Various problems

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Various problems Help and Support, web pages, Search Companion, System Restore etc

#1 Canary

Group: Member
Posts: 130
Joined: 01-September 10

Posted 02 September 2010 - 12:43 PM

Since yesterday, a number of problems have affected my computer.

These include: some web pages (eg, Hotmail) are blank; System Restore won't open; the Search Companion is blank; Help and Support doesn't work; and automatic redirections that normally work aren't doing so any more.

I was pointed this way from the Windows XP operating system forum.

I have followed the Malware and Spyware Cleaning Guide instructions - with the exception of the GMER Rootkit Scanner. I tried to run it five times, but each time it crashed the computer.

Thanks in advance for any help.

Here are my logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4525

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/09/2010 00:30:41
mbam-log-2010-09-02 (00-30-41).txt

Scan type: Quick scan
Objects scanned: 142292
Time elapsed: 30 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 38
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.

OTL logfile created on: 02/09/2010 19:21:15 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Adam\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 116.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 6.61 Gb Free Space | 17.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adam\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Adam\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (a2free) -- c:\program files\a-squared free\a2service.exe (Emsi Software GmbH)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Adam\LOCALS~1\Temp\catchme.sys File not found
DRV - (Ad-Watch Connect Filter) -- C:\WINDOWS\System32\drivers\NSDriver.sys File not found
DRV - (adiusbaw) -- C:\WINDOWS\System32\DRIVERS\adiusbaw.sys File not found
DRV - (ADILOADER) General Purpose USB Driver (adildr.sys) -- C:\WINDOWS\System32\Drivers\adildr.sys File not found
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BELKIN) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (NBXG7031) -- C:\WINDOWS\system32\drivers\WlanUIG.sys (Conexant Systems, Inc.)
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsof...ss/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thehunger....faces?siteId=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/07/20 23:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/12 22:25:23 | 000,000,000 | ---D | M]

[2009/11/02 01:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Mozilla\Extensions
[2009/11/02 01:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/08/17 20:48:30 | 000,553,311 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 127.0.0.1 17concepts.info
O1 - Hosts: 127.0.0.1 www.17concepts.info
O1 - Hosts: 127.0.0.1 www.1ghporn.info
O1 - Hosts: 127.0.0.1 1ghporn.info
O1 - Hosts: 127.0.0.1 www.1importantiamreal.com
O1 - Hosts: 127.0.0.1 1importantiamreal.com
O1 - Hosts: 127.0.0.1 www.1mybigdreamnowreal.com
O1 - Hosts: 127.0.0.1 1mybigdreamnowreal.com
O1 - Hosts: 127.0.0.1 www.1spybot.com
O1 - Hosts: 127.0.0.1 1spybot.com
O1 - Hosts: 127.0.0.1 2008firefox.com
O1 - Hosts: 127.0.0.1 www.2008firefox.com
O1 - Hosts: 127.0.0.1 2008-viewer.com
O1 - Hosts: 127.0.0.1 www.2008-viewer.com
O1 - Hosts: 127.0.0.1 www.2009antivirpro.com
O1 - Hosts: 127.0.0.1 2009antivirpro.com
O1 - Hosts: 127.0.0.1 www.2009-edition.com
O1 - Hosts: 127.0.0.1 2009-edition.com
O1 - Hosts: 127.0.0.1 www.2009-phone.com
O1 - Hosts: 127.0.0.1 2009-phone.com
O1 - Hosts: 127.0.0.1 www.2009search-destroy.com
O1 - Hosts: 127.0.0.1 2009search-destroy.com
O1 - Hosts: 127.0.0.1 2009-version.info
O1 - Hosts: 14406 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} https://internetbank...frontdoorFD.cab (first direct internet banking plus digital safe)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-30.cab (EPUImageControl Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by124w.bay124...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety....lscbase3401.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1122373160281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://systemrequire...etect_intel.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.zumyn.com...geUploader4.cab (Image Uploader Control)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/23 14:59:27 | 000,148,084 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2005/08/23 14:59:27 | 000,064,632 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2005/06/22 14:20:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b769e77-d96d-11dd-aeb1-001cdf9df905}\Shell - "" = AutoRun
O33 - MountPoints2\{0b769e77-d96d-11dd-aeb1-001cdf9df905}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b37a38c2-193e-11dd-ad0c-0060b3b2e538}\Shell\AutoRun\command - "" = iexplore.exe http://www.headlinem...WinnersBook.asp
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error starting restore point: 3
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/09/02 19:13:07 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\OTL.exe
[2010/09/02 09:44:22 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/09/02 09:44:16 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010/09/02 09:43:48 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010/09/02 09:43:37 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010/09/02 09:42:54 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010/09/02 09:42:49 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010/09/02 09:42:35 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010/09/02 09:42:05 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010/09/02 09:41:46 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010/09/02 09:41:40 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010/09/02 09:41:35 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010/09/02 09:41:28 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010/09/02 09:41:22 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010/09/02 09:41:15 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010/09/02 09:41:09 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010/09/02 09:40:47 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010/09/02 09:40:21 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010/09/02 09:40:14 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010/09/02 09:40:07 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010/09/02 09:40:01 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010/09/02 09:39:30 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/09/02 09:39:05 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010/09/02 09:38:59 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010/09/02 09:38:21 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010/09/02 09:38:15 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010/09/02 09:38:10 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010/09/02 09:38:04 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010/09/02 09:37:59 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010/09/02 09:37:52 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010/09/02 09:37:02 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010/09/02 09:36:53 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010/09/02 09:36:46 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010/09/02 09:36:45 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010/09/02 09:36:39 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010/09/02 09:36:33 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010/09/02 09:36:15 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010/09/02 09:36:10 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010/09/02 09:34:56 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010/09/02 09:34:48 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010/09/02 09:34:45 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010/09/02 09:34:39 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010/09/02 09:34:32 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010/09/02 09:33:59 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010/09/02 09:33:11 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010/09/02 09:33:04 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010/09/02 09:32:59 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010/09/02 09:32:53 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010/09/02 09:32:48 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010/09/02 09:31:56 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010/09/02 09:31:51 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010/09/02 09:31:45 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010/09/02 09:31:32 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010/09/02 09:30:37 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010/09/02 09:30:29 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010/09/02 09:30:18 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010/09/02 09:30:15 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010/09/02 09:29:37 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010/09/02 09:29:27 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010/09/02 09:29:22 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010/09/02 09:28:59 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010/09/02 09:28:54 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010/09/02 09:28:49 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010/09/02 09:28:44 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010/09/02 09:28:40 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010/09/02 09:28:35 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010/09/02 09:28:30 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010/09/02 09:28:25 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010/09/02 09:28:21 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010/09/02 09:28:11 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010/09/02 09:28:06 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010/09/02 09:28:04 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/09/02 09:28:02 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/09/02 09:27:59 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2010/09/02 09:27:54 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2010/09/02 09:27:40 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010/09/02 09:27:31 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010/09/02 09:27:24 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010/09/02 09:27:16 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010/09/02 09:26:58 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010/09/02 09:26:53 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010/09/02 09:26:10 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010/09/02 09:26:05 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010/09/02 09:26:00 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010/09/02 09:25:42 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010/09/02 09:24:28 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2010/09/02 09:24:24 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010/09/02 09:24:05 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010/09/02 09:24:03 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010/09/02 09:23:59 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010/09/02 09:22:59 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010/09/02 09:22:55 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010/09/02 09:22:50 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010/09/02 09:22:44 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010/09/02 09:22:13 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010/09/02 09:21:55 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010/09/02 09:21:51 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010/09/02 09:21:45 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2010/09/02 09:21:44 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010/09/02 09:21:32 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010/09/02 09:21:28 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010/09/02 09:21:16 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010/09/02 09:21:12 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010/09/02 09:21:08 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010/09/02 09:21:03 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010/09/02 09:20:59 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010/09/02 09:20:54 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010/09/02 09:20:41 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010/09/02 09:20:34 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010/09/02 09:20:31 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010/09/02 09:20:24 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010/09/02 09:20:20 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010/09/02 09:20:14 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2010/09/02 09:19:06 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010/09/02 09:18:17 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010/09/02 09:17:42 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010/09/02 09:17:40 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010/09/02 09:17:35 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010/09/02 09:17:32 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010/09/02 09:17:31 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010/09/02 09:17:25 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010/09/02 09:17:18 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010/09/02 09:17:14 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/09/02 09:17:10 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010/09/02 09:17:06 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010/09/02 09:16:58 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010/09/02 09:16:54 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010/09/02 09:16:03 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010/09/02 09:15:51 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2010/09/02 09:15:06 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010/09/02 09:12:11 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/09/02 09:11:57 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/09/02 09:11:19 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/09/02 09:11:16 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/09/02 09:11:13 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/09/02 09:10:51 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/09/02 09:10:33 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/09/02 09:10:27 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/09/02 09:10:23 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/09/02 09:10:18 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/09/02 09:10:16 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/09/02 09:10:14 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/09/02 09:09:53 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/09/02 09:09:47 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/09/02 09:09:44 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/09/02 09:09:05 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010/09/02 09:07:36 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/09/02 09:07:26 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/09/02 09:07:12 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/09/02 09:07:10 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/09/02 09:07:08 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/09/02 09:07:01 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/09/02 09:06:59 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/09/02 09:06:57 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/09/02 09:06:56 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/09/02 09:06:53 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/09/02 09:06:23 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/09/02 09:06:22 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/09/02 09:06:16 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/09/02 09:05:42 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/09/02 09:05:40 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/09/02 09:05:37 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/09/02 09:05:36 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/09/02 09:05:34 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/09/02 09:05:33 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/09/02 09:05:29 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/09/02 09:05:27 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/09/02 09:05:12 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/09/02 09:05:11 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010/09/02 09:04:57 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/09/02 09:04:47 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/09/02 09:04:39 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/09/02 09:04:38 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/09/02 09:04:37 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/09/02 09:04:36 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/09/02 09:04:35 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/09/02 09:04:33 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/09/02 09:04:32 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/09/02 09:04:31 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/09/02 09:04:29 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/09/02 09:04:25 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/09/02 09:04:24 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/09/02 09:03:41 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/09/02 09:03:39 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/09/02 09:03:37 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/09/02 09:03:36 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/09/02 09:03:35 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/09/02 09:03:35 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/09/02 09:03:34 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/09/02 09:03:33 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/09/02 09:03:28 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/09/02 09:03:28 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/09/02 09:03:27 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/09/02 09:03:26 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/09/02 09:03:26 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/09/02 09:03:25 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/09/02 09:03:21 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/09/02 09:03:19 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/09/02 09:03:19 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/09/02 09:03:18 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/09/02 09:03:10 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/09/02 09:03:06 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/09/02 09:03:05 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/09/02 09:03:04 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/09/02 09:03:03 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/09/02 09:03:01 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/09/02 09:02:56 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/09/02 09:02:55 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/09/02 09:02:21 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/09/02 09:02:20 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/09/02 09:02:15 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/09/02 08:47:14 | 000,000,000 | ---D | C] -- C:\I386
[2010/09/02 08:44:36 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/09/02 08:44:36 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/09/02 08:44:35 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/09/02 08:44:35 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/09/02 08:44:34 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/09/02 08:44:34 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/09/02 08:44:32 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/09/02 08:44:31 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/09/02 08:44:30 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/09/02 08:44:29 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/09/02 08:44:28 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/09/02 08:44:27 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/09/02 08:44:27 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/09/02 00:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\gmer
[2010/09/01 23:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Application Data\Malwarebytes
[2010/09/01 23:36:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/01 23:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/01 23:36:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/01 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/01 23:36:15 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adam\Desktop\mbam-setup.exe
[2010/09/01 23:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/01 23:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/01 23:32:29 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Adam\Desktop\erunt-setup.exe
[2010/09/01 23:27:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\TFC.exe
[2010/08/31 23:46:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Adam\Recent
[2010/08/17 19:07:39 | 000,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/07/19 19:19:45 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

========== Files - Modified Within 90 Days ==========

[2010/09/02 19:13:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\OTL.exe
[2010/09/02 19:08:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/02 19:08:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/02 19:07:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/02 19:06:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/02 19:06:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/02 18:50:26 | 000,028,672 | -H-- | M] () -- C:\Documents and Settings\Adam\Application Data\MBSMacOSXPlugin1635.dll
[2010/09/02 10:00:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/02 09:46:19 | 012,845,056 | ---- | M] () -- C:\Documents and Settings\Adam\ntuser.dat
[2010/09/02 08:59:16 | 000,017,130 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/09/02 08:59:16 | 000,017,130 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/09/02 08:58:51 | 000,003,725 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/02 08:23:01 | 064,183,591 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/02 00:35:28 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\gmer.zip
[2010/09/01 23:36:57 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 23:36:15 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adam\Desktop\mbam-setup.exe
[2010/09/01 23:33:42 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\NTREGOPT.lnk
[2010/09/01 23:33:42 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\ERUNT.lnk
[2010/09/01 23:32:31 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Adam\Desktop\erunt-setup.exe
[2010/09/01 23:27:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\TFC.exe
[2010/09/01 22:53:13 | 000,234,482 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\screen.jpg
[2010/09/01 20:41:05 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\housecall.guid.cache
[2010/09/01 20:25:04 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Adam\ntuser.ini
[2010/08/31 20:45:39 | 000,000,296 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/31 20:45:39 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/08/31 20:45:39 | 000,000,112 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/28 23:09:26 | 058,047,024 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Aerosmith Live at London o2 2010 - Sweet Emotion (HD).flv
[2010/08/17 20:48:30 | 000,553,311 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/08/17 19:07:39 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/08/09 22:16:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/09 22:16:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/19 19:19:50 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/19 19:19:45 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/19 19:18:02 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/02 12:10:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/28 23:32:48 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\CCP0610.doc
[2010/06/28 23:19:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/28 21:31:20 | 000,525,680 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/28 21:31:20 | 000,457,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/28 21:31:20 | 000,078,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/28 20:43:59 | 000,039,352 | ---- | M] () -- C:\Documents and Settings\Adam\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/15 13:57:31 | 000,180,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/05 16:40:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

========== Files Created - No Company Name ==========

[2010/09/02 18:50:26 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\Adam\Application Data\MBSMacOSXPlugin1635.dll
[2010/09/02 09:44:15 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/09/02 09:44:06 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010/09/02 09:25:52 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/09/02 09:25:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/09/02 09:19:17 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/09/02 09:12:08 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/09/02 09:12:01 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/09/02 09:11:54 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/09/02 09:11:47 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/09/02 09:11:40 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/09/02 09:07:06 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/09/02 09:07:04 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/09/02 09:07:03 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/09/02 09:02:43 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/09/02 09:02:41 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/09/02 09:02:39 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/09/02 09:02:38 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/09/02 09:02:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/09/02 09:02:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/09/02 09:02:36 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/09/02 09:02:36 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/09/02 09:02:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/09/02 09:02:27 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/09/02 00:35:28 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\gmer.zip
[2010/09/01 23:36:57 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 23:33:42 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\NTREGOPT.lnk
[2010/09/01 23:33:42 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\ERUNT.lnk
[2010/09/01 22:53:13 | 000,234,482 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\screen.jpg
[2010/09/01 20:41:05 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\housecall.guid.cache
[2010/08/28 23:02:32 | 058,047,024 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Aerosmith Live at London o2 2010 - Sweet Emotion (HD).flv
[2010/07/29 09:05:27 | 000,667,718 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Image013.jpg
[2010/06/28 23:25:53 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\CCP0610.doc
[2010/01/10 18:09:54 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/01/10 18:09:54 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/01/10 18:09:54 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/01/10 18:09:54 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/07/20 19:06:10 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/04/20 14:44:55 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/20 14:44:55 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/20 14:44:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/04/20 14:44:53 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/04/20 14:44:53 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/12/18 22:39:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/23 00:03:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2006/04/06 12:23:33 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/04/06 12:23:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/12/14 11:21:11 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2005/12/14 11:21:11 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2005/10/15 20:24:43 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\fusioncache.dat
[2005/08/25 14:52:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/08/09 23:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 23:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/29 11:56:05 | 000,000,968 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2005/07/11 23:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/07/01 12:22:49 | 000,000,814 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/06/29 14:51:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/28 13:39:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2005/06/28 12:06:49 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/26 12:40:27 | 000,008,988 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/06/22 23:41:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2005/06/22 23:28:17 | 000,000,325 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/22 19:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 15:05:57 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004387_.tmp.dll
[2004/08/12 14:59:04 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004419_.tmp.dll
[2004/03/23 01:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

========== LOP Check ==========

[2006/04/23 21:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\.ABC
[2010/01/11 15:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\AnvSoft
[2010/01/11 16:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Azureus
[2009/08/30 14:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2005/11/14 23:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Cakewalk
[2010/08/08 00:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Canon
[2007/05/10 19:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\DataLayer
[2008/08/17 13:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Grisoft
[2007/05/03 19:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\iScreensaver
[2007/09/02 13:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Leadertech
[2009/11/02 01:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\LimeWire
[2009/08/27 21:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Nokia
[2009/08/27 20:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\PC Suite
[2006/03/09 22:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Template
[2010/03/22 20:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Trusteer
[2010/05/29 19:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Uniblue
[2005/06/28 10:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\WholeSecurity
[2007/02/03 20:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2010/02/16 23:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2005/11/14 23:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/01/18 21:16:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/08 00:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2009/02/06 17:49:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/02/11 00:42:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2009/01/18 21:25:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/08/08 00:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2009/06/09 13:51:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/01/18 21:26:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2008/05/03 12:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/08/17 13:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/08/25 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/06/07 11:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/08/25 23:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/08/27 21:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/08/25 23:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/17 20:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/22 20:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/10/29 12:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/08/23 14:59:27 | 000,148,084 | ---- | M] () -- C:\AUTO.pat
[2005/08/23 14:59:27 | 000,064,632 | ---- | M] () -- C:\AUTO.pst
[2005/06/22 14:20:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/10 18:22:06 | 000,020,075 | ---- | M] () -- C:\avi_log.txt
[2010/08/31 20:45:39 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2005/06/22 14:20:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/01/18 21:28:22 | 000,000,180 | ---- | M] () -- C:\dlbt.log
[2007/12/29 23:07:29 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2005/06/22 14:20:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/06/22 14:20:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 15:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/19 19:04:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/02 19:06:31 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/09/01 18:54:07 | 000,011,315 | ---- | M] () -- C:\resetlog.txt
[2009/07/20 19:06:30 | 000,000,184 | ---- | M] () -- C:\setuplog.exe
[2006/11/20 23:15:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2006/11/21 00:08:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2006/11/21 22:08:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2006/11/21 22:20:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2006/12/20 21:28:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/11/19 20:04:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/12/23 22:35:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/01/17 21:39:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2006/11/20 23:15:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2006/11/21 00:08:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2006/11/21 22:08:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2006/11/21 22:20:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2006/12/20 21:28:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/11/19 20:04:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/12/23 22:35:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/01/17 21:39:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/06/22 14:20:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/04/21 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9C.DLL
[2008/04/21 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9C.DLL
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2005/07/29 12:01:24 | 003,446,944 | ---- | M] () -- C:\WINDOWS\dolphin adoption.SCR
[2005/07/29 12:24:20 | 003,703,151 | ---- | M] () -- C:\WINDOWS\Panda adoption.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/02/21 14:11:02 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/06/22 15:06:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/06/22 15:06:48 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/06/22 15:06:48 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/19 19:18:15 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/06/22 14:45:20 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/06/22 14:45:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/01 23:32:31 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Adam\Desktop\erunt-setup.exe
[2010/09/01 23:36:15 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adam\Desktop\mbam-setup.exe
[2010/09/02 19:13:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\OTL.exe
[2010/09/01 23:27:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2005/06/22 15:27:29 | 006,841,800 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Adam\My Documents\R86360.EXE

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/06/22 14:45:19 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Adam\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/02/13 14:20:30 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\ntuser.tmp.LOG

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/04/06 21:30:43 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Adam\Cookies\desktop.ini
[2010/09/02 19:17:44 | 000,131,072 | -HS- | M] () -- C:\Documents and Settings\Adam\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %USERPROFILE%\Templates\*.* >
[2004/08/12 14:55:47 | 000,004,570 | ---- | M] () -- C:\Documents and Settings\Adam\Templates\amipro.sam

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B088B85
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

OTL Extras logfile created on: 02/09/2010 19:21:16 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Adam\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 116.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 6.61 Gb Free Space | 17.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Earth\GoogleEarth.exe" = C:\Program Files\Google\Google Earth\GoogleEarth.exe:*:Enabled:Google Earth -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.9.23 -- File not found
"C:\Program Files\iMesh\iMesh5\iMesh.exe" = C:\Program Files\iMesh\iMesh5\iMesh.exe:*:Enabled:iMesh 5 -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\p2pnetworks\p2pnetworks.exe" = C:\Program Files\p2pnetworks\p2pnetworks.exe:*:Enabled:P2PNetworks -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Aelitis)
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1161558345\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1161558345\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1161558345\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1161558345\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Common Files\AOL\1166647312\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1166647312\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1166647312\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1166647312\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa -- File not found
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- File not found
"D:\Release\Tiscali.exe" = D:\Release\Tiscali.exe:*:Enabled:Tiscali Wireless Gateway Installation -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2218B96C-ABA2-45D9-A0B4-56B71F5303DB}" = Nokia Ovi Suite
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{644B1460-3FC0-48BB-A717-B54D67EA21BB}" = IEEE 802.11g Wireless LAN Utility
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDsc2
"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{9292B96D-B693-4F07-B5FE-21CCDC7CB4AF}" = Nokia Photos
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Any Video Converter_is1" = Any Video Converter 3.0.1
"a-squared Free_is1" = a-squared Free 2.0
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"Azureus" = Azureus
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Cakewalk Media Mixer" = Cakewalk Media Mixer
"Canon MP630 series User Registration" = Canon MP630 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"CD Wave_is1" = CD Wave Editor version 1.94.4
"Chuzzle Deluxe_is1" = Chuzzle Deluxe
"DelinvFile_is1" = DelinvFile - 2.02
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ExtractNow_is1" = ExtractNow
"EZ Tape Converter by MixMeister_is1" = EZ Tape Converter by MixMeister 1.0.5
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"Nokia PC Suite" = Nokia PC Suite
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Smart Data Recovery_is1" = Smart Data Recovery 3.3
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Tweak UI 2.10" = Tweak UI
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Live Safety scanner" = Windows Live Safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZSoft Uninstaller" = ZSoft Uninstaller 2.4.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 16/11/2006 07:31:08 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description =

Error - 16/11/2006 07:31:08 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description =

Error - 16/11/2006 07:31:08 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description =

Error - 18/11/2006 16:03:32 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description =

Error - 18/11/2006 16:04:20 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description =

Error - 24/11/2006 16:23:44 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description =

Error - 24/11/2006 16:23:44 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description =

Error - 24/11/2006 16:23:44 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description =

Error - 24/11/2006 18:22:25 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description =

Error - 24/11/2006 18:22:25 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description =

[ System Events ]
Error - 02/09/2010 04:47:30 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 02/09/2010 04:47:33 | Computer Name = LAPTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000034'
while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 02/09/2010 05:07:27 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 02/09/2010 05:07:29 | Computer Name = LAPTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000034'
while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 02/09/2010 12:51:52 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 02/09/2010 12:51:56 | Computer Name = LAPTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000034'
while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 02/09/2010 13:20:27 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 02/09/2010 13:20:29 | Computer Name = LAPTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000034'
while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 02/09/2010 14:06:51 | Computer Name = LAPTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000034'
while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 02/09/2010 14:06:52 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

< End of report >

#2 azarl

Group: GeekU Moderator
Posts: 15,492
Joined: 07-April 08

Posted 06 September 2010 - 10:53 AM

Hi

Welcome to Geekstogo. I'll be helping you with this problem.

Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

ComboFix
Download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your Antivirus and Antispyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#3 Canary

Group: Member
Posts: 130
Joined: 01-September 10

Posted 06 September 2010 - 12:02 PM

Hi - and thanks for this. (Please don't apologise for the time it has taken to reply - I see what you guys do here and it is fantastic.)

Here's my ComboFix log.

ComboFix 10-09-06.01 - Adam 06/09/2010 18:38:21.1.2 - x86
Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\acrsec.fon
c:\windows\system32\_004376_.tmp.dll
c:\windows\system32\_004377_.tmp.dll
c:\windows\system32\_004378_.tmp.dll
c:\windows\system32\_004379_.tmp.dll
c:\windows\system32\_004386_.tmp.dll
c:\windows\system32\_004387_.tmp.dll
c:\windows\system32\_004388_.tmp.dll
c:\windows\system32\_004389_.tmp.dll
c:\windows\system32\_004391_.tmp.dll
c:\windows\system32\_004392_.tmp.dll
c:\windows\system32\_004395_.tmp.dll
c:\windows\system32\_004396_.tmp.dll
c:\windows\system32\_004398_.tmp.dll
c:\windows\system32\_004399_.tmp.dll
c:\windows\system32\_004400_.tmp.dll
c:\windows\system32\_004402_.tmp.dll
c:\windows\system32\_004405_.tmp.dll
c:\windows\system32\_004406_.tmp.dll
c:\windows\system32\_004410_.tmp.dll
c:\windows\system32\_004411_.tmp.dll
c:\windows\system32\_004413_.tmp.dll
c:\windows\system32\_004414_.tmp.dll
c:\windows\system32\_004416_.tmp.dll
c:\windows\system32\_004418_.tmp.dll
c:\windows\system32\_004419_.tmp.dll
c:\windows\system32\_004420_.tmp.dll
c:\windows\system32\_004421_.tmp.dll
c:\windows\system32\_004422_.tmp.dll
c:\windows\system32\_004425_.tmp.dll
c:\windows\system32\_004426_.tmp.dll
c:\windows\system32\_004427_.tmp.dll
c:\windows\system32\_004428_.tmp.dll
c:\windows\system32\_004429_.tmp.dll
c:\windows\system32\_004434_.tmp.dll
c:\windows\system32\_004436_.tmp.dll
c:\windows\system32\_004437_.tmp.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-02 08:44 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-09-02 08:44 . 2001-08-17 21:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-09-02 08:44 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-09-02 08:44 . 2001-08-17 21:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-09-02 08:43 . 2001-08-17 21:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-09-02 08:43 . 2001-08-17 21:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-09-02 08:43 . 2001-08-17 11:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-09-02 08:43 . 2004-08-03 21:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-09-02 08:43 . 2004-08-03 21:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-09-02 08:43 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-09-02 08:42 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-09-02 08:42 . 2004-08-03 21:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-09-02 08:42 . 2001-08-17 11:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-09-02 08:42 . 2001-08-17 12:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-09-02 08:42 . 2001-08-17 21:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-09-02 08:42 . 2001-08-17 12:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2010-09-02 08:42 . 2004-08-03 21:29 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2010-09-02 08:42 . 2008-04-13 18:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-09-02 08:42 . 2001-08-17 11:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2010-09-02 08:42 . 2004-08-03 21:29 33599 ----a-w- c:\windows\system32\dllcache\watv04nt.sys
2010-09-02 08:42 . 2004-08-03 21:29 19551 ----a-w- c:\windows\system32\dllcache\watv02nt.sys
2010-09-02 08:40 . 2001-08-17 12:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-09-02 08:40 . 2001-08-17 12:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2010-09-02 08:40 . 2001-08-17 12:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2010-09-02 08:40 . 2001-08-17 12:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2010-09-02 08:40 . 2001-08-17 12:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-09-02 08:40 . 2001-08-17 12:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-09-02 08:40 . 2001-08-17 12:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2010-09-02 08:40 . 2001-08-17 12:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2010-09-02 08:40 . 2008-04-13 18:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2010-09-02 08:40 . 2004-08-03 21:31 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2010-09-02 08:39 . 2001-08-17 21:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-09-02 08:39 . 2001-08-17 21:36 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-09-02 08:39 . 2001-08-17 21:36 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-09-02 08:39 . 2001-08-17 21:36 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-09-02 08:39 . 2001-08-17 21:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-09-02 08:39 . 2001-08-17 12:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-09-02 08:39 . 2001-08-17 21:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-09-02 08:39 . 2001-08-17 21:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-09-02 08:39 . 2001-08-17 21:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2010-09-02 08:38 . 2001-08-17 21:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2010-09-02 08:38 . 2001-08-17 12:52 36736 ----a-w- c:\windows\system32\dllcache\ultra.sys
2010-09-02 08:38 . 2001-08-17 12:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2010-09-02 08:38 . 2001-08-17 11:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-09-02 08:38 . 2001-08-17 21:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2010-09-02 08:38 . 2001-08-17 11:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-09-02 08:38 . 2001-08-17 13:56 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2010-09-02 08:37 . 2001-08-17 11:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-09-02 08:37 . 2001-08-17 13:56 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2010-09-02 08:37 . 2001-08-17 11:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2010-09-02 08:37 . 2001-08-17 21:35 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2010-09-02 08:37 . 2008-04-14 00:12 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-09-02 08:37 . 2001-08-17 21:36 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2010-09-02 08:37 . 2001-08-17 12:51 4992 ----a-w- c:\windows\system32\dllcache\toside.sys
2010-09-02 08:37 . 2001-08-17 13:02 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2010-09-02 08:37 . 2001-08-17 13:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-09-02 08:37 . 2001-08-17 11:10 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-09-02 08:37 . 2001-08-17 11:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-09-02 08:36 . 2001-08-17 11:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-09-02 08:36 . 2001-08-17 13:56 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-09-02 08:36 . 2008-04-13 18:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2010-09-02 08:36 . 2001-08-17 11:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-09-02 08:36 . 2001-08-17 11:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-09-02 08:36 . 2001-08-17 12:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-09-02 08:36 . 2001-08-17 12:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2010-09-02 08:36 . 2001-08-17 11:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-09-02 08:36 . 2001-08-17 13:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-09-02 08:36 . 2001-08-17 13:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-09-02 08:35 . 2001-08-17 13:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2010-09-02 08:35 . 2001-08-17 13:07 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-09-02 08:35 . 2001-08-17 13:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-09-02 08:35 . 2001-08-17 21:36 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2010-09-02 08:35 . 2001-08-17 12:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2010-09-02 08:35 . 2001-08-17 13:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-09-02 08:35 . 2001-08-17 21:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-09-02 08:35 . 2001-08-17 21:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-09-02 08:35 . 2001-08-17 21:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-09-02 08:35 . 2001-08-17 21:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-09-02 08:34 . 2001-08-17 21:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-09-02 08:34 . 2001-08-17 21:36 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-09-02 08:34 . 2001-08-17 11:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-09-02 08:34 . 2001-08-17 12:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2010-09-02 08:34 . 2001-08-17 11:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-09-02 08:34 . 2001-08-17 21:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-09-02 08:34 . 2001-08-17 21:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-09-02 08:34 . 2001-08-17 12:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2010-09-02 08:34 . 2001-08-17 21:36 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2010-09-02 08:33 . 2001-08-17 13:07 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2010-09-02 08:33 . 2001-08-17 12:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-09-02 08:33 . 2001-08-17 11:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2010-09-02 08:33 . 2001-08-17 21:36 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2010-09-02 08:33 . 2001-08-17 11:51 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2010-09-02 08:33 . 2001-08-17 12:53 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys
2010-09-02 08:33 . 2008-04-13 18:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys
2010-09-02 08:33 . 2001-08-17 12:53 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-09-02 08:33 . 2001-08-17 11:51 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2010-09-02 08:33 . 2001-08-17 13:56 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll
2010-09-02 08:32 . 2001-08-17 11:12 25034 ----a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2010-09-02 08:32 . 2001-08-17 11:10 35913 ----a-w- c:\windows\system32\dllcache\smcirda.sys
2010-09-02 08:32 . 2001-08-17 11:12 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-09-02 08:32 . 2001-08-17 12:57 6784 ----a-w- c:\windows\system32\dllcache\smbhc.sys
2010-09-02 08:32 . 2008-04-13 18:36 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys
2010-09-02 08:32 . 2008-04-13 18:36 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys
2010-09-02 08:32 . 2001-08-17 21:36 45568 ----a-w- c:\windows\system32\dllcache\smb3w.dll
2010-09-02 08:32 . 2001-08-17 21:36 33792 ----a-w- c:\windows\system32\dllcache\smb0w.dll
2010-09-02 08:32 . 2001-08-17 21:36 28672 ----a-w- c:\windows\system32\dllcache\sma0w.dll
2010-09-02 08:32 . 2001-08-17 21:36 28160 ----a-w- c:\windows\system32\dllcache\sm91w.dll
2010-09-02 08:31 . 2004-08-03 21:31 63547 ----a-w- c:\windows\system32\dllcache\sla30nd5.sys
2010-09-02 08:31 . 2001-08-17 11:12 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys
2010-09-02 08:31 . 2001-08-17 11:12 94698 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2010-09-02 08:31 . 2001-08-17 13:56 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2010-09-02 08:31 . 2001-08-17 11:50 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2010-09-02 08:31 . 2004-08-03 21:31 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2010-09-02 08:31 . 2001-08-17 21:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2010-09-02 08:31 . 2001-08-17 11:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-09-02 08:31 . 2001-08-17 13:56 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-09-02 08:31 . 2001-08-17 11:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-09-02 08:31 . 2001-08-17 13:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-09-02 08:30 . 2001-08-17 11:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-09-02 08:30 . 2001-07-21 13:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-09-02 08:30 . 2001-07-21 13:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-09-02 08:30 . 2001-08-17 11:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-09-02 08:30 . 2001-08-17 21:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-09-02 08:30 . 2001-08-17 11:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-09-02 08:30 . 2001-08-17 12:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 11:42 . 2010-01-23 19:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-02 23:56 . 2006-03-15 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-02 07:59 . 2005-06-22 14:01 17130 ----a-w- c:\windows\system32\nvModes.dat
2010-09-01 19:29 . 2006-06-26 18:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-31 21:49 . 2005-08-31 08:07 -------- d-----w- c:\program files\CCleaner
2010-08-21 21:21 . 2005-07-09 12:38 -------- d-----w- c:\program files\Common Files\Java
2010-08-21 21:21 . 2005-07-09 12:39 -------- d-----w- c:\program files\Java
2010-08-17 20:12 . 2006-07-05 20:58 -------- d-----w- c:\program files\Arovax Shield
2010-08-17 19:00 . 2008-03-02 19:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-17 19:00 . 2006-03-15 23:16 -------- d-----w- c:\program files\SpywareBlaster
2010-08-07 23:12 . 2009-02-10 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
2010-08-07 23:09 . 2009-01-18 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-07 23:07 . 2009-02-10 23:44 -------- d-----w- c:\documents and settings\Adam\Application Data\Canon
2010-08-07 17:05 . 2010-08-07 17:05 61440 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-106a3572-n\decora-sse.dll
2010-08-07 17:05 . 2010-08-07 17:05 503808 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5251424a-n\msvcp71.dll
2010-08-07 17:05 . 2010-08-07 17:05 499712 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5251424a-n\jmc.dll
2010-08-07 17:05 . 2010-08-07 17:05 348160 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5251424a-n\msvcr71.dll
2010-08-07 17:05 . 2010-08-07 17:05 12800 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-106a3572-n\decora-d3d.dll
2010-07-29 10:23 . 2006-04-11 22:40 -------- d-----w- c:\program files\Picasa2
2010-07-19 18:19 . 2009-01-24 18:50 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-19 18:19 . 2010-07-19 18:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-19 18:18 . 2009-01-24 18:50 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-17 04:00 . 2010-05-24 20:56 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 14:31 . 2005-06-22 13:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-19 2065760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-06-18 3698688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-09-01 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-09-01 19:29 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 18:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 gupdate1c9da55b99b5f14;Google Update Service (gupdate1c9da55b99b5f14);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 133104]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\BLKWGU.sys [2005-11-09 402944]
R3 NBXG7031;NB 802.11g XG703 SP3 Driver;c:\windows\system32\DRIVERS\WlanUIG.sys [2005-01-12 352224]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-09-01 12872]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-19 216400]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-19 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-09-01 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-09-01 67656]
S2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-12-06 1858144]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-19 308136]

.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:57]

2010-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-11 22:31]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 20:49]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 20:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thehungersite.com/clickToGive/home.faces?siteId=1
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 18:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1637723038-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(424)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2188)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
.
**************************************************************************
.
Completion time: 2010-09-06 18:55:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-06 17:55

Pre-Run: 7,355,805,696 bytes free
Post-Run: 7,240,478,720 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3D6BB2E9B489F6DEAE43F36AF113844E

#4 azarl

Group: GeekU Moderator
Posts: 15,492
Joined: 07-April 08

Posted 06 September 2010 - 12:19 PM

»Next...«
ComboFix Script

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

Quote

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I need you to include in your next reply.

»Then...«
Download GMER Rootkit Scanner. Note the files name and unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.Then..

#5 Canary

Group: Member
Posts: 130
Joined: 01-September 10

Posted 06 September 2010 - 04:32 PM

Hello again. My latest ComboFix log is pasted below.

However, as stated in my original post, the Rootkit scan just results in my computer crashing.

I have just run the scan for the sixth time - and after more than three hours, it went to the blue screen of death. So I am unable to post a log from there.

Thanks.

ComboFix 10-09-06.01 - Adam 06/09/2010 19:27:47.2.2 - x86
Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Adam\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-02 08:44 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-09-02 08:44 . 2001-08-17 21:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-09-02 08:44 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-09-02 08:44 . 2001-08-17 21:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-09-02 08:43 . 2001-08-17 21:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-09-02 08:43 . 2001-08-17 21:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-09-02 08:43 . 2001-08-17 11:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-09-02 08:43 . 2004-08-03 21:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-09-02 08:43 . 2004-08-03 21:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-09-02 08:43 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-09-02 08:42 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-09-02 08:42 . 2004-08-03 21:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-09-02 08:42 . 2001-08-17 11:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-09-02 08:42 . 2001-08-17 12:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-09-02 08:42 . 2001-08-17 21:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-09-02 08:42 . 2001-08-17 12:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2010-09-02 08:42 . 2004-08-03 21:29 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2010-09-02 08:42 . 2008-04-13 18:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-09-02 08:42 . 2001-08-17 11:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2010-09-02 08:42 . 2004-08-03 21:29 33599 ----a-w- c:\windows\system32\dllcache\watv04nt.sys
2010-09-02 08:42 . 2004-08-03 21:29 19551 ----a-w- c:\windows\system32\dllcache\watv02nt.sys
2010-09-02 08:40 . 2001-08-17 12:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-09-02 08:40 . 2001-08-17 12:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2010-09-02 08:40 . 2001-08-17 12:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2010-09-02 08:40 . 2001-08-17 12:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2010-09-02 08:40 . 2001-08-17 12:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-09-02 08:40 . 2001-08-17 12:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-09-02 08:40 . 2001-08-17 12:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2010-09-02 08:40 . 2001-08-17 12:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2010-09-02 08:40 . 2008-04-13 18:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2010-09-02 08:40 . 2004-08-03 21:31 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2010-09-02 08:39 . 2001-08-17 21:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-09-02 08:39 . 2001-08-17 21:36 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-09-02 08:39 . 2001-08-17 21:36 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-09-02 08:39 . 2001-08-17 21:36 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-09-02 08:39 . 2001-08-17 21:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-09-02 08:39 . 2001-08-17 12:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-09-02 08:39 . 2001-08-17 21:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-09-02 08:39 . 2001-08-17 21:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-09-02 08:39 . 2001-08-17 21:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2010-09-02 08:38 . 2001-08-17 21:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2010-09-02 08:38 . 2001-08-17 12:52 36736 ----a-w- c:\windows\system32\dllcache\ultra.sys
2010-09-02 08:38 . 2001-08-17 12:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2010-09-02 08:38 . 2001-08-17 11:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-09-02 08:38 . 2001-08-17 21:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2010-09-02 08:38 . 2001-08-17 11:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-09-02 08:38 . 2001-08-17 13:56 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2010-09-02 08:37 . 2001-08-17 11:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-09-02 08:37 . 2001-08-17 13:56 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2010-09-02 08:37 . 2001-08-17 11:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2010-09-02 08:37 . 2001-08-17 21:35 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2010-09-02 08:37 . 2008-04-14 00:12 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-09-02 08:37 . 2001-08-17 21:36 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2010-09-02 08:37 . 2001-08-17 12:51 4992 ----a-w- c:\windows\system32\dllcache\toside.sys
2010-09-02 08:37 . 2001-08-17 13:02 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2010-09-02 08:37 . 2001-08-17 13:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-09-02 08:37 . 2001-08-17 11:10 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-09-02 08:37 . 2001-08-17 11:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-09-02 08:36 . 2001-08-17 11:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-09-02 08:36 . 2001-08-17 13:56 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-09-02 08:36 . 2008-04-13 18:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2010-09-02 08:36 . 2001-08-17 11:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-09-02 08:36 . 2001-08-17 11:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-09-02 08:36 . 2001-08-17 12:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-09-02 08:36 . 2001-08-17 12:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2010-09-02 08:36 . 2001-08-17 11:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-09-02 08:36 . 2001-08-17 13:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-09-02 08:36 . 2001-08-17 13:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-09-02 08:35 . 2001-08-17 13:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2010-09-02 08:35 . 2001-08-17 13:07 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-09-02 08:35 . 2001-08-17 13:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-09-02 08:35 . 2001-08-17 21:36 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2010-09-02 08:35 . 2001-08-17 12:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2010-09-02 08:35 . 2001-08-17 13:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-09-02 08:35 . 2001-08-17 21:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-09-02 08:35 . 2001-08-17 21:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-09-02 08:35 . 2001-08-17 21:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-09-02 08:35 . 2001-08-17 21:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-09-02 08:34 . 2001-08-17 21:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-09-02 08:34 . 2001-08-17 21:36 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-09-02 08:34 . 2001-08-17 11:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-09-02 08:34 . 2001-08-17 12:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2010-09-02 08:34 . 2001-08-17 11:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-09-02 08:34 . 2001-08-17 21:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-09-02 08:34 . 2001-08-17 21:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-09-02 08:34 . 2001-08-17 12:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2010-09-02 08:34 . 2001-08-17 21:36 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2010-09-02 08:33 . 2001-08-17 13:07 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2010-09-02 08:33 . 2001-08-17 12:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-09-02 08:33 . 2001-08-17 11:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2010-09-02 08:33 . 2001-08-17 21:36 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2010-09-02 08:33 . 2001-08-17 11:51 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2010-09-02 08:33 . 2001-08-17 12:53 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys
2010-09-02 08:33 . 2008-04-13 18:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys
2010-09-02 08:33 . 2001-08-17 12:53 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-09-02 08:33 . 2001-08-17 11:51 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2010-09-02 08:33 . 2001-08-17 13:56 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll
2010-09-02 08:32 . 2001-08-17 11:12 25034 ----a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2010-09-02 08:32 . 2001-08-17 11:10 35913 ----a-w- c:\windows\system32\dllcache\smcirda.sys
2010-09-02 08:32 . 2001-08-17 11:12 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-09-02 08:32 . 2001-08-17 12:57 6784 ----a-w- c:\windows\system32\dllcache\smbhc.sys
2010-09-02 08:32 . 2008-04-13 18:36 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys
2010-09-02 08:32 . 2008-04-13 18:36 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys
2010-09-02 08:32 . 2001-08-17 21:36 45568 ----a-w- c:\windows\system32\dllcache\smb3w.dll
2010-09-02 08:32 . 2001-08-17 21:36 33792 ----a-w- c:\windows\system32\dllcache\smb0w.dll
2010-09-02 08:32 . 2001-08-17 21:36 28672 ----a-w- c:\windows\system32\dllcache\sma0w.dll
2010-09-02 08:32 . 2001-08-17 21:36 28160 ----a-w- c:\windows\system32\dllcache\sm91w.dll
2010-09-02 08:31 . 2004-08-03 21:31 63547 ----a-w- c:\windows\system32\dllcache\sla30nd5.sys
2010-09-02 08:31 . 2001-08-17 11:12 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys
2010-09-02 08:31 . 2001-08-17 11:12 94698 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2010-09-02 08:31 . 2001-08-17 13:56 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2010-09-02 08:31 . 2001-08-17 11:50 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2010-09-02 08:31 . 2004-08-03 21:31 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2010-09-02 08:31 . 2001-08-17 21:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2010-09-02 08:31 . 2001-08-17 11:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-09-02 08:31 . 2001-08-17 13:56 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-09-02 08:31 . 2001-08-17 11:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-09-02 08:31 . 2001-08-17 13:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-09-02 08:30 . 2001-08-17 11:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-09-02 08:30 . 2001-07-21 13:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-09-02 08:30 . 2001-07-21 13:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-09-02 08:30 . 2001-08-17 11:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-09-02 08:30 . 2001-08-17 21:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-09-02 08:30 . 2001-08-17 11:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-09-02 08:30 . 2001-08-17 12:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 11:42 . 2010-01-23 19:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-02 23:56 . 2006-03-15 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-02 07:59 . 2005-06-22 14:01 17130 ----a-w- c:\windows\system32\nvModes.dat
2010-09-01 19:29 . 2006-06-26 18:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-31 21:49 . 2005-08-31 08:07 -------- d-----w- c:\program files\CCleaner
2010-08-21 21:21 . 2005-07-09 12:38 -------- d-----w- c:\program files\Common Files\Java
2010-08-21 21:21 . 2005-07-09 12:39 -------- d-----w- c:\program files\Java
2010-08-17 20:12 . 2006-07-05 20:58 -------- d-----w- c:\program files\Arovax Shield
2010-08-17 19:00 . 2008-03-02 19:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-17 19:00 . 2006-03-15 23:16 -------- d-----w- c:\program files\SpywareBlaster
2010-08-07 23:12 . 2009-02-10 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
2010-08-07 23:09 . 2009-01-18 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-07 23:07 . 2009-02-10 23:44 -------- d-----w- c:\documents and settings\Adam\Application Data\Canon
2010-08-07 17:05 . 2010-08-07 17:05 61440 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-106a3572-n\decora-sse.dll
2010-08-07 17:05 . 2010-08-07 17:05 503808 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5251424a-n\msvcp71.dll
2010-08-07 17:05 . 2010-08-07 17:05 499712 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5251424a-n\jmc.dll
2010-08-07 17:05 . 2010-08-07 17:05 348160 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5251424a-n\msvcr71.dll
2010-08-07 17:05 . 2010-08-07 17:05 12800 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-106a3572-n\decora-d3d.dll
2010-07-29 10:23 . 2006-04-11 22:40 -------- d-----w- c:\program files\Picasa2
2010-07-19 18:19 . 2009-01-24 18:50 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-19 18:19 . 2010-07-19 18:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-19 18:18 . 2009-01-24 18:50 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-17 04:00 . 2010-05-24 20:56 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 14:31 . 2005-06-22 13:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-19 2065760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-06-18 3698688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-09-01 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-09-01 19:29 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 18:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 gupdate1c9da55b99b5f14;Google Update Service (gupdate1c9da55b99b5f14);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 133104]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\BLKWGU.sys [2005-11-09 402944]
R3 NBXG7031;NB 802.11g XG703 SP3 Driver;c:\windows\system32\DRIVERS\WlanUIG.sys [2005-01-12 352224]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-09-01 12872]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-19 216400]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-19 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-09-01 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-09-01 67656]
S2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-12-06 1858144]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-19 308136]

.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:57]

2010-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-11 22:31]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 20:49]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 20:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thehungersite.com/clickToGive/home.faces?siteId=1
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 19:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1637723038-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(424)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-06 19:40:06
ComboFix-quarantined-files.txt 2010-09-06 18:40
ComboFix2.txt 2010-09-06 17:56

Pre-Run: 7,250,296,832 bytes free
Post-Run: 7,240,237,056 bytes free

- - End Of File - - 7FD416209A8FCAD9DFBCB357A64E556F

#6 Canary

Group: Member
Posts: 130
Joined: 01-September 10

Posted 06 September 2010 - 05:17 PM

I hope what I've just done is useful. During previous GMER scans, I noticed that every entry appeared towards the start of the scan. So what I did was start the scan again, and once the usual suspects cropped up, I stopped the scan before the computer crashed. I then saved the log of what it had found so far.

So here's the partial log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-07 00:06:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Adam\LOCALS~1\Temp\uxtdapow.sys

---- User code sections - GMER 1.0.15 ----

.text c:\program files\a-squared free\a2service.exe[1548] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0045495D c:\program files\a-squared free\a2service.exe (a-squared Service/Emsi Software GmbH)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\DS@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\DS\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\DS\ObjectNames@Directory Service Object 7680
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames@PolicyObject 5632
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames@SecretObject 5648
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames@TrustedDomainObject 5664
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames@UserAccountObject 5680
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@CategoryCount 9
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@GuidMessageFile %SystemRoot%\System32\NtMarta.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@EventMessageFile %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll;%SystemRoot%\System32\xpsp3res.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@TypesSupported 28
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Channel 5120
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Desktop 6672
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Device 4352
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Directory 4368
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Event 4384
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@EventPair 4400
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@File 4416
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@IoCompletion 4864
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Job 5136
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Key 4432
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@MailSlot 4416
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Mutant 4448
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@NamedPipe 4416
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Port 4464
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Process 4480
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Profile 4496
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Section 4512
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Semaphore 4528
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@SymbolicLink 4544
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Thread 4560
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Timer 4576
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Token 4592
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Type 4608
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@WaitablePort 4464
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@WindowStation 6656
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames@Document 6944
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames@Printer 6928
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames@Server 6912
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames@Directory Service Object 7680
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@PolicyObject 5632
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@SecretObject 5648
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@TrustedDomainObject 5664
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@UserAccountObject 5680
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@CategoryCount 9
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@GuidMessageFile %SystemRoot%\System32\NtMarta.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@EventMessageFile %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll;%SystemRoot%\System32\xpsp3res.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@TypesSupported 28
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Channel 5120
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Desktop 6672
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Device 4352
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Directory 4368
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Event 4384
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@EventPair 4400
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@File 4416
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@IoCompletion 4864
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Job 5136
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Key 4432
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@MailSlot 4416
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Mutant 4448
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@NamedPipe 4416
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Port 4464
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Process 4480
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Profile 4496
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Section 4512
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Semaphore 4528
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@SymbolicLink 4544
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Thread 4560
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Timer 4576
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Token 4592
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Type 4608
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@WaitablePort 4464
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@WindowStation 6656
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Document 6944
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Printer 6928
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Server 6912
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS\ObjectNames@Directory Service Object 7680
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@PolicyObject 5632
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@SecretObject 5648
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@TrustedDomainObject 5664
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@UserAccountObject 5680
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@CategoryCount 9
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@GuidMessageFile %SystemRoot%\System32\NtMarta.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@EventMessageFile %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll;%SystemRoot%\System32\xpsp3res.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@TypesSupported 28
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Channel 5120
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Desktop 6672
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Device 4352
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Directory 4368
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Event 4384
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@EventPair 4400
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@File 4416
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@IoCompletion 4864
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Job 5136
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Key 4432
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@MailSlot 4416
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Mutant 4448
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@NamedPipe 4416
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Port 4464
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Process 4480
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Profile 4496
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Section 4512
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Semaphore 4528
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@SymbolicLink 4544
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Thread 4560
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Timer 4576
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Token 4592
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Type 4608
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@WaitablePort 4464
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@WindowStation 6656
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Document 6944
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Printer 6928
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Server 6912
Reg HKLM\SOFTWARE\Classes\.asa@ aspfile
Reg HKLM\SOFTWARE\Classes\.cdf@ ChannelFile
Reg HKLM\SOFTWARE\Classes\.cdf@Content Type application/x-cdf
Reg HKLM\SOFTWARE\Classes\.cdx@ aspfile
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr@ ActionBvr Class
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr\CurVer@ ActionBvr.ActionBvr.1
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr.1@ ActionBvr Class
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr.1\CLSID@ {58A2E406-8304-11D2-9533-0060b0C3C4F4}
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr@ ActorBvr Class
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr\CurVer@ ActorBvr.ActorBvr.1
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr.1@ ActorBvr Class
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr.1\CLSID@ {6DDE3061-736C-11D2-A5E8-00A0C967A25F}
Reg HKLM\SOFTWARE\Classes\adbanner.adbanner@ adbanner Class
Reg HKLM\SOFTWARE\Classes\adbanner.adbanner\CurVer
Reg HKLM\SOFTWARE\Classes\adbanner.adbanner\CurVer@ adbanner.adbanner.1
Reg HKLM\SOFTWARE\Classes\adbanner.adbanner.1@ adbanner Class
Reg HKLM\SOFTWARE\Classes\adbanner.adbanner.1\CLSID
Reg HKLM\SOFTWARE\Classes\adbanner.adbanner.1\CLSID@ {89643D21-7B2A-11d1-8271-00A0C91F9CA0}
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie Control@ ActiveMovie Control Object
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie Control\CurVer
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie Control\CurVer@ AMOVIE.ActiveMovie Control.2
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie Control.2@ ActiveMovie Control Object
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie Control.2@EditFlags 65536
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie Control.2\CLSID
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie Control.2\CLSID@ {05589FA1-C356-11CE-BF01-00AA0055595A}
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovieControl@ ActiveMovie Control Object
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovieControl\CurVer
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovieControl\CurVer@ AMOVIE.ActiveMovie Control.2
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovieControl.2@ ActiveMovie Control Object
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovieControl.2\CLSID
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovieControl.2\CLSID@ {05589FA1-C356-11CE-BF01-00AA0055595A}
Reg HKLM\SOFTWARE\Classes\AMtoolbar.AMtoolbar@ AMtoolbar Class
Reg HKLM\SOFTWARE\Classes\AMtoolbar.AMtoolbar\CurVer
Reg HKLM\SOFTWARE\Classes\AMtoolbar.AMtoolbar\CurVer@ AMtoolbar.AMtoolbar.1
Reg HKLM\SOFTWARE\Classes\AMtoolbar.AMtoolbar.1@ AMtoolbar Class
Reg HKLM\SOFTWARE\Classes\AMtoolbar.AMtoolbar.1\CLSID
Reg HKLM\SOFTWARE\Classes\AMtoolbar.AMtoolbar.1\CLSID@ {0368BFF0-9870-11D0-94AB-0080C74C7E95}
Reg HKLM\SOFTWARE\Classes\ASP.HostEncode\CLSID
Reg HKLM\SOFTWARE\Classes\ASP.HostEncode\CLSID@ {0CF774D1-F077-11D1-B1BC-00C04F86C324}
Reg HKLM\SOFTWARE\Classes\ChannelFile@ Channel File
Reg HKLM\SOFTWARE\Classes\ChannelFile@FriendlyTypeName @%SystemRoot%\System32\cdfview.dll,-4610
Reg HKLM\SOFTWARE\Classes\ChannelFile\CLSID
Reg HKLM\SOFTWARE\Classes\ChannelFile\CLSID@ {f39a0dc0-9cc8-11d0-a599-00c04fd64433}
Reg HKLM\SOFTWARE\Classes\ChannelFile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ChannelFile\DefaultIcon@ %1
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell@ Subscribe
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Edit
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Edit@ Edit
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Edit\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Edit\Command@ notepad.exe %1
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Explore
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Explore\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Explore\Command@ explorer /e,/root,{f39a0dc0-9cc8-11d0-a599-00c04fd64433},%L
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Open
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Open\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Open\Command@ explorer /root,{f39a0dc0-9cc8-11d0-a599-00c04fd64433},%L
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\OpenChannel
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\OpenChannel@ Open Channel
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\OpenChannel\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\OpenChannel\Command@ rundll32 cdfview.dll,OpenChannel %L
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Subscribe
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Subscribe@ Make Available Offline
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Subscribe\Command
Reg HKLM\SOFTWARE\Classes\ChannelFile\Shell\Subscribe\Command@ rundll32 cdfview.dll,Subscribe %L
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\IconHandler
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\IconHandler@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{000214EE-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{000214EE-0000-0000-C000-000000000046}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{00021500-0000-0000-C000-000000000046}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellFolder
Reg HKLM\SOFTWARE\Classes\ChannelFile\ShellFolder@Attributes 0xA0 0x01 0x00 0xA0
Reg HKLM\SOFTWARE\Classes\ChannelShortcut@ Channel Shortcut
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\CLSID
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\CLSID@ {f3aa0dc0-9cc8-11d0-a599-00c04fd64434}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\DefaultIcon@ %1
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell@ Open Channel
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell\OpenChannel
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell\OpenChannel@ Open Channel
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell\OpenChannel\Command
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\Shell\OpenChannel\Command@ rundll32 cdfview.dll,OpenChannel %L
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\ContextMenuHandlers\{f3da0dc0-9cc8-11d0-a599-00c04fd64437}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\ContextMenuHandlers\{f3da0dc0-9cc8-11d0-a599-00c04fd64437}@
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\IconHandler
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\IconHandler@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\PropertySheetHandlers\{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\PropertySheetHandlers\{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}@
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{000214EE-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{000214EE-0000-0000-C000-000000000046}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{00021500-0000-0000-C000-000000000046}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{D4029EC0-0920-11d1-9A0B-00C04FC2D6C1}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellEx\{D4029EC0-0920-11d1-9A0B-00C04FC2D6C1}@ {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellFolder
Reg HKLM\SOFTWARE\Classes\ChannelShortcut\ShellFolder@Attributes 0xA0 0x01 0x00 0xA0
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr@ ColorBvr Class
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr\CurVer@ ColorBvr.ColorBvr.1
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr.1@ ColorBvr Class
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr.1\CLSID@ {3845A174-EB30-11D1-9A23-00A0C879FE5F}
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory@ Cr Behavior Factory
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory\CurVer
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory\CurVer@ CR.CrBehaviorFactory.1
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory.1@ Cr Behavior Factory
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory.1\CLSID@ {754FF233-5D4E-11d2-875B-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray\CLSID@ {D17506C3-6B26-11D0-8914-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray.1\CLSID@ {D17506C3-6B26-11D0-8914-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2\CLSID@ {C46C1BCE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2.1\CLSID@ {C46C1BCE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3\CLSID@ {C46C1BDE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3.1\CLSID@ {C46C1BDE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior\CLSID@ {283807B8-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior.1\CLSID@ {283807B8-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean\CLSID@ {C46C1BC1-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean.1\CLSID@ {C46C1BC1-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera\CLSID@ {C46C1BE2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera.1\CLSID@ {C46C1BE2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor\CLSID@ {C46C1BC6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor.1\CLSID@ {C46C1BC6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle\CLSID@ {C46C1BF0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle.1\CLSID@ {C46C1BF0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle\CLSID@ {C46C1BEC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle.1\CLSID@ {C46C1BEC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent\CLSID@ {50B4791F-4731-11D0-8912-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent.1\CLSID@ {50B4791F-4731-11D0-8912-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle\CLSID@ {25B0F91C-D23D-11D0-9B85-00C04FC2F51D}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle.1\CLSID@ {25B0F91C-D23D-11D0-9B85-00C04FC2F51D}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry\CLSID@ {C46C1BE0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry.1\CLSID@ {C46C1BE0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage\CLSID@ {C46C1BD4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage.1\CLSID@ {C46C1BD4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle\CLSID@ {C46C1BEE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle.1\CLSID@ {C46C1BEE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle\CLSID@ {C46C1BF2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle.1\CLSID@ {C46C1BF2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte\CLSID@ {C46C1BD2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte.1\CLSID@ {C46C1BD2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone\CLSID@ {C46C1BE6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone.1\CLSID@ {C46C1BE6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage\CLSID@ {C46C1BD6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage.1\CLSID@ {C46C1BD6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber\CLSID@ {9CDE7341-3C20-11D0-A330-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber.1\CLSID@ {9CDE7341-3C20-11D0-A330-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair\CLSID@ {C46C1BF4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair.1\CLSID@ {C46C1BF4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2\CLSID@ {C46C1BD0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2.1\CLSID@ {C46C1BD0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2\CLSID@ {C46C1BC8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2.1\CLSID@ {C46C1BC8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3\CLSID@ {C46C1BD8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3.1\CLSID@ {C46C1BD8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound\CLSID@ {C46C1BE4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound.1\CLSID@ {C46C1BE4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics\CLSID@ {542FB453-5003-11CF-92A2-00AA00B8A733}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics.1\CLSID@ {542FB453-5003-11CF-92A2-00AA00B8A733}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString\CLSID@ {C46C1BC4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString.1\CLSID@ {C46C1BC4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2\CLSID@ {C46C1BCC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2.1\CLSID@ {C46C1BCC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3\CLSID@ {C46C1BDC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3.1\CLSID@ {C46C1BDC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple\CLSID@ {5DFB2651-9668-11D0-B17B-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple.1\CLSID@ {5DFB2651-9668-11D0-B17B-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData\CLSID@ {AF868304-AB0B-11D0-876A-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData.1\CLSID@ {AF868304-AB0B-11D0-876A-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2\CLSID@ {C46C1BCA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2.1\CLSID@ {C46C1BCA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3\CLSID@ {C46C1BDA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3.1\CLSID@ {C46C1BDA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView\CLSID@ {283807B5-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView.1\CLSID@ {283807B5-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl@ Microsoft DirectAnimation Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl\CurVer
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl\CurVer@ DirectAnimation.DirectAnimationIntegratedMediaControl.1
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl.1@ Microsoft DirectAnimation Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl.1\CLSID@ {B6FFC24C-7E13-11D0-9B47-00C04FC2F51D}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl@ Microsoft DirectAnimation Windowed Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl\CurVer
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl\CurVer@ DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1@ Microsoft DirectAnimation Windowed Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1\CLSID@ {69AD90EF-1C20-11d1-8801-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.PathControl@ Microsoft DirectAnimation Path
Reg HKLM\SOFTWARE\Classes\DirectAnimation.PathControl\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.PathControl\CLSID@ {D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.Sequence@ Microsoft DirectAnimation Sequence
Reg HKLM\SOFTWARE\Classes\DirectAnimation.Sequence\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.Sequence\CLSID@ {4F241DB1-EE9F-11D0-9824-006097C99E51}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.SequencerControl@ Microsoft DirectAnimation Sequencer
Reg HKLM\SOFTWARE\Classes\DirectAnimation.SequencerControl\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.SequencerControl\CLSID@ {B0A6BAE2-AAF0-11D0-A152-00A0C908DB96}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.SpriteControl@ Microsoft DirectAnimation Sprite
Reg HKLM\SOFTWARE\Classes\DirectAnimation.SpriteControl\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.SpriteControl\CLSID@ {FD179533-D86E-11D0-89D6-00A0C90833E6}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.StructuredGraphicsControl@ Microsoft DirectAnimation Structured Graphics
Reg HKLM\SOFTWARE\Classes\DirectAnimation.StructuredGraphicsControl\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.StructuredGraphicsControl\CLSID@ {369303C2-D7AC-11D0-89D5-00A0C90833E6}
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer@ DirectContainer Class
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer\CLSID
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer\CLSID@ {39A2C2A9-4778-11D2-9BDB-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer\CurVer
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer\CurVer@ DirectFrame.DirectContainer.1
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer.1@ DirectContainer Class
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer.1\CLSID@ {39A2C2A9-4778-11D2-9BDB-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl@ DirectControl Class
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl\CLSID
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl\CLSID@ {39A2C2A6-4778-11D2-9BDB-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl\CurVer
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl\CurVer@ DirectFrame.DirectControl.1
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl.1@ DirectControl Class
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl.1\CLSID@ {39A2C2A6-4778-11D2-9BDB-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView@ RadioView Class
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView\CLSID
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView\CLSID@ {847B4DF5-4B61-11D2-9BDB-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView\CurVer
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView\CurVer@ DirectFrame.RadioView.1
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView.1@ RadioView Class
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView.1\CLSID@ {847B4DF5-4B61-11D2-9BDB-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\DSDisplayPanel.DSDisplayPanel@ DSDisplayPanel Class
Reg HKLM\SOFTWARE\Classes\DSDisplayPanel.DSDisplayPanel\CurVer
Reg HKLM\SOFTWARE\Classes\DSDisplayPanel.DSDisplayPanel\CurVer@ DSDisplayPanel.DSDisplayPanel.1
Reg HKLM\SOFTWARE\Classes\DSDisplayPanel.DSDisplayPanel.1@ DSDisplayPanel Class
Reg HKLM\SOFTWARE\Classes\DSDisplayPanel.DSDisplayPanel.1\CLSID
Reg HKLM\SOFTWARE\Classes\DSDisplayPanel.DSDisplayPanel.1\CLSID@ {49FC0185-4B32-11d1-A40E-00600831F336}
Reg HKLM\SOFTWARE\Classes\DSStatusBar.DSStatusBar@ DSStatusBar Class
Reg HKLM\SOFTWARE\Classes\DSStatusBar.DSStatusBar\CurVer
Reg HKLM\SOFTWARE\Classes\DSStatusBar.DSStatusBar\CurVer@ DSStatusBar.DSStatusBar.1
Reg HKLM\SOFTWARE\Classes\DSStatusBar.DSStatusBar.1@ DSStatusBar Class
Reg HKLM\SOFTWARE\Classes\DSStatusBar.DSStatusBar.1\CLSID
Reg HKLM\SOFTWARE\Classes\DSStatusBar.DSStatusBar.1\CLSID@ {8A3F59E1-4994-11D1-A40D-00600831F336}
Reg HKLM\SOFTWARE\Classes\ECMAScript@ JScript Language
Reg HKLM\SOFTWARE\Classes\ECMAScript\CLSID
Reg HKLM\SOFTWARE\Classes\ECMAScript\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\ECMAScript\OLEScript
Reg HKLM\SOFTWARE\Classes\ECMAScript Author@ JScript Language Authoring
Reg HKLM\SOFTWARE\Classes\ECMAScript Author\CLSID
Reg HKLM\SOFTWARE\Classes\ECMAScript Author\CLSID@ {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\ECMAScript Author\OLEScript
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr@ EffectBvr Class
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr\CurVer
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr\CurVer@ EffectBvr.EffectBvr.1
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr.1@ EffectBvr Class
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr.1\CLSID@ {54274112-7A5E-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\gotobar.gotobar@ gotobar Class
Reg HKLM\SOFTWARE\Classes\gotobar.gotobar\CurVer
Reg HKLM\SOFTWARE\Classes\gotobar.gotobar\CurVer@ gotobar.gotobar.1
Reg HKLM\SOFTWARE\Classes\gotobar.gotobar.1@ gotobar Class
Reg HKLM\SOFTWARE\Classes\gotobar.gotobar.1\CLSID
Reg HKLM\SOFTWARE\Classes\gotobar.gotobar.1\CLSID@ {9F4D2FA2-54A1-11d1-8267-00A0C91F9CA0}
Reg HKLM\SOFTWARE\Classes\HTML.HostEncode\CLSID
Reg HKLM\SOFTWARE\Classes\HTML.HostEncode\CLSID@ {0CF774D0-F077-11D1-B1BC-00C04F86C324}
Reg HKLM\SOFTWARE\Classes\JavaScript@ JScript Language
Reg HKLM\SOFTWARE\Classes\JavaScript\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript\OLEScript
Reg HKLM\SOFTWARE\Classes\JavaScript Author@ JScript Language Authoring
Reg HKLM\SOFTWARE\Classes\JavaScript Author\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript Author\CLSID@ {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript Author\OLEScript
Reg HKLM\SOFTWARE\Classes\JavaScript1.1@ JScript Language
Reg HKLM\SOFTWARE\Classes\JavaScript1.1\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript1.1\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript1.1\OLEScript
Reg HKLM\SOFTWARE\Classes\JavaScript1.1 Author@ JScript Language Authoring
Reg HKLM\SOFTWARE\Classes\JavaScript1.1 Author\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript1.1 Author\CLSID@ {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript1.1 Author\OLEScript
Reg HKLM\SOFTWARE\Classes\JavaScript1.2@ JScript Language
Reg HKLM\SOFTWARE\Classes\JavaScript1.2\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript1.2\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript1.2\OLEScript
Reg HKLM\SOFTWARE\Classes\JavaScript1.2 AuthorJavaScript1.3 Author@ JScript Language Authoring
Reg HKLM\SOFTWARE\Classes\JavaScript1.2 AuthorJavaScript1.3 Author\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript1.2 AuthorJavaScript1.3 Author\CLSID@ {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript1.2 AuthorJavaScript1.3 Author\OLEScript
Reg HKLM\SOFTWARE\Classes\JavaScript1.3@ JScript Language
Reg HKLM\SOFTWARE\Classes\JavaScript1.3\CLSID
Reg HKLM\SOFTWARE\Classes\JavaScript1.3\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JavaScript1.3\OLEScript
Reg HKLM\SOFTWARE\Classes\JScript@ JScript Language
Reg HKLM\SOFTWARE\Classes\JScript\CLSID
Reg HKLM\SOFTWARE\Classes\JScript\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JScript\OLEScript
Reg HKLM\SOFTWARE\Classes\JScript Author@ JScript Language Authoring
Reg HKLM\SOFTWARE\Classes\JScript Author\CLSID
Reg HKLM\SOFTWARE\Classes\JScript Author\CLSID@ {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JScript Author\OLEScript
Reg HKLM\SOFTWARE\Classes\JScript.Compact@ JScript Compact Profile (ECMA 327)
Reg HKLM\SOFTWARE\Classes\JScript.Compact\CLSID
Reg HKLM\SOFTWARE\Classes\JScript.Compact\CLSID@ {cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}
Reg HKLM\SOFTWARE\Classes\JScript.Compact\OLEScript
Reg HKLM\SOFTWARE\Classes\JScript.Compact Author@ JScript Language Authoring
Reg HKLM\SOFTWARE\Classes\JScript.Compact Author\CLSID
Reg HKLM\SOFTWARE\Classes\JScript.Compact Author\CLSID@ {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JScript.Compact Author\OLEScript
Reg HKLM\SOFTWARE\Classes\JScript.Encode@ JScript Language Encoding
Reg HKLM\SOFTWARE\Classes\JScript.Encode\CLSID
Reg HKLM\SOFTWARE\Classes\JScript.Encode\CLSID@ {f414c262-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\JScript.Encode\OLEScript
Reg HKLM\SOFTWARE\Classes\JSFile.HostEncode\CLSID
Reg HKLM\SOFTWARE\Classes\JSFile.HostEncode\CLSID@ {85131630-480C-11D2-B1F9-00C04F86C324}
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine@
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine\CLSID
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine\CLSID@ {C533ADF1-0C80-11D1-8C54-00A02468F316}
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine.1@
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine.1\CLSID
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine.1\CLSID@ {C533ADF1-0C80-11D1-8C54-00A02468F316}
Reg HKLM\SOFTWARE\Classes\LiveScript@ JScript Language
Reg HKLM\SOFTWARE\Classes\LiveScript\CLSID
Reg HKLM\SOFTWARE\Classes\LiveScript\CLSID@ {f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\LiveScript\OLEScript
Reg HKLM\SOFTWARE\Classes\LiveScript Author@ JScript Language Authoring
Reg HKLM\SOFTWARE\Classes\LiveScript Author\CLSID
Reg HKLM\SOFTWARE\Classes\LiveScript Author\CLSID@ {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
Reg HKLM\SOFTWARE\Classes\LiveScript Author\OLEScript
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr@ LM Auto Effect Behavior
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr\CurVer
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr\CurVer@ LM.AutoEffectBvr.1
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr.1@ LM Auto Effect Behavior
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr.1\CLSID@ {BB339A46-7C49-11d2-9BF3-00C04FA34789}
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory@ LM Behavior Factory
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory\CurVer
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory\CurVer@ LM.LMBehaviorFactory.1
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory.1@ LM Behavior Factory
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory.1\CLSID@ {B1549E58-3894-11D2-BB7F-00A0C999C4C1}
Reg HKLM\SOFTWARE\Classes\LM.LMReader@ LM Runtime Control
Reg HKLM\SOFTWARE\Classes\LM.LMReader\CurVer
Reg HKLM\SOFTWARE\Classes\LM.LMReader\CurVer@ LM.LMReader.1
Reg HKLM\SOFTWARE\Classes\LM.LMReader.1@ LM Runtime Control
Reg HKLM\SOFTWARE\Classes\LM.LMReader.1\CLSID
Reg HKLM\SOFTWARE\Classes\LM.LMReader.1\CLSID@ {183C259A-0480-11d1-87EA-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\MediaPlayer.MediaPlayer@ Windows Media Player
Reg HKLM\SOFTWARE\Classes\MediaPlayer.MediaPlayer\CurVer
Reg HKLM\SOFTWARE\Classes\MediaPlayer.MediaPlayer\CurVer@ MediaPlayer.MediaPlayer.1
Reg HKLM\SOFTWARE\Classes\MediaPlayer.MediaPlayer.1@ Windows Media Player
Reg HKLM\SOFTWARE\Classes\MediaPlayer.MediaPlayer.1@EditFlags 65536
Reg HKLM\SOFTWARE\Classes\MediaPlayer.MediaPlayer.1\CLSID
Reg HKLM\SOFTWARE\Classes\MediaPlayer.MediaPlayer.1\CLSID@ {22D6F312-B0F6-11D0-94AB-0080C74C7E95}
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand@ RadioBand Class
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand\CLSID
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand\CLSID@ {8E718888-423F-11D2-876E-00A0C9082467}
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand\CurVer
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand\CurVer@ Mmedia.RadioBand.1
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand.1@ RadioBand Class
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand.1\CLSID
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand.1\CLSID@ {8E718888-423F-11D2-876E-00A0C9082467}
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer@ RadioPlayer Class
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer\CLSID
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer\CLSID@ {9C2263B0-3E3C-11D2-9BD3-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer\CurVer
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer\CurVer@ Mmedia.RadioPlayer.1
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer.1@ RadioPlayer Class
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer.1\CLSID
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer.1\CLSID@ {9C2263B0-3E3C-11D2-9BD3-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer@ RadioServer Class
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer\CLSID
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer\CLSID@ {8E71888A-423F-11D2-876E-00A0C9082467}
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer\CurVer
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer\CurVer@ Mmedia.RadioServer.1
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer.1@ RadioServer Class
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer.1\CLSID
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer.1\CLSID@ {8E71888A-423F-11D2-876E-00A0C9082467}
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr@ MoveBvr Class
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr\CurVer
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr\CurVer@ MoveBvr.MoveBvr.1
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr.1@ MoveBvr Class
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr.1\CLSID@ {C5B86F32-69EE-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\NSPlay.NSPlayCtl@ Microsoft NetShow Player
Reg HKLM\SOFTWARE\Classes\NSPlay.NSPlayCtl\CurVer
Reg HKLM\SOFTWARE\Classes\NSPlay.NSPlayCtl\CurVer@ NSPlay.NSPlayCtl.1
Reg HKLM\SOFTWARE\Classes\NSPlay.NSPlayCtl.1@ Microsoft NetShow Player
Reg HKLM\SOFTWARE\Classes\NSPlay.NSPlayCtl.1@EditFlags 65536
Reg HKLM\SOFTWARE\Classes\NSPlay.NSPlayCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\NSPlay.NSPlayCtl.1\CLSID@ {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr@ NumberBvr Class
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr\CurVer
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr\CurVer@ NumberBvr.NumberBvr.1
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr.1@ NumberBvr Class
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr.1\CLSID@ {ECDB03D2-6E99-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr@ PathBvr Class
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr\CurVer
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr\CurVer@ PathBvr.PathBvr.1
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr.1@ PathBvr Class
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr.1\CLSID@ {80F49562-6A9A-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\ppDSApp.ppDSApp@ ppDSApp Class
Reg HKLM\SOFTWARE\Classes\ppDSApp.ppDSApp\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSApp.ppDSApp\CurVer@ ppDSApp.ppDSApp.1
Reg HKLM\SOFTWARE\Classes\ppDSApp.ppDSApp.1@ ppDSApp Class
Reg HKLM\SOFTWARE\Classes\ppDSApp.ppDSApp.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSApp.ppDSApp.1\CLSID@ {2AFA62E2-5548-11D1-A6E1-006097C4E476}
Reg HKLM\SOFTWARE\Classes\ppDSClip.ppDSClip@ ppDSClip Class
Reg HKLM\SOFTWARE\Classes\ppDSClip.ppDSClip\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSClip.ppDSClip\CurVer@ ppDSClip.ppDSClip.1
Reg HKLM\SOFTWARE\Classes\ppDSClip.ppDSClip.1@ ppDSClip Class
Reg HKLM\SOFTWARE\Classes\ppDSClip.ppDSClip.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSClip.ppDSClip.1\CLSID@ {31C48C31-70B0-11d1-A708-006097C4E476}
Reg HKLM\SOFTWARE\Classes\ppDSDetl.ppDSDetl@ ppDSDetl Class
Reg HKLM\SOFTWARE\Classes\ppDSDetl.ppDSDetl\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSDetl.ppDSDetl\CurVer@ ppDSDetl.ppDSDetl.1
Reg HKLM\SOFTWARE\Classes\ppDSDetl.ppDSDetl.1@ ppDSDetl Class
Reg HKLM\SOFTWARE\Classes\ppDSDetl.ppDSDetl.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSDetl.ppDSDetl.1\CLSID@ {31C48C32-70B0-11d1-A708-006097C4E476}
Reg HKLM\SOFTWARE\Classes\ppDSFile.ppDSFile@ ppDSFile Class
Reg HKLM\SOFTWARE\Classes\ppDSFile.ppDSFile\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSFile.ppDSFile\CurVer@ ppDSFile.ppDSFile.1
Reg HKLM\SOFTWARE\Classes\ppDSFile.ppDSFile.1@ ppDSFile Class
Reg HKLM\SOFTWARE\Classes\ppDSFile.ppDSFile.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSFile.ppDSFile.1\CLSID@ {1D1237A0-6CD6-11d2-96BA-00104B242E64}
Reg HKLM\SOFTWARE\Classes\ppDShowNet.ppDShowNet@ ppDShowNet Class
Reg HKLM\SOFTWARE\Classes\ppDShowNet.ppDShowNet\CurVer
Reg HKLM\SOFTWARE\Classes\ppDShowNet.ppDShowNet\CurVer@ ppDShowNet.ppDShowNet.1
Reg HKLM\SOFTWARE\Classes\ppDShowNet.ppDShowNet.1@ ppDShowNet Class
Reg HKLM\SOFTWARE\Classes\ppDShowNet.ppDShowNet.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDShowNet.ppDShowNet.1\CLSID@ {5C85DCB0-F967-11D0-81ED-00C04FC99D4C}
Reg HKLM\SOFTWARE\Classes\ppDShowPlay.ppDShowPlay@ ppDShowPlay Class
Reg HKLM\SOFTWARE\Classes\ppDShowPlay.ppDShowPlay\CurVer
Reg HKLM\SOFTWARE\Classes\ppDShowPlay.ppDShowPlay\CurVer@ ppDShowPlay.ppDShowPlay.1
Reg HKLM\SOFTWARE\Classes\ppDShowPlay.ppDShowPlay.1@ ppDShowPlay Class
Reg HKLM\SOFTWARE\Classes\ppDShowPlay.ppDShowPlay.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDShowPlay.ppDShowPlay.1\CLSID@ {C0CD59AE-020D-11d1-81F2-00C04FC99D4C}
Reg HKLM\SOFTWARE\Classes\ppDSMeta.ppDSMeta@ ppDSMeta Class
Reg HKLM\SOFTWARE\Classes\ppDSMeta.ppDSMeta\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSMeta.ppDSMeta\CurVer@ ppDSMeta.ppDSMeta.1
Reg HKLM\SOFTWARE\Classes\ppDSMeta.ppDSMeta.1@ ppDSMeta Class
Reg HKLM\SOFTWARE\Classes\ppDSMeta.ppDSMeta.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSMeta.ppDSMeta.1\CLSID@ {BB314F91-A010-11d1-A75A-006097C4E476}
Reg HKLM\SOFTWARE\Classes\ppDSOAdv.ppDSOAdv@ ppDSOAdv Class
Reg HKLM\SOFTWARE\Classes\ppDSOAdv.ppDSOAdv\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSOAdv.ppDSOAdv\CurVer@ ppDSOAdv.ppDSOAdv.1
Reg HKLM\SOFTWARE\Classes\ppDSOAdv.ppDSOAdv.1@ ppDSOAdv Class
Reg HKLM\SOFTWARE\Classes\ppDSOAdv.ppDSOAdv.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSOAdv.ppDSOAdv.1\CLSID@ {AE1A5813-5230-11D1-A6E0-006097C4E476}
Reg HKLM\SOFTWARE\Classes\ppDSPropAdv.ppDSPropAdv@ ppDSPropAdv Class
Reg HKLM\SOFTWARE\Classes\ppDSPropAdv.ppDSPropAdv\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSPropAdv.ppDSPropAdv\CurVer@ ppDSPropAdv.ppDSPropAdv.1
Reg HKLM\SOFTWARE\Classes\ppDSPropAdv.ppDSPropAdv.1@ ppDSPropAdv Class
Reg HKLM\SOFTWARE\Classes\ppDSPropAdv.ppDSPropAdv.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSPropAdv.ppDSPropAdv.1\CLSID@ {8C4EB103-516F-11D1-A6DF-006097C4E476}
Reg HKLM\SOFTWARE\Classes\ppDSView.ppDSView@ ppDSView Class
Reg HKLM\SOFTWARE\Classes\ppDSView.ppDSView\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSView.ppDSView\CurVer@ ppDSView.ppDSView.1
Reg HKLM\SOFTWARE\Classes\ppDSView.ppDSView.1@ ppDSView Class
Reg HKLM\SOFTWARE\Classes\ppDSView.ppDSView.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSView.ppDSView.1\CLSID@ {AE1A5812-5230-11D1-A6E0-006097C4E476}
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr@ RotateBvr Class
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr\CurVer
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr\CurVer@ RotateBvr.RotateBvr.1
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr.1@ RotateBvr Class
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr.1\CLSID@ {027713F2-5FA8-11d2-875B-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr@ ScaleBvr Class
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr\CurVer@ ScaleBvr.ScaleBvr.1
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr.1@ ScaleBvr Class
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr.1\CLSID@ {E80353D3-677D-11d2-875E-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\Scripting.Dictionary@ Scripting.Dictionary
Reg HKLM\SOFTWARE\Classes\Scripting.Dictionary\CLSID
Reg HKLM\SOFTWARE\Classes\Scripting.Dictionary\CLSID@ {EE09B103-97E0-11CF-978F-00A02463E06F}
Reg HKLM\SOFTWARE\Classes\Scripting.Encoder@ Script Encoder Object
Reg HKLM\SOFTWARE\Classes\Scripting.Encoder\CLSID
Reg HKLM\SOFTWARE\Classes\Scripting.Encoder\CLSID@ {32DA2B15-CFED-11D1-B747-00C04FC2B085}
Reg HKLM\SOFTWARE\Classes\Scripting.FileSystemObject@ FileSystem Object
Reg HKLM\SOFTWARE\Classes\Scripting.FileSystemObject\CLSID
Reg HKLM\SOFTWARE\Classes\Scripting.FileSystemObject\CLSID@ {0D43FE01-F093-11CF-8940-00A0C9054228}
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr@ SetBvr Class
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr\CurVer
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr\CurVer@ SetBvr.SetBvr.1
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr.1@ SetBvr Class
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr.1\CLSID@ {BA60F742-6F72-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory@
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory\CLSID
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory\CLSID@ {33FDA1EA-80DF-11D2-B263-00A0C90D6111}
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory.1@
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\TIME.MMFactory.1\CLSID@ {33FDA1EA-80DF-11D2-B263-00A0C90D6111}
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory@
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory\CLSID
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory\CLSID@ {476C391C-3E0D-11D2-B948-00C04FA32195}
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory.1@
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\TIME.TIMEFactory.1\CLSID@ {476C391C-3E0D-11D2-B948-00C04FA32195}
Reg HKLM\SOFTWARE\Classes\VBSFile.HostEncode\CLSID
Reg HKLM\SOFTWARE\Classes\VBSFile.HostEncode\CLSID@ {85131631-480C-11D2-B1F9-00C04F86C324}

---- EOF - GMER 1.0.15 ----

#7 azarl

Group: GeekU Moderator
Posts: 15,492
Joined: 07-April 08

Posted 07 September 2010 - 02:18 AM

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#8 Canary

Group: Member
Posts: 130
Joined: 01-September 10

Posted 07 September 2010 - 02:33 AM

Here's the log. No problams found.

Thanks.

2010/09/07 09:32:13.0687 TDSS rootkit removing tool 2.4.2.0 Sep 3 2010 10:26:06
2010/09/07 09:32:13.0687 ================================================================================
2010/09/07 09:32:13.0687 SystemInfo:
2010/09/07 09:32:13.0687
2010/09/07 09:32:13.0687 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/07 09:32:13.0687 Product type: Workstation
2010/09/07 09:32:13.0687 ComputerName: LAPTOP
2010/09/07 09:32:13.0687 UserName: Adam
2010/09/07 09:32:13.0687 Windows directory: C:\WINDOWS
2010/09/07 09:32:13.0687 System windows directory: C:\WINDOWS
2010/09/07 09:32:13.0687 Processor architecture: Intel x86
2010/09/07 09:32:13.0687 Number of processors: 2
2010/09/07 09:32:13.0687 Page size: 0x1000
2010/09/07 09:32:13.0687 Boot type: Normal boot
2010/09/07 09:32:13.0687 ================================================================================
2010/09/07 09:32:14.0421 Initialize success
2010/09/07 09:32:25.0546 ================================================================================
2010/09/07 09:32:25.0546 Scan started
2010/09/07 09:32:25.0546 Mode: Manual;
2010/09/07 09:32:25.0546 ================================================================================
2010/09/07 09:32:26.0093 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/07 09:32:26.0171 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/07 09:32:26.0359 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/07 09:32:26.0453 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/09/07 09:32:26.0578 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/07 09:32:26.0671 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/07 09:32:26.0984 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/07 09:32:27.0250 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/07 09:32:27.0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/07 09:32:27.0421 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/07 09:32:27.0546 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/07 09:32:27.0718 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/09/07 09:32:27.0796 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/09/07 09:32:27.0921 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/09/07 09:32:28.0031 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/09/07 09:32:28.0187 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2010/09/07 09:32:28.0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/07 09:32:28.0421 BELKIN (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
2010/09/07 09:32:28.0484 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
2010/09/07 09:32:28.0609 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/07 09:32:28.0703 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/07 09:32:28.0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/07 09:32:28.0859 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/07 09:32:28.0921 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/07 09:32:29.0093 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/07 09:32:29.0187 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/07 09:32:29.0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/07 09:32:29.0468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/07 09:32:29.0609 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/07 09:32:29.0703 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/07 09:32:29.0765 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/07 09:32:29.0937 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/07 09:32:30.0031 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/09/07 09:32:30.0125 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/09/07 09:32:30.0171 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/07 09:32:30.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/07 09:32:30.0359 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/07 09:32:30.0421 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/07 09:32:30.0546 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/07 09:32:30.0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/07 09:32:30.0703 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/07 09:32:30.0796 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/07 09:32:30.0843 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/07 09:32:30.0953 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/07 09:32:31.0140 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/07 09:32:31.0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/07 09:32:31.0375 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/07 09:32:31.0453 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/07 09:32:31.0515 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/07 09:32:31.0578 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/07 09:32:31.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/07 09:32:31.0750 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/07 09:32:31.0828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/07 09:32:31.0937 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/07 09:32:32.0015 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/07 09:32:32.0109 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/07 09:32:32.0171 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/07 09:32:32.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/07 09:32:32.0312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/07 09:32:32.0468 MDC8021X (f12d725eec3f7ed8e8c554c48bb2ba2e) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2010/09/07 09:32:32.0578 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/07 09:32:32.0656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/07 09:32:32.0734 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/07 09:32:32.0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/07 09:32:32.0890 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/07 09:32:33.0015 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/07 09:32:33.0109 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/07 09:32:33.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/07 09:32:33.0312 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
2010/09/07 09:32:33.0421 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/07 09:32:33.0500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/07 09:32:33.0578 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/07 09:32:33.0656 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/07 09:32:33.0750 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/07 09:32:33.0828 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/07 09:32:33.0968 NBXG7031 (766038d9d88948b8f2a96dce63734643) C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
2010/09/07 09:32:34.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/07 09:32:34.0406 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/07 09:32:34.0625 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/07 09:32:34.0687 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/07 09:32:34.0781 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/07 09:32:34.0843 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/07 09:32:34.0890 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/07 09:32:34.0921 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/07 09:32:35.0031 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/07 09:32:35.0171 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/09/07 09:32:35.0281 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/09/07 09:32:35.0390 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/07 09:32:35.0468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/07 09:32:35.0593 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/07 09:32:35.0781 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/07 09:32:35.0937 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/07 09:32:36.0015 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/07 09:32:36.0125 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/07 09:32:36.0250 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/09/07 09:32:36.0343 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/07 09:32:36.0390 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/07 09:32:36.0468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/07 09:32:36.0546 pavboot (210a628a0d7b3f45257850efbff27538) C:\WINDOWS\system32\drivers\pavboot.sys
2010/09/07 09:32:36.0640 PCANDIS5 (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\WINDOWS\system32\PCANDIS5.SYS
2010/09/07 09:32:36.0937 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/09/07 09:32:37.0015 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/07 09:32:37.0140 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/07 09:32:37.0203 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/07 09:32:37.0406 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/07 09:32:37.0484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/07 09:32:37.0593 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/07 09:32:37.0687 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/07 09:32:37.0859 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/07 09:32:37.0937 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/07 09:32:38.0000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/07 09:32:38.0093 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/07 09:32:38.0156 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/07 09:32:38.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/07 09:32:38.0328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/07 09:32:38.0421 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/07 09:32:38.0562 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
2010/09/07 09:32:38.0781 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/07 09:32:38.0796 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/09/07 09:32:38.0843 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/09/07 09:32:38.0937 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/07 09:32:39.0078 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/07 09:32:39.0171 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/07 09:32:39.0281 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/07 09:32:39.0437 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/07 09:32:39.0562 SQTECH905C (334b7b4378a715427d640dae7ccecb09) C:\WINDOWS\system32\Drivers\Capt905c.sys
2010/09/07 09:32:39.0656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/07 09:32:39.0750 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/07 09:32:39.0812 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/09/07 09:32:39.0875 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/09/07 09:32:39.0968 STAC97 (ae4797a1fc117c1d28a4ed80be42f734) C:\WINDOWS\system32\drivers\stac97.sys
2010/09/07 09:32:40.0140 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/07 09:32:40.0218 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/07 09:32:40.0296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/07 09:32:40.0468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/07 09:32:40.0578 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/07 09:32:40.0687 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/07 09:32:40.0796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/07 09:32:40.0875 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/07 09:32:41.0000 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/09/07 09:32:41.0109 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/09/07 09:32:41.0171 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/09/07 09:32:41.0218 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
2010/09/07 09:32:41.0265 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/09/07 09:32:41.0343 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/09/07 09:32:41.0406 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/09/07 09:32:41.0515 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/09/07 09:32:41.0578 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/09/07 09:32:41.0687 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/07 09:32:41.0843 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/07 09:32:41.0953 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/09/07 09:32:42.0093 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/07 09:32:42.0203 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/07 09:32:42.0312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/07 09:32:42.0375 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/07 09:32:42.0484 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/07 09:32:42.0562 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/07 09:32:42.0671 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/09/07 09:32:42.0796 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/09/07 09:32:42.0890 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/07 09:32:42.0984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/07 09:32:43.0109 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/07 09:32:43.0234 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/07 09:32:43.0312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/07 09:32:43.0406 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/07 09:32:43.0531 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/07 09:32:43.0750 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/07 09:32:43.0859 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/07 09:32:43.0953 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/07 09:32:44.0015 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/07 09:32:44.0125 ================================================================================
2010/09/07 09:32:44.0125 Scan finished
2010/09/07 09:32:44.0125 ================================================================================

#9 azarl

Group: GeekU Moderator
Posts: 15,492
Joined: 07-April 08

Posted 07 September 2010 - 02:43 AM

That's good

Run OTL again please

Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.exe
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
%USERPROFILE%\Templates\*.tmp
%SYSTEMDRIVE%\explorexxx.exe\*.*
%Windir%\Installer\*.tmp
%systemroot%\System32\*.xco
%ProgramFiles%\system32\*.*
%systemroot%\System32\windos\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

#10 Canary

Group: Member
Posts: 130
Joined: 01-September 10

Posted 07 September 2010 - 03:23 AM

Hi again.

I ran this scan twice, but each time it saved only one log. There was no Extras.Txt.

Thanks.

OTL logfile created on: 07/09/2010 10:06:52 - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Adam\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 202.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 6.75 Gb Free Space | 18.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adam\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Adam\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (a2free) -- c:\program files\a-squared free\a2service.exe (Emsi Software GmbH)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (Ad-Watch Connect Filter) -- C:\WINDOWS\System32\drivers\NSDriver.sys File not found
DRV - (adiusbaw) -- C:\WINDOWS\System32\DRIVERS\adiusbaw.sys File not found
DRV - (ADILOADER) General Purpose USB Driver (adildr.sys) -- C:\WINDOWS\System32\Drivers\adildr.sys File not found
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BELKIN) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (NBXG7031) -- C:\WINDOWS\system32\drivers\WlanUIG.sys (Conexant Systems, Inc.)
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thehunger....faces?siteId=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/07/20 23:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/12 22:25:23 | 000,000,000 | ---D | M]

[2009/11/02 01:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Mozilla\Extensions
[2009/11/02 01:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/09/06 18:50:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} https://internetbank...frontdoorFD.cab (first direct internet banking plus digital safe)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-30.cab (EPUImageControl Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by124w.bay124...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety....lscbase3401.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1122373160281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://systemrequire...etect_intel.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.zumyn.com...geUploader4.cab (Image Uploader Control)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/23 14:59:27 | 000,148,084 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2005/08/23 14:59:27 | 000,064,632 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2005/06/22 14:20:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error starting restore point: 3
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/09/07 09:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\tdsskiller
[2010/09/06 18:34:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/06 18:29:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/06 18:29:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/06 18:29:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/06 18:29:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/06 18:27:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/03 00:57:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Adam\Recent
[2010/09/02 19:13:07 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\OTL.exe
[2010/09/02 09:44:22 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/09/02 09:44:16 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010/09/02 09:43:48 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010/09/02 09:43:37 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010/09/02 09:42:54 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010/09/02 09:42:49 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010/09/02 09:42:35 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010/09/02 09:42:05 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010/09/02 09:41:46 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010/09/02 09:41:40 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010/09/02 09:41:35 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010/09/02 09:41:28 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010/09/02 09:41:22 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010/09/02 09:41:15 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010/09/02 09:41:09 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010/09/02 09:40:47 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010/09/02 09:40:21 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010/09/02 09:40:14 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010/09/02 09:40:07 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010/09/02 09:40:01 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010/09/02 09:39:30 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/09/02 09:39:05 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010/09/02 09:38:59 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010/09/02 09:38:21 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010/09/02 09:38:15 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010/09/02 09:38:10 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010/09/02 09:38:04 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010/09/02 09:37:59 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010/09/02 09:37:52 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010/09/02 09:37:02 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010/09/02 09:36:53 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010/09/02 09:36:46 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010/09/02 09:36:45 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010/09/02 09:36:39 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010/09/02 09:36:33 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010/09/02 09:36:15 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010/09/02 09:36:10 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010/09/02 09:34:56 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010/09/02 09:34:48 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010/09/02 09:34:45 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010/09/02 09:34:39 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010/09/02 09:34:32 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010/09/02 09:33:59 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010/09/02 09:33:11 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010/09/02 09:33:04 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010/09/02 09:32:59 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010/09/02 09:32:53 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010/09/02 09:32:48 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010/09/02 09:31:56 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010/09/02 09:31:51 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010/09/02 09:31:45 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010/09/02 09:31:32 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010/09/02 09:30:37 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010/09/02 09:30:29 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010/09/02 09:30:18 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010/09/02 09:30:15 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010/09/02 09:29:37 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010/09/02 09:29:27 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010/09/02 09:29:22 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010/09/02 09:28:59 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010/09/02 09:28:54 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010/09/02 09:28:49 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010/09/02 09:28:44 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010/09/02 09:28:40 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010/09/02 09:28:35 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010/09/02 09:28:30 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010/09/02 09:28:25 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010/09/02 09:28:21 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010/09/02 09:28:11 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010/09/02 09:28:06 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010/09/02 09:28:04 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/09/02 09:28:02 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/09/02 09:27:59 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2010/09/02 09:27:54 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2010/09/02 09:27:40 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010/09/02 09:27:31 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010/09/02 09:27:24 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010/09/02 09:27:16 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010/09/02 09:26:58 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010/09/02 09:26:53 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010/09/02 09:26:10 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010/09/02 09:26:05 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010/09/02 09:26:00 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010/09/02 09:25:42 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010/09/02 09:24:28 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2010/09/02 09:24:24 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010/09/02 09:24:05 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010/09/02 09:24:03 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010/09/02 09:23:59 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010/09/02 09:22:59 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010/09/02 09:22:55 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010/09/02 09:22:50 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010/09/02 09:22:44 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010/09/02 09:22:13 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010/09/02 09:21:55 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010/09/02 09:21:51 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010/09/02 09:21:45 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2010/09/02 09:21:44 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010/09/02 09:21:32 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010/09/02 09:21:28 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010/09/02 09:21:16 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010/09/02 09:21:12 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010/09/02 09:21:08 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010/09/02 09:21:03 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010/09/02 09:20:59 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010/09/02 09:20:54 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010/09/02 09:20:41 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010/09/02 09:20:34 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010/09/02 09:20:31 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010/09/02 09:20:24 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010/09/02 09:20:20 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010/09/02 09:20:14 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2010/09/02 09:19:06 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010/09/02 09:18:17 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010/09/02 09:17:42 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010/09/02 09:17:40 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010/09/02 09:17:35 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010/09/02 09:17:32 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010/09/02 09:17:31 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010/09/02 09:17:25 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010/09/02 09:17:18 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010/09/02 09:17:14 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/09/02 09:17:10 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010/09/02 09:17:06 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010/09/02 09:16:58 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010/09/02 09:16:54 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010/09/02 09:16:03 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010/09/02 09:15:51 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2010/09/02 09:15:06 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010/09/02 09:12:11 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/09/02 09:11:57 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/09/02 09:11:19 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/09/02 09:11:16 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/09/02 09:11:13 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/09/02 09:10:51 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/09/02 09:10:33 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/09/02 09:10:27 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/09/02 09:10:23 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/09/02 09:10:18 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/09/02 09:10:16 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/09/02 09:10:14 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/09/02 09:09:53 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/09/02 09:09:47 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/09/02 09:09:44 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/09/02 09:09:05 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010/09/02 09:07:36 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/09/02 09:07:26 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/09/02 09:07:12 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/09/02 09:07:10 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/09/02 09:07:08 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/09/02 09:07:01 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/09/02 09:06:59 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/09/02 09:06:57 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/09/02 09:06:56 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/09/02 09:06:53 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/09/02 09:06:23 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/09/02 09:06:22 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/09/02 09:06:16 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/09/02 09:05:42 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/09/02 09:05:40 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/09/02 09:05:37 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/09/02 09:05:36 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/09/02 09:05:34 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/09/02 09:05:33 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/09/02 09:05:29 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/09/02 09:05:27 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/09/02 09:05:12 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/09/02 09:05:11 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010/09/02 09:04:57 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/09/02 09:04:47 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/09/02 09:04:39 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/09/02 09:04:38 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/09/02 09:04:37 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/09/02 09:04:36 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/09/02 09:04:35 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/09/02 09:04:33 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/09/02 09:04:32 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/09/02 09:04:31 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/09/02 09:04:29 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/09/02 09:04:25 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/09/02 09:04:24 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/09/02 09:03:41 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/09/02 09:03:39 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/09/02 09:03:37 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/09/02 09:03:36 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/09/02 09:03:35 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/09/02 09:03:35 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/09/02 09:03:34 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/09/02 09:03:33 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/09/02 09:03:28 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/09/02 09:03:28 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/09/02 09:03:27 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/09/02 09:03:26 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/09/02 09:03:26 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/09/02 09:03:25 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/09/02 09:03:21 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/09/02 09:03:19 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/09/02 09:03:19 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/09/02 09:03:18 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/09/02 09:03:10 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/09/02 09:03:06 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/09/02 09:03:05 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/09/02 09:03:04 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/09/02 09:03:03 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/09/02 09:03:01 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/09/02 09:02:56 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/09/02 09:02:55 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/09/02 09:02:21 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/09/02 09:02:20 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/09/02 09:02:15 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/09/02 08:47:14 | 000,000,000 | ---D | C] -- C:\I386
[2010/09/02 08:44:36 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/09/02 08:44:36 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/09/02 08:44:35 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/09/02 08:44:35 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/09/02 08:44:34 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/09/02 08:44:34 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/09/02 08:44:32 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/09/02 08:44:31 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/09/02 08:44:30 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/09/02 08:44:29 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/09/02 08:44:28 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/09/02 08:44:27 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/09/02 08:44:27 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/09/02 00:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\gmer
[2010/09/01 23:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Application Data\Malwarebytes
[2010/09/01 23:36:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/01 23:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/01 23:36:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/01 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/01 23:36:15 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adam\Desktop\mbam-setup.exe
[2010/09/01 23:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/01 23:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/01 23:32:29 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Adam\Desktop\erunt-setup.exe
[2010/09/01 23:27:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\TFC.exe
[2010/08/17 19:07:39 | 000,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/07/19 19:19:45 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

========== Files - Modified Within 90 Days ==========

[2010/09/07 10:00:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/07 09:31:03 | 001,188,006 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\tdsskiller.zip
[2010/09/07 00:20:02 | 064,370,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/07 00:13:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/07 00:13:45 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/07 00:13:07 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/07 00:12:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/07 00:12:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/06 19:35:23 | 000,000,296 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/06 19:24:50 | 000,174,080 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Doc1.doc
[2010/09/06 19:23:32 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\gmer.zip
[2010/09/06 18:50:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/06 18:47:55 | 013,893,632 | ---- | M] () -- C:\Documents and Settings\Adam\ntuser.dat
[2010/09/06 18:47:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Adam\ntuser.ini
[2010/09/06 18:34:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/06 18:08:43 | 003,839,076 | R--- | M] () -- C:\Documents and Settings\Adam\Desktop\ComboFix.exe
[2010/09/06 12:42:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/02 19:13:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\OTL.exe
[2010/09/02 08:59:16 | 000,017,130 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/09/02 08:59:16 | 000,017,130 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/09/02 08:58:51 | 000,003,725 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/01 23:36:57 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 23:36:15 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adam\Desktop\mbam-setup.exe
[2010/09/01 23:33:42 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\NTREGOPT.lnk
[2010/09/01 23:33:42 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\ERUNT.lnk
[2010/09/01 23:32:31 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Adam\Desktop\erunt-setup.exe
[2010/09/01 23:27:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\TFC.exe
[2010/09/01 22:53:13 | 000,234,482 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\screen.jpg
[2010/09/01 20:41:05 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\housecall.guid.cache
[2010/08/31 20:45:39 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/31 20:45:39 | 000,000,112 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/28 23:09:26 | 058,047,024 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Aerosmith Live at London o2 2010 - Sweet Emotion (HD).flv
[2010/08/17 19:07:39 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/08/09 22:16:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/09 22:16:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/19 19:19:50 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/19 19:19:45 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/19 19:18:02 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/02 12:10:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/28 23:32:48 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\CCP0610.doc
[2010/06/28 21:31:20 | 000,525,680 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/28 21:31:20 | 000,457,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/28 21:31:20 | 000,078,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/28 20:43:59 | 000,039,352 | ---- | M] () -- C:\Documents and Settings\Adam\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/15 13:57:31 | 000,180,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/09/07 09:30:47 | 001,188,006 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\tdsskiller.zip
[2010/09/06 19:24:50 | 000,174,080 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Doc1.doc
[2010/09/06 18:34:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/06 18:34:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/06 18:29:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/06 18:29:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/06 18:29:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/06 18:29:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/06 18:29:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/06 18:08:43 | 003,839,076 | R--- | C] () -- C:\Documents and Settings\Adam\Desktop\ComboFix.exe
[2010/09/02 09:44:15 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/09/02 09:44:06 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010/09/02 09:25:52 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/09/02 09:25:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/09/02 09:19:17 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/09/02 09:12:08 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/09/02 09:12:01 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/09/02 09:11:54 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/09/02 09:11:47 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/09/02 09:11:40 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/09/02 09:07:06 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/09/02 09:07:04 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/09/02 09:07:03 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/09/02 09:02:43 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/09/02 09:02:41 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/09/02 09:02:39 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/09/02 09:02:38 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/09/02 09:02:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/09/02 09:02:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/09/02 09:02:36 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/09/02 09:02:36 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/09/02 09:02:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/09/02 09:02:27 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/09/02 00:35:28 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\gmer.zip
[2010/09/01 23:36:57 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 23:33:42 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\NTREGOPT.lnk
[2010/09/01 23:33:42 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\ERUNT.lnk
[2010/09/01 22:53:13 | 000,234,482 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\screen.jpg
[2010/09/01 20:41:05 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\housecall.guid.cache
[2010/08/28 23:02:32 | 058,047,024 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Aerosmith Live at London o2 2010 - Sweet Emotion (HD).flv
[2010/07/29 09:05:27 | 000,667,718 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Image013.jpg
[2010/06/28 23:25:53 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\CCP0610.doc
[2010/01/10 18:09:54 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/01/10 18:09:54 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/01/10 18:09:54 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/01/10 18:09:54 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/07/20 19:06:10 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/04/20 14:44:55 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/20 14:44:55 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/20 14:44:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/04/20 14:44:53 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/04/20 14:44:53 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/12/18 22:39:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/23 00:03:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2006/04/06 12:23:33 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/04/06 12:23:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/12/14 11:21:11 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2005/12/14 11:21:11 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2005/10/15 20:24:43 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\fusioncache.dat
[2005/08/25 14:52:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/08/09 23:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 23:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/29 11:56:05 | 000,000,968 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2005/07/11 23:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/07/01 12:22:49 | 000,000,814 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/06/29 14:51:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/28 13:39:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2005/06/28 12:06:49 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/26 12:40:27 | 000,008,988 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/06/22 23:41:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2005/06/22 23:28:17 | 000,000,325 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/22 19:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/23 01:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

========== LOP Check ==========

[2006/04/23 21:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\.ABC
[2010/01/11 15:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\AnvSoft
[2010/01/11 16:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Azureus
[2009/08/30 14:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2005/11/14 23:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Cakewalk
[2010/08/08 00:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Canon
[2007/05/10 19:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\DataLayer
[2008/08/17 13:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Grisoft
[2007/05/03 19:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\iScreensaver
[2007/09/02 13:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Leadertech
[2009/11/02 01:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\LimeWire
[2009/08/27 21:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Nokia
[2009/08/27 20:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\PC Suite
[2006/03/09 22:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Template
[2010/03/22 20:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Trusteer
[2010/05/29 19:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Uniblue
[2005/06/28 10:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\WholeSecurity
[2007/02/03 20:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2010/02/16 23:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2005/11/14 23:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/01/18 21:16:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/08 00:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2009/02/06 17:49:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/02/11 00:42:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2009/01/18 21:25:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/08/08 00:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2009/06/09 13:51:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/01/18 21:26:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2008/05/03 12:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/08/17 13:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/08/25 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/06/07 11:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/08/25 23:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/08/27 21:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/08/25 23:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/17 20:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/22 20:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/10/29 12:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/08/23 14:59:27 | 000,148,084 | ---- | M] () -- C:\AUTO.pat
[2005/08/23 14:59:27 | 000,064,632 | ---- | M] () -- C:\AUTO.pst
[2005/06/22 14:20:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/31 20:45:39 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/06 18:34:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/06 19:40:08 | 000,020,759 | ---- | M] () -- C:\ComboFix.txt
[2005/06/22 14:20:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/06/22 14:20:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/06/22 14:20:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 15:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/19 19:04:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/07 00:12:42 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/09/01 18:54:07 | 000,011,315 | ---- | M] () -- C:\resetlog.txt
[2009/07/20 19:06:30 | 000,000,184 | ---- | M] () -- C:\setuplog.exe
[2006/11/20 23:15:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2006/11/21 00:08:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2006/11/21 22:08:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2006/11/21 22:20:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2006/12/20 21:28:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/11/19 20:04:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/12/23 22:35:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/01/17 21:39:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2006/11/20 23:15:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2006/11/21 00:08:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2006/11/21 22:08:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2006/11/21 22:20:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2006/12/20 21:28:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/11/19 20:04:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/12/23 22:35:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/01/17 21:39:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/09/07 09:33:28 | 000,042,588 | ---- | M] () -- C:\TDSSKiller.2.4.2.0_07.09.2010_09.32.13_log.txt

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/06/22 14:20:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/04/21 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9C.DLL
[2008/04/21 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9C.DLL
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2005/07/29 12:01:24 | 003,446,944 | ---- | M] () -- C:\WINDOWS\dolphin adoption.SCR
[2005/07/29 12:24:20 | 003,703,151 | ---- | M] () -- C:\WINDOWS\Panda adoption.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/02/21 14:11:02 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/06/22 15:06:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/06/22 15:06:48 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/06/22 15:06:48 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/19 19:18:15 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/06/22 14:45:20 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/06/22 14:45:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/06 18:08:43 | 003,839,076 | R--- | M] () -- C:\Documents and Settings\Adam\Desktop\ComboFix.exe
[2010/09/01 23:32:31 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Adam\Desktop\erunt-setup.exe
[2010/09/01 23:36:15 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adam\Desktop\mbam-setup.exe
[2010/09/02 19:13:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\OTL.exe
[2010/09/01 23:27:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2005/06/22 15:27:29 | 006,841,800 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Adam\My Documents\R86360.EXE

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/06/22 14:45:19 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Adam\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/02/13 14:20:30 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\ntuser.tmp.LOG

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/04/06 21:30:43 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Adam\Cookies\desktop.ini
[2010/09/07 10:02:56 | 000,131,072 | -HS- | M] () -- C:\Documents and Settings\Adam\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B088B85
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

#11 azarl

Group: GeekU Moderator
Posts: 15,492
Joined: 07-April 08

Posted 07 September 2010 - 05:36 AM

»Firstly..«
It looks like you have three Anti-viruses here: AVG, A-Squared and a damaged Norton install. You only want one or you'll get performance problems. I'd uninstall 2 of them.

If you have problems uninstalling Norton:

» Remove Norton «

Download Norton Removal Tool to your desktop
Double-click and run (Vista or Windows 7, right-click and select 'run as administrator)

»Next..«
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Processes 


:Services


:OTL
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

:Commands
[purity]
[emptytemp]

[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#12 Canary

Group: Member
Posts: 130
Joined: 01-September 10

Posted 11 September 2010 - 12:11 PM

Hello again!

Here's the latest OTL log.

Thanks.

OTL logfile created on: 11/09/2010 18:58:13 - Run 4
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Adam\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 105.00 Mb Available Physical Memory | 21.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 6.79 Gb Free Space | 18.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adam\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Adam\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (a2free) -- c:\program files\a-squared free\a2service.exe (Emsi Software GmbH)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (Ad-Watch Connect Filter) -- C:\WINDOWS\System32\drivers\NSDriver.sys File not found
DRV - (adiusbaw) -- C:\WINDOWS\System32\DRIVERS\adiusbaw.sys File not found
DRV - (ADILOADER) General Purpose USB Driver (adildr.sys) -- C:\WINDOWS\System32\Drivers\adildr.sys File not found
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BELKIN) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (NBXG7031) -- C:\WINDOWS\system32\drivers\WlanUIG.sys (Conexant Systems, Inc.)
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thehunger....faces?siteId=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/07/20 23:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/12 22:25:23 | 000,000,000 | ---D | M]

[2009/11/02 01:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Mozilla\Extensions
[2009/11/02 01:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/09/06 18:50:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} https://internetbank...frontdoorFD.cab (first direct internet banking plus digital safe)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-30.cab (EPUImageControl Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by124w.bay124...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety....lscbase3401.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1122373160281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://systemrequire...etect_intel.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.zumyn.com...geUploader4.cab (Image Uploader Control)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/23 14:59:27 | 000,148,084 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2005/08/23 14:59:27 | 000,064,632 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2005/06/22 14:20:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/11 18:51:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/11 18:50:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/11 18:40:16 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Adam\Desktop\Norton_Removal_Tool.exe
[2010/09/07 09:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\tdsskiller
[2010/09/06 18:34:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/06 18:29:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/06 18:29:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/06 18:29:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/06 18:29:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/06 18:27:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/03 00:57:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Adam\Recent
[2010/09/02 19:13:07 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\OTL.exe
[2010/09/02 09:44:22 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/09/02 09:44:16 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010/09/02 09:43:48 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010/09/02 09:43:37 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010/09/02 09:42:54 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010/09/02 09:42:49 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010/09/02 09:42:35 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010/09/02 09:42:05 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010/09/02 09:41:46 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010/09/02 09:41:40 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010/09/02 09:41:35 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010/09/02 09:41:28 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010/09/02 09:41:22 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010/09/02 09:41:15 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010/09/02 09:41:09 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010/09/02 09:40:47 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010/09/02 09:40:21 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010/09/02 09:40:14 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010/09/02 09:40:07 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010/09/02 09:40:01 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010/09/02 09:39:30 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/09/02 09:39:05 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010/09/02 09:38:59 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010/09/02 09:38:21 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010/09/02 09:38:15 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010/09/02 09:38:10 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010/09/02 09:38:04 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010/09/02 09:37:59 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010/09/02 09:37:52 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010/09/02 09:37:02 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010/09/02 09:36:53 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010/09/02 09:36:46 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010/09/02 09:36:45 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010/09/02 09:36:39 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010/09/02 09:36:33 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010/09/02 09:36:15 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010/09/02 09:36:10 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010/09/02 09:34:56 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010/09/02 09:34:48 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010/09/02 09:34:45 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010/09/02 09:34:39 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010/09/02 09:34:32 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010/09/02 09:33:59 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010/09/02 09:33:11 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010/09/02 09:33:04 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010/09/02 09:32:59 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010/09/02 09:32:53 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010/09/02 09:32:48 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010/09/02 09:31:56 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010/09/02 09:31:51 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010/09/02 09:31:45 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010/09/02 09:31:32 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010/09/02 09:30:37 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010/09/02 09:30:29 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010/09/02 09:30:18 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010/09/02 09:30:15 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010/09/02 09:29:37 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010/09/02 09:29:27 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010/09/02 09:29:22 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010/09/02 09:28:59 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010/09/02 09:28:54 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010/09/02 09:28:49 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010/09/02 09:28:44 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010/09/02 09:28:40 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010/09/02 09:28:35 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010/09/02 09:28:30 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010/09/02 09:28:25 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010/09/02 09:28:21 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010/09/02 09:28:11 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010/09/02 09:28:06 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010/09/02 09:28:04 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/09/02 09:28:02 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/09/02 09:27:59 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2010/09/02 09:27:54 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2010/09/02 09:27:40 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010/09/02 09:27:31 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010/09/02 09:27:24 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010/09/02 09:27:16 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010/09/02 09:26:58 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010/09/02 09:26:53 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010/09/02 09:26:10 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010/09/02 09:26:05 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010/09/02 09:26:00 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010/09/02 09:25:42 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010/09/02 09:24:28 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2010/09/02 09:24:24 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010/09/02 09:24:05 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010/09/02 09:24:03 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010/09/02 09:23:59 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010/09/02 09:22:59 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010/09/02 09:22:55 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010/09/02 09:22:50 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010/09/02 09:22:44 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010/09/02 09:22:13 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010/09/02 09:21:55 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010/09/02 09:21:51 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010/09/02 09:21:45 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2010/09/02 09:21:44 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010/09/02 09:21:32 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010/09/02 09:21:28 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010/09/02 09:21:16 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010/09/02 09:21:12 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010/09/02 09:21:08 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010/09/02 09:21:03 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010/09/02 09:20:59 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010/09/02 09:20:54 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010/09/02 09:20:41 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010/09/02 09:20:34 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010/09/02 09:20:31 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010/09/02 09:20:24 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010/09/02 09:20:20 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010/09/02 09:20:14 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2010/09/02 09:19:06 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010/09/02 09:18:17 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010/09/02 09:17:42 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010/09/02 09:17:40 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010/09/02 09:17:35 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010/09/02 09:17:32 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010/09/02 09:17:31 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010/09/02 09:17:25 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010/09/02 09:17:18 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010/09/02 09:17:14 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/09/02 09:17:10 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010/09/02 09:17:06 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010/09/02 09:16:58 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010/09/02 09:16:54 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010/09/02 09:16:03 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010/09/02 09:15:51 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2010/09/02 09:15:06 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010/09/02 09:12:11 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/09/02 09:11:57 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/09/02 09:11:19 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/09/02 09:11:16 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/09/02 09:11:13 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/09/02 09:10:51 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/09/02 09:10:33 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/09/02 09:10:27 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/09/02 09:10:23 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/09/02 09:10:18 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/09/02 09:10:16 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/09/02 09:10:14 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/09/02 09:09:53 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/09/02 09:09:47 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/09/02 09:09:44 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/09/02 09:09:05 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010/09/02 09:07:36 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/09/02 09:07:26 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/09/02 09:07:12 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/09/02 09:07:10 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/09/02 09:07:08 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/09/02 09:07:01 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/09/02 09:06:59 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/09/02 09:06:57 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/09/02 09:06:56 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/09/02 09:06:53 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/09/02 09:06:23 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/09/02 09:06:22 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/09/02 09:06:16 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/09/02 09:05:42 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/09/02 09:05:40 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/09/02 09:05:37 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/09/02 09:05:36 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/09/02 09:05:34 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/09/02 09:05:33 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/09/02 09:05:29 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/09/02 09:05:27 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/09/02 09:05:12 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/09/02 09:05:11 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010/09/02 09:04:57 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/09/02 09:04:47 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/09/02 09:04:39 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/09/02 09:04:38 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/09/02 09:04:37 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/09/02 09:04:36 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/09/02 09:04:35 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/09/02 09:04:33 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/09/02 09:04:32 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/09/02 09:04:31 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/09/02 09:04:29 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/09/02 09:04:25 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/09/02 09:04:24 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/09/02 09:03:41 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/09/02 09:03:39 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/09/02 09:03:37 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/09/02 09:03:36 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/09/02 09:03:35 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/09/02 09:03:35 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/09/02 09:03:34 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/09/02 09:03:33 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/09/02 09:03:28 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/09/02 09:03:28 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/09/02 09:03:27 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/09/02 09:03:26 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/09/02 09:03:26 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/09/02 09:03:25 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/09/02 09:03:21 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/09/02 09:03:19 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/09/02 09:03:19 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/09/02 09:03:18 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/09/02 09:03:10 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/09/02 09:03:06 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/09/02 09:03:05 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/09/02 09:03:04 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/09/02 09:03:03 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/09/02 09:03:01 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/09/02 09:02:56 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/09/02 09:02:55 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/09/02 09:02:21 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/09/02 09:02:20 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/09/02 09:02:15 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/09/02 08:47:14 | 000,000,000 | ---D | C] -- C:\I386
[2010/09/02 08:44:36 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/09/02 08:44:36 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/09/02 08:44:35 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/09/02 08:44:35 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/09/02 08:44:34 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/09/02 08:44:34 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/09/02 08:44:32 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/09/02 08:44:31 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/09/02 08:44:30 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/09/02 08:44:29 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/09/02 08:44:28 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/09/02 08:44:27 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/09/02 08:44:27 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/09/02 00:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\gmer
[2010/09/01 23:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Application Data\Malwarebytes
[2010/09/01 23:36:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/01 23:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/01 23:36:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/01 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/01 23:36:15 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adam\Desktop\mbam-setup.exe
[2010/09/01 23:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/01 23:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/01 23:32:29 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Adam\Desktop\erunt-setup.exe
[2010/09/01 23:27:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\TFC.exe
[2010/08/17 19:07:39 | 000,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/07/19 19:19:45 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

========== Files - Modified Within 90 Days ==========

[2010/09/11 19:00:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 19:00:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/11 18:54:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/11 18:54:03 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/11 18:53:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/11 18:53:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/11 18:52:44 | 013,893,632 | ---- | M] () -- C:\Documents and Settings\Adam\ntuser.dat
[2010/09/11 18:52:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Adam\ntuser.ini
[2010/09/11 18:40:27 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Adam\Desktop\Norton_Removal_Tool.exe
[2010/09/11 18:39:44 | 064,526,509 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/07 09:31:03 | 001,188,006 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\tdsskiller.zip
[2010/09/06 19:35:23 | 000,000,296 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/06 19:24:50 | 000,174,080 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Doc1.doc
[2010/09/06 19:23:32 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\gmer.zip
[2010/09/06 18:50:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/06 18:34:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/06 18:08:43 | 003,839,076 | R--- | M] () -- C:\Documents and Settings\Adam\Desktop\ComboFix.exe
[2010/09/06 12:42:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/02 19:13:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\OTL.exe
[2010/09/02 08:59:16 | 000,017,130 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/09/02 08:59:16 | 000,017,130 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/09/02 08:58:51 | 000,003,725 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/01 23:36:57 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 23:36:15 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adam\Desktop\mbam-setup.exe
[2010/09/01 23:33:42 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\NTREGOPT.lnk
[2010/09/01 23:33:42 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\ERUNT.lnk
[2010/09/01 23:32:31 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Adam\Desktop\erunt-setup.exe
[2010/09/01 23:27:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam\Desktop\TFC.exe
[2010/09/01 22:53:13 | 000,234,482 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\screen.jpg
[2010/09/01 20:41:05 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\housecall.guid.cache
[2010/08/31 20:45:39 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/31 20:45:39 | 000,000,112 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/28 23:09:26 | 058,047,024 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Aerosmith Live at London o2 2010 - Sweet Emotion (HD).flv
[2010/08/17 19:07:39 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/08/09 22:16:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/09 22:16:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/19 19:19:50 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/19 19:19:45 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/19 19:18:02 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/02 12:10:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/28 23:32:48 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\CCP0610.doc
[2010/06/28 21:31:20 | 000,525,680 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/28 21:31:20 | 000,457,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/28 21:31:20 | 000,078,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/28 20:43:59 | 000,039,352 | ---- | M] () -- C:\Documents and Settings\Adam\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/15 13:57:31 | 000,180,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/09/07 09:30:47 | 001,188,006 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\tdsskiller.zip
[2010/09/06 19:24:50 | 000,174,080 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Doc1.doc
[2010/09/06 18:34:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/06 18:34:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/06 18:29:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/06 18:29:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/06 18:29:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/06 18:29:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/06 18:29:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/06 18:08:43 | 003,839,076 | R--- | C] () -- C:\Documents and Settings\Adam\Desktop\ComboFix.exe
[2010/09/02 09:44:15 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/09/02 09:44:06 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010/09/02 09:25:52 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/09/02 09:25:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/09/02 09:19:17 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/09/02 09:12:08 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/09/02 09:12:01 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/09/02 09:11:54 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/09/02 09:11:47 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/09/02 09:11:40 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/09/02 09:07:06 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/09/02 09:07:04 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/09/02 09:07:03 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/09/02 09:02:43 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/09/02 09:02:41 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/09/02 09:02:39 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/09/02 09:02:38 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/09/02 09:02:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/09/02 09:02:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/09/02 09:02:36 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/09/02 09:02:36 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/09/02 09:02:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/09/02 09:02:27 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/09/02 00:35:28 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\gmer.zip
[2010/09/01 23:36:57 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 23:33:42 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\NTREGOPT.lnk
[2010/09/01 23:33:42 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\ERUNT.lnk
[2010/09/01 22:53:13 | 000,234,482 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\screen.jpg
[2010/09/01 20:41:05 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\housecall.guid.cache
[2010/08/28 23:02:32 | 058,047,024 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Aerosmith Live at London o2 2010 - Sweet Emotion (HD).flv
[2010/07/29 09:05:27 | 000,667,718 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Image013.jpg
[2010/06/28 23:25:53 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\CCP0610.doc
[2010/01/10 18:09:54 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/01/10 18:09:54 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/01/10 18:09:54 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/01/10 18:09:54 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/07/20 19:06:10 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/04/20 14:44:55 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/20 14:44:55 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/20 14:44:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/04/20 14:44:53 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/04/20 14:44:53 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/12/18 22:39:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/23 00:03:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2006/04/06 12:23:33 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/04/06 12:23:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/12/14 11:21:11 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2005/12/14 11:21:11 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2005/10/15 20:24:43 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\fusioncache.dat
[2005/08/25 14:52:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/08/09 23:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 23:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/29 11:56:05 | 000,000,968 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2005/07/11 23:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/07/01 12:22:49 | 000,000,814 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/06/29 14:51:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/28 13:39:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2005/06/28 12:06:49 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/26 12:40:27 | 000,008,988 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/06/22 23:41:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2005/06/22 23:28:17 | 000,000,325 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/22 19:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/23 01:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

========== LOP Check ==========

[2006/04/23 21:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\.ABC
[2010/01/11 15:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\AnvSoft
[2010/01/11 16:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Azureus
[2009/08/30 14:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2005/11/14 23:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Cakewalk
[2010/08/08 00:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Canon
[2007/05/10 19:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\DataLayer
[2008/08/17 13:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Grisoft
[2007/05/03 19:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\iScreensaver
[2007/09/02 13:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Leadertech
[2009/11/02 01:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\LimeWire
[2009/08/27 21:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Nokia
[2009/08/27 20:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\PC Suite
[2006/03/09 22:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Template
[2010/03/22 20:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Trusteer
[2010/05/29 19:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Uniblue
[2005/06/28 10:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\WholeSecurity
[2007/02/03 20:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2010/02/16 23:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2005/11/14 23:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/01/18 21:16:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/08 00:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2009/02/06 17:49:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/02/11 00:42:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2009/01/18 21:25:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/08/08 00:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2009/06/09 13:51:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/01/18 21:26:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2008/05/03 12:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/08/17 13:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/08/25 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/06/07 11:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/08/25 23:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/08/27 21:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/08/25 23:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/17 20:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/22 20:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/10/29 12:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B088B85
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

#13 azarl

Group: GeekU Moderator
Posts: 15,492
Joined: 07-April 08

Posted 12 September 2010 - 09:11 AM

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Download GMER Rootkit Scanner. Note the files name and unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

#14 Canary

Group: Member
Posts: 130
Joined: 01-September 10

Posted 12 September 2010 - 02:43 PM

Hi again.

I've had this problem throughout this process . . . GMER causes my computer to crash.

I have, however, managed to get this data from the first part of the scan. Is this of any use to you?

(In the meantime, I will continue to run the scan to see if it can actually complete it.)

Thanks.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-12 21:30:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Adam\LOCALS~1\Temp\uxtdapow.sys

---- User code sections - GMER 1.0.15 ----

.text c:\program files\a-squared free\a2service.exe[1140] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0045495D c:\program files\a-squared free\a2service.exe (a-squared Service/Emsi Software GmbH)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\DS@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\DS\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\DS\ObjectNames@Directory Service Object 7680
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames@PolicyObject 5632
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames@SecretObject 5648
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames@TrustedDomainObject 5664
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames@UserAccountObject 5680
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@CategoryCount 9
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@GuidMessageFile %SystemRoot%\System32\NtMarta.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@EventMessageFile %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll;%SystemRoot%\System32\xpsp3res.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@TypesSupported 28
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Channel 5120
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Desktop 6672
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Device 4352
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Directory 4368
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Event 4384
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@EventPair 4400
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@File 4416
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@IoCompletion 4864
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Job 5136
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Key 4432
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@MailSlot 4416
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Mutant 4448
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@NamedPipe 4416
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Port 4464
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Process 4480
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Profile 4496
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Section 4512
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Semaphore 4528
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@SymbolicLink 4544
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Thread 4560
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Timer 4576
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Token 4592
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Type 4608
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@WaitablePort 4464
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@WindowStation 6656
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames@Document 6944
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames@Printer 6928
Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames@Server 6912
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames@Directory Service Object 7680
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@PolicyObject 5632
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@SecretObject 5648
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@TrustedDomainObject 5664
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@UserAccountObject 5680
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@CategoryCount 9
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@GuidMessageFile %SystemRoot%\System32\NtMarta.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@EventMessageFile %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll;%SystemRoot%\System32\xpsp3res.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@TypesSupported 28
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Channel 5120
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Desktop 6672
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Device 4352
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Directory 4368
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Event 4384
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@EventPair 4400
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@File 4416
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@IoCompletion 4864
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Job 5136
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Key 4432
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@MailSlot 4416
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Mutant 4448
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@NamedPipe 4416
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Port 4464
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Process 4480
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Profile 4496
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Section 4512
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Semaphore 4528
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@SymbolicLink 4544
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Thread 4560
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Timer 4576
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Token 4592
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Type 4608
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@WaitablePort 4464
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@WindowStation 6656
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Document 6944
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Printer 6928
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Server 6912
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS\ObjectNames@Directory Service Object 7680
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@PolicyObject 5632
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@SecretObject 5648
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@TrustedDomainObject 5664
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@UserAccountObject 5680
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@CategoryCount 9
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@GuidMessageFile %SystemRoot%\System32\NtMarta.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@EventMessageFile %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll;%SystemRoot%\System32\xpsp3res.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@TypesSupported 28
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Channel 5120
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Desktop 6672
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Device 4352
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Directory 4368
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Event 4384
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@EventPair 4400
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@File 4416
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@IoCompletion 4864
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Job 5136
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Key 4432
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@MailSlot 4416
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Mutant 4448
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@NamedPipe 4416
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Port 4464
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Process 4480
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Profile 4496
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Section 4512
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Semaphore 4528
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@SymbolicLink 4544
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Thread 4560
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Timer 4576
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Token 4592
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Type 4608
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@WaitablePort 4464
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@WindowStation 6656
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Document 6944
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Printer 6928
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Server 6912

#15 azarl

Group: GeekU Moderator
Posts: 15,492
Joined: 07-April 08

Posted 12 September 2010 - 03:59 PM

That's why we're running deffoger - to try and get GMER to run

Back to Virus, Spyware, Malware Removal

Share this topic:

4 Pages
1
2
3
→
Last »

Please log in to reply

Various problems - Geeks to Go Forums