePath - c:\documents and settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\{50997114-a686-4585-8fb9-ce1093a1cf75}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\{50997114-a686-4585-8fb9-ce1093a1cf75}\components\RadioWMPCore.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\Russell Alexander\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPil86.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint_.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint__.dll
FF - plugin: d:\download manager\npfpdlm.dll
FF - plugin: e:\realplayer\Netscape6\nppl3260.dll
FF - plugin: e:\realplayer\Netscape6\nprjplug.dll
FF - plugin: e:\realplayer\Netscape6\nprpjplug.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npdrmv2.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npdsplay.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\NPMetaStream3.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npmusicn.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npmusicn.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\NPOFF12.DLL
FF - plugin: f:\netscape\PROGRAM\Plugins\NPOFF12.DLL
FF - plugin: f:\netscape\PROGRAM\Plugins\npqtplugin.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npqtplugin2.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npqtplugin3.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npqtplugin4.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npqtplugin5.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npwmsdrm.dll
FF - plugin: h:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 18:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\38.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\$$$\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a4,0b,a3,4e,39,fb,e1,6f,e1,7c,f9,09,76,5c,d0,e0,d9,0e,ec,64,a2,c4,5d,
4e,3c,3a,17,fd,d8,d5,45,ce,84,0f,56,9c,36,87,46,b0,27,5a,d4,94,1a,a2,81,1e,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18

[HKEY_USERS\$$$\Software\SecuROM\License information*]
"datasecu"=hex:69,cb,00,49,3e,e6,8e,1f,8f,aa,e2,4e,26,91,bd,94,8c,09,ab,17,97,
3e,cc,3a,03,4e,a9,03,bf,c5,19,d2,c5,b2,5e,63,b3,a0,ea,6b,de,74,1f,6e,1a,12,\
"rkeysecu"=hex:73,4b,7f,dc,46,37,cb,05,e3,5a,b5,93,98,58,9d,72
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(1320)
c:\windows\system32\rddv1006.dll

- - - - - - - > 'explorer.exe'(4744)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-05-20 18:58:04
ComboFix-quarantined-files.txt 2010-05-20 22:57

Pre-Run: 14,856,466,944 bytes free
Post-Run: 14,769,597,952 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - D9BA078E1B042062CDEC66EB85B47AA5
  • 0

#8
Mjöllnir
Posted 20 May 2010 - 10:18 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Hello.


Please continue below.


1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\-f36decbb.exe
c:\windows\system32\38.tmp
c:\windows\system32\drivers\REGSYS.SYS

Driver::
PQV2i
c2scsi
MSIU-f36decbb
MEMSWEEP2
REGMON

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post C:\Combofix.txt in your next reply.






Download OTS to your desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box labeled Scan All Users
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside
    • Reg - ActiveX StubPath
    • Reg - App Paths
    • Reg - Approved Shell Extensions
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • Reg - Drivers32
    • Reg - Ext
    • Reg - File Associations
    • Reg - IE Explorer Bars
    • Reg - NetSvcs
    • Reg - Protocol Filters
    • Reg - Protocol Handlers
    • Reg - SafeBoot Minimal
    • Reg - SafeBoot Network
    • Reg - Session Manager Settings
    • Reg - Winsock2 Catalogs
    • Evnt - EventViewer Logs ( Last 10 Errors )
    • File - Lop Check
    • File - Purity Scan
  • Under the Custom Scans box at the bottom left paste the following in
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    beep.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    ahcix86s.sys
    KR10N.sys
    nvstor32.sys
    nvrd32.sys
    explorer.exe
    svchost.exe
    userinit.exe
    symmpi.sys
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    srsvc.dll
    adp3132.sys
    mv61xx.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete, Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, then click on it to uncheck it.

Please attach the log in your next post.
(Note, The last line is < End of Report >, so make sure that is the last line in the attached report)

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#9
therealex
Posted 21 May 2010 - 08:58 AM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
CF froze the first time I ran it, so I had to re-boot and run it again. Here's the log:

ComboFix 10-05-20.05 - Russell Alexander 05/21/2010 9:19.7.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2074 [GMT -4:00]
Running from: c:\documents and settings\Russell Alexander\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Russell Alexander\Desktop\cfscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"c:\windows\system32\-f36decbb.exe"
"c:\windows\system32\38.tmp"
"c:\windows\system32\drivers\REGSYS.SYS"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Legacy_MSIU-F36DECBB
-------\Legacy_PQV2I
-------\Legacy_REGMON
-------\Service_c2scsi
-------\Service_MSIU-f36decbb
-------\Service_PQV2i
-------\Service_REGMON


((((((((((((((((((((((((( Files Created from 2010-04-21 to 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-20 21:48 . 2010-05-20 21:48 -------- d-----w- C:\_OTL
2010-05-19 21:15 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 21:52 . 2010-05-18 21:52 86528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\aA555.dll
2010-05-18 12:52 . 2010-05-18 12:52 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-18 05:00 . 2010-05-19 00:21 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-18 04:59 . 2010-05-18 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-18 04:59 . 2010-05-18 04:59 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-13 21:24 . 2010-05-13 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-13 21:24 . 2010-05-17 22:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-30 21:54 . 2010-04-30 21:54 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-29 14:45 . 2010-04-29 14:45 -------- d-----w- c:\program files\AzTools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 13:35 . 2009-05-24 13:33 16608 ----a-w- c:\windows\gdrv.sys
2010-05-21 11:29 . 2007-04-05 01:55 -------- d-----w- c:\program files\LogMeIn
2010-05-21 11:25 . 2004-11-20 07:09 -------- d-----w- c:\documents and settings\Russell Alexander\Application Data\MailWasherPro
2010-05-19 21:16 . 2007-10-09 12:12 -------- d-----w- c:\program files\Common Files\Java
2010-05-19 21:15 . 2002-05-20 22:34 -------- d-----w- c:\program files\Java
2010-05-19 14:31 . 2002-05-07 18:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-19 13:52 . 2002-12-27 15:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-19 13:50 . 2009-01-08 04:30 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-19 13:47 . 2002-05-07 18:27 -------- d-----w- c:\program files\CleanTray
2010-05-19 07:00 . 2004-03-08 23:16 -------- d-----w- c:\program files\ursearch
2010-05-19 05:19 . 2009-08-20 16:27 -------- d-----w- c:\program files\3gp Player
2010-05-18 04:17 . 2009-05-26 20:05 94208 ----a-w- c:\windows\DUMP82eb.tmp
2010-05-18 02:38 . 2009-05-26 20:05 90112 ----a-w- c:\windows\DUMP8155.tmp
2010-05-17 22:46 . 2008-06-19 17:00 -------- d-----w- c:\program files\Citrix
2010-05-17 22:38 . 2009-04-23 03:25 -------- d-----w- c:\program files\Spyware Terminator
2010-05-12 22:29 . 2002-05-07 18:47 -------- d-----w- c:\program files\Symantec
2010-05-12 22:29 . 2002-05-07 18:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-12 22:28 . 2002-05-07 18:37 -------- d-----w- c:\program files\G-VOX Guitar
2010-05-12 07:19 . 2009-04-14 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-06 20:59 . 2009-04-29 22:48 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:57 . 2008-10-26 21:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 20:39 . 2009-04-29 22:49 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-04-29 22:49 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-04-29 22:49 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-04-29 22:49 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-04-29 22:49 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-04-29 22:49 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-04-29 22:49 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-04 01:46 . 2004-11-20 07:09 -------- d-----w- c:\documents and settings\Russell Alexander\Application Data\Canon
2010-04-30 21:55 . 2006-05-31 14:17 -------- d-----w- c:\program files\Roxio
2010-04-30 21:54 . 2003-01-30 15:14 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-30 21:32 . 2006-05-31 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-04-30 21:29 . 2003-02-09 20:19 -------- d-----w- c:\program files\DivX
2010-04-29 19:39 . 2008-10-26 21:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-10-26 21:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 16:32 . 2005-01-28 15:59 16 ----a-w- c:\windows\system32\mswin32.drv
2010-04-27 01:41 . 2009-12-16 12:59 2470752 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-04-27 01:29 . 2010-03-03 21:58 4178056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-27 01:01 . 2009-12-15 23:06 160704 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-04-27 00:59 . 2009-12-15 23:06 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-04-27 00:59 . 2009-05-25 15:28 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-04-27 00:56 . 2009-12-15 23:06 166272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-04-27 00:56 . 2009-05-25 15:27 -------- d-----w- c:\program files\Common Files\Acronis
2010-04-15 20:09 . 2009-10-23 06:41 36 ---ha-w- c:\windows\system32\f9t.dat
2010-04-14 16:47 . 2009-04-29 22:49 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-01 02:48 . 2010-04-01 02:48 -------- d-----w- c:\program files\Future Systems Solutions
2010-03-30 15:55 . 2010-03-30 15:55 -------- d-----w- c:\program files\Coyote
2010-03-27 04:21 . 2002-10-04 22:20 -------- d-----w- c:\program files\MailWasher
2010-03-24 03:19 . 2010-03-24 03:19 -------- d-----w- c:\documents and settings\Russell Alexander\Application Data\PACE Anti-Piracy
2010-03-24 03:19 . 2006-10-17 02:24 -------- d-----w- c:\documents and settings\Russell Alexander\Application Data\Line 6
2010-03-24 03:15 . 2006-10-17 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Line 6
2010-03-24 03:13 . 2010-01-15 21:27 -------- d-----w- c:\program files\Line6
2010-03-10 06:15 . 2004-11-20 06:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 01:47 . 2008-11-26 05:29 171552 ----a-w- c:\windows\system32\guard32.dll
2010-03-10 01:47 . 2008-11-26 05:29 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-03-05 00:01 . 2006-09-29 16:05 29312 ----a-w- c:\windows\system32\drivers\l6dp.sys
2010-02-25 06:24 . 2004-11-20 06:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-11-20 06:48 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2002-05-08 03:42 . 2002-05-07 17:50 11079 ---h--w- c:\program files\folder.htt
2001-12-02 08:18 . 2002-05-07 18:26 1586 ------w- c:\program files\MSO_INST.LOG
2008-04-10 20:00 . 2007-03-22 18:57 44360 ------w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-04-10 20:00 . 2007-03-22 18:57 107928 ------w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2007-07-18 19:54 . 2007-04-05 01:56 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2009-11-18 18:03 . 2009-11-18 18:03 0 --sha-w- c:\windows\All Users\DRM\Cache\Indiv01.tmp
2002-06-24 11:59 . 2003-05-14 11:37 1025 --sh--w- c:\windows\page files\maxmeg.sys
2004-11-05 15:27 . 2004-07-24 17:45 10022 --sh--w- c:\windows\SYSTEM\KGyGaAvL.sys
2006-05-03 09:06 . 2007-02-09 22:58 163328 --sh--r- c:\windows\SYSTEM32\flvDX.dll
2007-02-21 10:47 . 2007-06-02 21:54 31232 --sh--r- c:\windows\SYSTEM32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-06-17 19:02 8461312 ----a-w- c:\windows\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-09-27 503808]
"vscvol.exe"="h:\roland\VSC32\vscvol.exe" [2000-02-09 36864]
"vsc32cnf.exe"="h:\roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-30 1800464]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"<NO NAME>"= 00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"<NO NAME>"= 00000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 20:20 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI7"=vscapi.dll
"WAVE6"=vscapi.dll
"wave1"=rddv1006.dll
"midi2"=rddv1006.dll
"mixer1"=rddv1006.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Russell Alexander^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Russell Alexander^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Russell Alexander^Start Menu^Programs^Startup^World Community Grid Agent.lnk]
backup=c:\windows\pss\World Community Grid Agent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-10-20 13:40 34904 ------w- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-14 15:28 133104 ----atw- c:\documents and settings\Russell Alexander\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 20:03 125528 ------w- c:\program files\Common Files\AOL\1110494747\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2002-07-17 15:00 200767 ------w- e:\microsoft money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2005-09-01 00:27 1658592 ------w- c:\program files\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ------w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-15 13:19 13680640 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-01-19 03:17 163840 ----a-w- c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBAMTray]
2009-03-17 17:28 955688 ----a-w- c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]
2006-01-03 14:58 208896 ------w- c:\windows\SYSTEM32\sw20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
2006-01-03 14:59 69632 ------w- c:\windows\SYSTEM32\sw24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
2001-08-23 18:00 3072 ------w- c:\windows\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PcCtlCom"=2 (0x2)
"AOL TopSpeedMonitor"=3 (0x3)
"AOL ACS"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"RoxLiveShare"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"GoToMyPC"=3 (0x3)
"C-DillaCdaC11BA"=3 (0x3)
"iPod Service"=3 (0x3)
"UleadBurningHelper"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"IntuitUpdateService"=3 (0x3)
"QBFCService"=3 (0x3)
"Bonjour Service"=3 (0x3)
"Apple Mobile Device"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ATI Launchpad"=
"RFAgent"=m:\registryfirstaid\rfagent.exe
"SpybotSD TeaTimer"=m:\spybot - search & destroy\TeaTimer.exe
"Steam"="m:\half-life 2\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"ATIPTA"=atiptaxx.exe
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"f:\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1110494747\\EE\\AOLServiceHost.exe"=
"f:\\bittorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AnalogX\\BitPump\\bitpump.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\Painkiller Overdose\\Bin\\Overdose.exe"=
"d:\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
"d:\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;\SystemRoot\\SystemRoot\system32\DRIVERS\SI3112r.sys --> \SystemRoot\\SystemRoot\system32\DRIVERS\SI3112r.sys [?]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\SYSTEM32\DRIVERS\tdrpm258.sys [12/15/2009 7:06 PM 911680]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [4/29/2009 6:49 PM 164048]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\SYSTEM32\DRIVERS\cmdguard.sys [11/26/2008 1:29 AM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\SYSTEM32\DRIVERS\cmdhlp.sys [11/26/2008 1:29 AM 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [4/29/2009 6:49 PM 19024]
R2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\SYSTEM32\DRIVERS\cx88xbar.sys [7/4/2007 11:01 PM 8960]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [5/24/2009 9:37 AM 68136]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [6/2/2007 5:58 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/26/2008 5:02 PM 304464]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [10/20/2009 2:19 PM 50704]
R2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [12/19/2009 8:02 PM 188276]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/2/2009 12:41 AM 24652]
R3 L6DP;L6DP;c:\windows\SYSTEM32\DRIVERS\l6dp.sys [9/29/2006 12:05 PM 29312]
R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\SYSTEM32\DRIVERS\L6TPortB.sys [1/15/2010 5:28 PM 532992]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [10/26/2008 5:02 PM 20952]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\SYSTEM32\DRIVERS\vsc.sys [1/1/2006 10:31 PM 951284]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 afcdp;afcdp;c:\windows\SYSTEM32\DRIVERS\afcdp.sys [12/15/2009 7:06 PM 160704]
S3 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/15/2009 7:06 PM 2480048]
S3 emuumidi;E-MU USB-MIDI Driver;c:\windows\SYSTEM32\DRIVERS\emuumidi.sys [3/14/2007 2:11 PM 37120]
S3 gupdate1c929d241ac157c;Google Update Service (gupdate1c929d241ac157c);c:\program files\Google\Update\GoogleUpdate.exe [10/9/2008 1:45 AM 133104]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\SYSTEM32\DRIVERS\hitmanpro35.sys [5/18/2010 1:00 AM 15944]
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);c:\windows\SYSTEM32\DRIVERS\p35u.sys [7/28/2008 9:15 PM 116448]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys --> c:\windows\system32\DRIVERS\rcvpn.sys [?]
S3 RD1006;Roland UA-100;c:\windows\SYSTEM32\DRIVERS\rdwm1006.sys [11/20/2004 11:28 AM 169086]
S3 s3legacy;s3legacy;c:\windows\SYSTEM32\DRIVERS\s3legacy.sys [10/22/2006 7:40 PM 65664]
S3 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [10/22/2008 5:08 PM 92464]
S3 sysid;sysid;c:\windows\SYSTEM32\DRIVERS\sysid.sys [4/15/2005 10:41 AM 5568]
S3 TomTomHOMEService;TomTomHOMEService;e:\tomtom home 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
S3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\SYSTEM32\DRIVERS\dmdcap.sys [12/13/2008 9:53 PM 230784]
S3 VGAUTI;VGAUTI;c:\windows\SYSTEM32\DRIVERS\vgauti.sys [9/24/2004 10:00 AM 39208]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 14:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ------w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ------w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ------w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4b4a3d7a-d586-11d2-afd7-00a0c9c724d0}]
2003-01-09 14:43 47024 ------w- c:\program files\Outlook Express\RUNINS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ------w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ------w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2001-03-23 20:17 7168 ------w- c:\windows\SYSTEM32\updcrl.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title = Microsoft Internet Explorer provided by MSN
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search
IE: &search with URSEARCH Toolbar
IE: Add to Google Photos Screensa&ver
IE: Append to Existing PDF
IE: Convert link target to Adobe PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - e:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with BitPump - c:\program files\AnalogX\BitPump\ieint.htm
Trusted Zone: accountonline.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
Trusted Zone: turbotax.com
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\progra~1\GetRight\xx2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\progra~1\GetRight\xx2gr.dll
DPF: ChatSpace Java Client 2.1.0.84 - hxxp://63.102.227.45/Java/cs4ms084.cab
DPF: Dialpad Java Applet - hxxp://www.dialpad.com/applet/src/vscp.cab
DPF: Dialpad US Java Applet - hxxp://www.dialpad.com/applet/src/vscp.cab
DPF: DirectAnimation Java Classes
DPF: Internet Explorer Classes for Java
DPF: Microsoft XML Parser for Java
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://aerial.leepa.org/ecwplugins/NCS.cab
DPF: {8C6C6922-6258-44AC-9912-53964AC55276}
FF - ProfilePath - c:\documents and settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\{50997114-a686-4585-8fb9-ce1093a1cf75}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\{50997114-a686-4585-8fb9-ce1093a1cf75}\components\RadioWMPCore.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\Russell Alexander\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPil86.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint_.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint__.dll
FF - plugin: d:\download manager\npfpdlm.dll
FF - plugin: e:\realplayer\Netscape6\nppl3260.dll
FF - plugin: e:\realplayer\Netscape6\nprjplug.dll
FF - plugin: e:\realplayer\Netscape6\nprpjplug.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npdrmv2.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npdsplay.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\NPMetaStream3.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npmusicn.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npmusicn.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\NPOFF12.DLL
FF - plugin: f:\netscape\PROGRAM\Plugins\NPOFF12.DLL
FF - plugin: f:\netscape\PROGRAM\Plugins\npqtplugin.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npqtplugin2.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npqtplugin3.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npqtplugin4.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npqtplugin5.dll
FF - plugin: f:\netscape\PROGRAM\Plugins\npwmsdrm.dll
FF - plugin: h:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-21 09:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\$$$\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a4,0b,a3,4e,39,fb,e1,6f,e1,7c,f9,09,76,5c,d0,e0,d9,0e,ec,64,a2,c4,5d,
4e,3c,3a,17,fd,d8,d5,45,ce,84,0f,56,9c,36,87,46,b0,27,5a,d4,94,1a,a2,81,1e,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18

[HKEY_USERS\$$$\Software\SecuROM\License information*]
"datasecu"=hex:69,cb,00,49,3e,e6,8e,1f,8f,aa,e2,4e,26,91,bd,94,8c,09,ab,17,97,
3e,cc,3a,03,4e,a9,03,bf,c5,19,d2,c5,b2,5e,63,b3,a0,ea,6b,de,74,1f,6e,1a,12,\
"rkeysecu"=hex:73,4b,7f,dc,46,37,cb,05,e3,5a,b5,93,98,58,9d,72
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(1364)
c:\windows\system32\rddv1006.dll

- - - - - - - > 'explorer.exe'(8484)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\crypserv.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\smlogsvc.exe
f:\uphclean\uphclean.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-05-21 09:49:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-21 13:49
ComboFix2.txt 2010-05-20 22:58

Pre-Run: 14,800,276,480 bytes free
Post-Run: 14,500,573,696 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - 6A9ABFD96ED722737273137B783E99BC


I've attached the OTS log, as well. It was over 800k, so I had to zip it to attach it.

Attached File  OTS.zip   98.91KB   501 downloadsSince I'm studying this, I'd really like to keep track of everything so that I can refer to it as a study aid!

- Russ
  • 0

#10
Mjöllnir
Posted 21 May 2010 - 07:40 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Please continue with the fix below.

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1220945662-362288127-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1220945662-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
YN -> NvCplDaemon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
YN -> SW20 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
YN -> SW24 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
YN -> SystemTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
[Files/Folders - Created Within 90 Days]
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 90 Days]
NY -> f9t.dat -> C:\WINDOWS\System32\f9t.dat
NY -> -1 -> C:\WINDOWS\System32\-1
[File - Lop Check]
NY -> COMMON FILES -> C:\Documents and Settings\All Users\Application Data\COMMON FILES
NY -> TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP
NY -> {04573380-C04E-4C13-A8A2-EC012D38220A} -> C:\Documents and Settings\All Users\Application Data\{04573380-C04E-4C13-A8A2-EC012D38220A}
[Files/Folders - Unicode - All]
NY -> C:\WINDOWS\System32\?´ -> C:\WINDOWS\System32\?´
NY -> C:\WINDOWS\System32\?´ -> C:\WINDOWS\System32\?´
[Purity]
[Empty Temp Folders]
[CreateRestorePoint]
[ClearAllRestorePoints]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.






Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run as administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.





Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.




Let's try a GMER scan again (with special instructions - make sure the Files box is unchecked)

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all and Files boxes are unchecked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

Advertisements

#11
therealex
Posted 22 May 2010 - 12:27 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
here's the OTS log:
All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-1220945662-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SW20 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SW24 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SystemTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Created Within 90 Days]
C:\WINDOWS\DUMP8155.tmp deleted successfully.
C:\WINDOWS\DUMP82eb.tmp deleted successfully.
[Files/Folders - Modified Within 90 Days]
C:\WINDOWS\System32\f9t.dat moved successfully.
C:\WINDOWS\System32\-1 moved successfully.
[File - Lop Check]
C:\Documents and Settings\All Users\Application Data\COMMON FILES\INTUIT\QUICKBOOKS\qbupdate\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\COMMON FILES\INTUIT\QUICKBOOKS\qbupdate folder moved successfully.
C:\Documents and Settings\All Users\Application Data\COMMON FILES\INTUIT\QUICKBOOKS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\COMMON FILES\INTUIT folder moved successfully.
C:\Documents and Settings\All Users\Application Data\COMMON FILES folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{04573380-C04E-4C13-A8A2-EC012D38220A}\OFFLINE\8CB13E57\E7402B3C folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{04573380-C04E-4C13-A8A2-EC012D38220A}\OFFLINE\8CB13E57\9AD73F67 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{04573380-C04E-4C13-A8A2-EC012D38220A}\OFFLINE\8CB13E57\4930E812 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{04573380-C04E-4C13-A8A2-EC012D38220A}\OFFLINE\8CB13E57\24C5D7EB folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{04573380-C04E-4C13-A8A2-EC012D38220A}\OFFLINE\8CB13E57 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{04573380-C04E-4C13-A8A2-EC012D38220A}\OFFLINE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{04573380-C04E-4C13-A8A2-EC012D38220A} folder moved successfully.
[Files/Folders - Unicode - All]
File C:\WINDOWS\System32\?´ not found!
File C:\WINDOWS\System32\?´ not found!
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Application Data

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: LocalService

User: Music

User: Music.RUSSELL

User: NetworkService
->Java cache emptied: 29036 bytes
->Flash cache emptied: 5147 bytes

User: Russell Alexander
->Java cache emptied: 12123350 bytes
->Flash cache emptied: 4776 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20210960 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.00 mb

Restore point Set: OTS Restore Point (0)

Restorepoints cleared and new OTS Restore Point set!
< End of fix log >
OTS by OldTimer - Version 3.1.31.0 fix logfile created on 05222010_020452

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


here's the GMER info:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-22 14:14:20
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\RUSSEL~1\LOCALS~1\Temp\kwtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA74AEBDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA72A4C7A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xA74AE1B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xA74AE840]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA72A4B36]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xA74AE09A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xA74B006A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA74B0302]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xA74ADC60]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA72A50EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA72A5014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA72A470C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xA74AFCEC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xA74AE43C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xA74AEA1C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA72A4C10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA72A464C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xA74AE6CC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA72A46B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA72A4D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA72A51B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA74B0648]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA72A4CF0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xA74AFA88]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xA74AEDC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xA74AFE9A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA72A4E70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xA74AE3D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xA74AE5C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xA74ADF64]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xA74ADE32]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA3D4A6D0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA72B1AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C64 80504500 4 Bytes CALL 0AB2EC4F
.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54A72A50
.text ntkrnlpa.exe!ZwCallbackReturn + 2DA0 8050463C 4 Bytes JMP 8B3AA74A
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A72AD536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A72AEEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A72B1ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB5266000, 0x1B601E, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA43B1300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3C8300, 0x1BCE, 0xE8000020]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1728] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0040FD50 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[3872] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4664] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0050E060 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4932] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9DCA6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9DCA7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DCA780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9DCA740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9DCA740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9DCA7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9DCA6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DCA780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9DCA740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9DCA780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9DCA6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9DCA7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9DCA6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9DCA7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9DCA740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DCA780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9DCA740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9DCA7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9DCA6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B9DCA6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B9DCA7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DCA780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B9DCA740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9DCA740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DCA780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9DCA6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9DCA7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1364] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[1364] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\WINDOWS\Explorer.EXE[2156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C92F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C92CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C92D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C92CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe[4216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe[4216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe[4216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe[4216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Russell Alexander\Desktop\gmer.exe[4240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Russell Alexander\Desktop\gmer.exe[4240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Russell Alexander\Desktop\gmer.exe[4240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Russell Alexander\Desktop\gmer.exe[4240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Roland\VSC32\vscvol.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Roland\VSC32\vscvol.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Roland\VSC32\vscvol.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Roland\VSC32\vscvol.exe[4248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Roland\VSC32\vsc32cnf.exe[4308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Roland\VSC32\vsc32cnf.exe[4308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Roland\VSC32\vsc32cnf.exe[4308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Roland\VSC32\vsc32cnf.exe[4308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[4336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AF2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[4336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AF2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[4336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AF2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[4336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AF2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE[4352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE[4352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE[4352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE[4352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\LogMeIn\x86\LMIGuardian.exe[4388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C62F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\LogMeIn\x86\LMIGuardian.exe[4388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C62CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\LogMeIn\x86\LMIGuardian.exe[4388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C62D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\LogMeIn\x86\LMIGuardian.exe[4388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C62CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\RTHDCPL.EXE[4560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01C62F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\RTHDCPL.EXE[4560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01C62CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\RTHDCPL.EXE[4560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01C62D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\RTHDCPL.EXE[4560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01C62CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[4736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[4736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[4736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C32D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[4736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F92F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F92CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F92D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F92CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume12 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume12 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume12 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume13 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume13 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume13 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume14 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume14 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume14 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume10 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume10 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume10 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume11 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume11 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume11 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----


While MBAM (which I have installed as the full version) did a quick scan, AVAST! came up with
Malware blocked
Object: c:\windows\system32\Spool\prtprocs\w32x86\aA555.dll
Infection: Win32:Malware-gen
Action: Moved to chest
Process: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

So, MBAM initiated the malware? Doesn't make sense!

Anyway, thanks for the continuing help. I'm having sudden lags (like as I type this), so something is still going on. At least GMER worked this time! I'm going to try safe mode and see if the hard drive noise is still present.
  • 0

#12
Mjöllnir
Posted 22 May 2010 - 01:54 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts

While MBAM (which I have installed as the full version) did a quick scan, AVAST! came up with
Malware blocked
Object: c:\windows\system32\Spool\prtprocs\w32x86\aA555.dll
Infection: Win32:Malware-gen
Action: Moved to chest
Process: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

So, MBAM initiated the malware? Doesn't make sense!

The only thing that I can think of is that when the MBAM scan "touched" the file, Avast was signaled as to the file's presence and quarantined it.


Did you get any results from the scan? If not, please run it again and post the results. Also, make sure you run MBAM's updates to make sure it has the latest signatures.



I'm having sudden lags (like as I type this), so something is still going on.

Okay.






Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SafeBootMin: procexp90.Sys - Reg Error: Value error.
SafeBootNet: procexp90.Sys - Reg Error: Value error.
[2005/11/17 12:01:14 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?´) -- C:\WINDOWS\System32\´
[2005/11/17 12:01:13 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?´) -- C:\WINDOWS\System32\´

:Commands
[emptytemp]
[start explorer]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.


Post the fix log.



Now run a fresh OTL scan.

Click the Quick Scan button. Do not change any other settings.



Post this OTL log.
  • 0

#13
therealex
Posted 22 May 2010 - 05:33 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
OTL was unable to successfully run the fix. It froze immediately after stopping the processes. Also, MBAM came out with a clean scan. However, it did block numerous attempts to access an IP:
15:44:56 Russell Alexander IP-BLOCK 95.143.193.225

The problem with OTL freezing happened earlier, if you remember. I can try it again. Last time I had to run it three times to get it to finish the whole fix.
  • 0

#14
Mjöllnir
Posted 22 May 2010 - 09:38 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts

The problem with OTL freezing happened earlier, if you remember. I can try it again. Last time I had to run it three times to get it to finish the whole fix.

Yup, I recall the problems you are having running OTL. Go ahead and see if you can get it to run however possible. Also try Safe Mode if necessary.
  • 0

#15
therealex
Posted 22 May 2010 - 10:18 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
No go. Didn't work in either regular or safe mode. I have a packet capture program running, in the hopes that maybe it will find something!

I appreciate your help on this. Can I remove whatever OTL was going to remove manually? It seems to freeze at SafeBootMin: procexp90.Sys - Reg Error: Value error. (I couldn't find ANYTHING about SafeBootMin: in the GTG forums or instructions.) The other file listed, C:\WINDOWS\System32\?´) -- C:\WINDOWS\System32\´is an odd listing, as it's not actually a name.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP