Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Win32.Generic!BT froze computer


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Sometimes the anti-virus notification gets stuck in Windows and CF will complain. We can remove the notification easily enough but let's wait until next time we run cfscript.

I do see something that is interesting in the logs. Intelppm is trying to load. I found an MS site that claims it should not be loading after SP2. We can try turning it off:

Start, All Programs, Accessories, Command prompt then type with an Enter after the line:
sc  config  Intelppm  start=  disabled

Then try and reboot into regular mode.
If that doesn't work then:

Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
D3DCompiler_43.dll
d3dx9_43.dll
FlashPlayerCPLApp.cpl
winsrv.dll
win32k.sys
msvcr80.dll
msvcp80.dll
msvcm80.dll
mozutils.dll
winhttp.dll
/md5stop
c:\program files\GFI Software\*.exe
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Can you install the free Avast in Safe Mode with Networking?

http://www.avast.com...ivirus-download

Download, Save, and Run

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Ron
  • 0

Advertisements


#17
Dr_hfuhruhurr

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Ron, disabled the Intelppm and tried restarting in normal mode but still freezing up. Ran the OTL scan in safe mode OK. Managed to install Avast but won't seem to manually update, just hangs on 'initializing, please wait'. Tried 3 times to boot scan and didn't appear to have done anything - just rebooted into normal mode after I hit 'restart computer' in Avast and loaded Windows as normal, freezing, although the Avast ball is in the bottom RH corner, no sign of a scan or log taking place?
Here's the OTL logs:

OTL logfile created on: 24/01/2012 16:30:14 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.11 Mb Total Physical Memory | 780.35 Mb Available Physical Memory | 76.95% Memory free
2.38 Gb Paging File | 2.31 Gb Available in Paging File | 96.81% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.23 Gb Total Space | 59.23 Gb Free Space | 41.94% Space Free | Partition Type: NTFS

Computer Name: 107863980132 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/20 15:37:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/05/25 09:41:54 | 000,099,248 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2005/10/20 06:15:00 | 000,090,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- (USBDeviceService)
SRV - [2005/01/31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/04/08 08:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) [Disabled | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/06/22 18:01:52 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/06/09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2006/11/07 06:34:36 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/04/19 16:50:08 | 000,788,224 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006/04/04 03:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/31 16:27:06 | 001,155,672 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/18 18:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/28 10:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2004/12/06 12:00:00 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/12/06 11:00:00 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/08/15 12:56:50 | 000,138,402 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glausb.sys -- (lanusb)
DRV - [2003/03/05 08:44:02 | 000,002,127 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MyPort.sys -- (MyPort)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...03&gct=&gc=1&q=

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 11:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 19:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/04/23 15:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/01/20 16:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lsc6gzkg.default\extensions
[2011/12/04 20:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/07 11:46:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/21 16:02:32 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/27 17:58:06 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/01/07 11:46:34 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/07 11:46:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/07 11:46:34 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/07 11:46:34 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/07 11:46:34 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/01/22 20:54:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{114F6ADA-835E-46A1-9436-8D201983FE5D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\APPS\DESKTOP\DESKTOP.HTM
O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\DESKTOP.HTM
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "x10nets"
MsConfig - Services: "USBDeviceService"
MsConfig - Services: "UleadBurningHelper"
MsConfig - Services: "PassThru Service"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "NMSAccessU"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "lxdd_device"
MsConfig - Services: "lxddCATSCustConnectService"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "idsvc"
MsConfig - Services: "IDriverT"
MsConfig - Services: "gusvc"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - Services: "ekrn"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "Apple Mobile Device"
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 1

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 19:17:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/23 18:51:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/23 18:51:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/23 18:51:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/23 18:51:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/23 18:42:06 | 004,388,468 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\george.exe
[2012/01/21 21:08:36 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.svs
[2012/01/21 21:04:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/01/21 21:04:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/01/21 21:01:00 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/01/21 21:00:49 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/01/21 21:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/01/21 18:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2012/01/21 18:04:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/21 17:31:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/21 17:23:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/01/21 11:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2012/01/21 10:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GFI Software
[2012/01/21 08:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/01/20 19:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/20 18:40:21 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/20 17:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/01/20 17:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/01/20 15:37:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/18 19:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\GFI Software
[2011/12/29 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/29 10:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/12/29 06:28:01 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2009/12/29 06:28:01 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2009/12/29 06:28:01 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2009/12/29 06:28:01 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2009/12/29 06:28:01 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2009/12/29 06:28:01 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/12/29 06:28:01 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2009/12/29 06:28:01 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2009/12/29 06:28:00 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2009/12/29 06:28:00 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2009/12/29 06:28:00 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2009/12/29 06:27:59 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2009/12/29 06:27:59 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2009/12/29 06:27:59 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2009/12/29 06:27:59 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe

========== Files - Modified Within 30 Days ==========

[2012/01/24 16:27:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/24 16:25:15 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/23 19:00:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Master CD_DVD Creator.job
[2012/01/23 18:43:11 | 004,388,468 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\george.exe
[2012/01/22 21:03:33 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/01/22 20:54:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/22 19:46:58 | 000,000,279 | RHS- | M] () -- C:\BOOT.INI
[2012/01/21 21:55:08 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/01/21 21:34:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/21 21:01:18 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/01/21 21:00:54 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/01/21 18:54:03 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005UA.job
[2012/01/21 18:54:03 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4025548750-2202908060-4122310945-1005Core.job
[2012/01/21 17:31:13 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Wireless Network Connection.lnk
[2012/01/21 11:26:56 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit_.INI
[2012/01/21 09:53:18 | 000,376,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/21 08:33:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/20 18:50:06 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/20 16:27:14 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/20 16:26:16 | 000,446,418 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/20 16:26:16 | 000,073,744 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/20 15:37:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/07 11:24:39 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\lxdd
[2011/12/29 10:27:53 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/01/23 18:51:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/23 18:51:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/23 18:51:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/23 18:51:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/23 18:51:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/21 21:55:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/01/21 17:31:13 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Wireless Network Connection.lnk
[2012/01/20 16:27:14 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 10:27:53 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/08 21:48:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2011/11/09 18:36:49 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2011/11/07 10:04:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/05 19:04:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/25 07:41:01 | 000,002,863 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2010/08/25 07:40:50 | 000,002,894 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2010/08/25 07:40:41 | 000,002,996 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2010/08/25 07:40:30 | 000,002,830 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2010/08/25 07:40:09 | 000,002,993 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2010/08/25 07:40:03 | 000,002,865 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2010/08/25 07:39:56 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2010/08/25 07:37:40 | 000,010,999 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/08/25 07:37:27 | 000,243,064 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/08/25 07:37:27 | 000,014,639 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/06/22 21:07:31 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/22 21:04:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/09 05:28:21 | 000,090,152 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/29 06:29:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2009/12/29 06:29:54 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/12/29 06:29:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2009/12/29 06:29:06 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2009/12/29 06:29:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2009/12/29 06:28:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/12/29 06:28:01 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/12/29 06:28:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2009/12/27 11:02:09 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/12/18 09:34:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/12/09 19:10:48 | 000,005,021 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2009/12/08 17:56:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/06 22:57:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2009/12/06 20:46:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI
[2009/12/01 11:20:26 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/12/01 10:18:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\AppRun.exe
[2009/12/01 10:18:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\Restart.exe
[2009/12/01 10:18:54 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2009/12/01 10:17:56 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2009/12/01 10:17:56 | 000,160,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp_.bin
[2009/12/01 10:17:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2009/12/01 10:17:56 | 000,017,020 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2009/01/25 21:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 23:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/11/07 07:03:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/07 06:42:34 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006/11/07 06:37:57 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/07 06:35:29 | 000,007,596 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006/11/07 06:33:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/07 06:16:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2006/11/07 06:16:08 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2006/03/23 14:24:10 | 000,006,399 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 11:23:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/06 11:00:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2004/09/10 15:50:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/09/10 15:42:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/10 15:32:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/10 15:24:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/10 15:22:38 | 000,376,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/10 14:57:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/10 14:57:27 | 000,446,418 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/10 14:57:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/10 14:57:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/10 14:57:26 | 000,073,744 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/10 14:57:25 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/10 14:57:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/10 14:57:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/10 14:57:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/10 14:57:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/10 14:57:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/10 14:56:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/05 08:44:00 | 000,002,127 | ---- | C] () -- C:\WINDOWS\System32\drivers\MyPort.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/07/15 16:30:46 | 000,028,672 | R--- | M] (Microsoft Corporation) -- C:\setupSNK.exe

< %SYSTEMDRIVE%\*.exe >
[2009/07/15 16:30:46 | 000,028,672 | R--- | M] (Microsoft Corporation) -- C:\setupSNK.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/01/21 17:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/01/21 10:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GFI Software
[2009/11/26 23:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/01/21 17:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/04/23 11:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/01/21 21:40:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/04/23 15:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/11/26 23:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2012/01/21 11:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2009/11/26 23:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver


< MD5 for: D3DCOMPILER_43.DLL >
[2011/12/07 07:22:27 | 002,106,216 | ---- | M] (Microsoft Corporation) MD5=1C9B45E87528B8BB8CFA884EA0099A85 -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\d3dcompiler_43.dll
[2012/01/05 07:06:01 | 002,106,216 | ---- | M] (Microsoft Corporation) MD5=1C9B45E87528B8BB8CFA884EA0099A85 -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\d3dcompiler_43.dll
[2012/01/07 11:46:41 | 002,106,216 | ---- | M] (Microsoft Corporation) MD5=1C9B45E87528B8BB8CFA884EA0099A85 -- C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll
[2011/12/04 17:56:02 | 002,106,216 | ---- | M] (Microsoft Corporation) MD5=1C9B45E87528B8BB8CFA884EA0099A85 -- C:\WINDOWS\system32\D3DCompiler_43.dll

< MD5 for: D3DX9_43.DLL >
[2011/12/07 07:22:31 | 001,998,168 | ---- | M] (Microsoft Corporation) MD5=86E39E9161C3D930D93822F1563C280D -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\d3dx9_43.dll
[2012/01/05 07:06:01 | 001,998,168 | ---- | M] (Microsoft Corporation) MD5=86E39E9161C3D930D93822F1563C280D -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\d3dx9_43.dll
[2012/01/07 11:46:40 | 001,998,168 | ---- | M] (Microsoft Corporation) MD5=86E39E9161C3D930D93822F1563C280D -- C:\Program Files\Mozilla Firefox\d3dx9_43.dll
[2011/12/04 17:56:02 | 001,998,168 | ---- | M] (Microsoft Corporation) MD5=86E39E9161C3D930D93822F1563C280D -- C:\WINDOWS\system32\d3dx9_43.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/10 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: FLASHPLAYERCPLAPP.CPL >
[2011/12/07 07:22:32 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) MD5=8F71A250C4A8257EE0CDA01F6791B3E9 -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\flashplayercplapp.cpl
[2012/01/05 07:06:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) MD5=8F71A250C4A8257EE0CDA01F6791B3E9 -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\flashplayercplapp.cpl
[2011/11/30 21:04:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) MD5=8F71A250C4A8257EE0CDA01F6791B3E9 -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

< MD5 for: MOZUTILS.DLL >
[2012/01/07 11:46:36 | 000,043,992 | ---- | M] (Mozilla Foundation) MD5=79EDFC335AEA6A3A7D4C1D20C3C9432A -- C:\Program Files\Mozilla Firefox\mozutils.dll

< MD5 for: MSVCM80.DLL >
[2008/07/25 11:17:20 | 000,479,232 | ---- | M] (Microsoft Corporation) MD5=1B94A16AB1B30F05DDEC9231AA50264C -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
[2011/05/14 00:11:32 | 000,479,232 | ---- | M] (Microsoft Corporation) MD5=1D109ED0D660654EA7FF1574558031C4 -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
[2009/07/12 01:08:14 | 000,479,232 | ---- | M] (Microsoft Corporation) MD5=75F2A9B695EF3EF22D731F059920F636 -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
[2012/01/07 11:46:36 | 000,479,232 | ---- | M] (Microsoft Corporation) MD5=CAE6861B19A2A7E5D42FEFC4DFDF5CCF -- C:\Program Files\Mozilla Firefox\msvcm80.dll
[2006/12/01 21:54:32 | 000,479,232 | ---- | M] (Microsoft Corporation) MD5=CAE6861B19A2A7E5D42FEFC4DFDF5CCF -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
[2007/02/09 15:03:52 | 000,479,232 | ---- | M] (Microsoft Corporation) MD5=CDCC63E967D64ECE3729246720AF4FCC -- C:\DRIVERS\printer\2500\applications\App4r\msvcm80.dll
[2007/02/09 15:03:52 | 000,479,232 | ---- | M] (Microsoft Corporation) MD5=CDCC63E967D64ECE3729246720AF4FCC -- C:\Program Files\Lexmark 2500 Series\msvcm80.dll
[2005/09/23 07:29:16 | 000,479,232 | ---- | M] (Microsoft Corporation) MD5=CDCC63E967D64ECE3729246720AF4FCC -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll

< MD5 for: MSVCP80.DLL >
[2011/05/14 00:12:34 | 000,554,832 | ---- | M] (Microsoft Corporation) MD5=0B3595A4FF0B36D68E5FC67FD7D70FDC -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
[2007/02/09 15:03:54 | 000,548,864 | ---- | M] (Microsoft Corporation) MD5=2BC650257FB0867ABD54FD460EC2BAFC -- C:\DRIVERS\printer\2500\applications\App4r\msvcp80.dll
[2007/02/09 15:03:54 | 000,548,864 | ---- | M] (Microsoft Corporation) MD5=2BC650257FB0867ABD54FD460EC2BAFC -- C:\Program Files\Lexmark 2500 Series\msvcp80.dll
[2005/09/23 07:29:16 | 000,548,864 | ---- | M] (Microsoft Corporation) MD5=2BC650257FB0867ABD54FD460EC2BAFC -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
[2010/10/27 20:13:50 | 000,548,864 | ---- | M] (Microsoft Corporation) MD5=4C8A880EABC0B4D462CC4B2472116EA1 -- C:\Program Files\Last.fm\Microsoft.VC80.CRT\msvcp80.dll
[2012/01/07 11:46:36 | 000,548,864 | ---- | M] (Microsoft Corporation) MD5=4C8A880EABC0B4D462CC4B2472116EA1 -- C:\Program Files\Mozilla Firefox\msvcp80.dll
[2006/12/01 21:54:34 | 000,548,864 | ---- | M] (Microsoft Corporation) MD5=4C8A880EABC0B4D462CC4B2472116EA1 -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
[2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) MD5=8C53CCD787C381CD535D8DCCA12584D8 -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
[2008/07/25 11:17:20 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=E1F3AB2CC3521E68F242FB4D60C52AE3 -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll

< MD5 for: MSVCR80.DLL >
[2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) MD5=1169436EE42F860C7DB37A4692B38F0E -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
[2007/02/09 15:03:54 | 000,626,688 | ---- | M] (Microsoft Corporation) MD5=16D7DDF3B659F7CF1CB9F4DCFF4219F0 -- C:\DRIVERS\printer\2500\applications\App4r\msvcr80.dll
[2011/01/12 20:48:34 | 000,626,688 | ---- | M] (Microsoft Corporation) MD5=16D7DDF3B659F7CF1CB9F4DCFF4219F0 -- C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\msvcr80.dll
[2007/02/09 15:03:54 | 000,626,688 | ---- | M] (Microsoft Corporation) MD5=16D7DDF3B659F7CF1CB9F4DCFF4219F0 -- C:\Program Files\Lexmark 2500 Series\msvcr80.dll
[2005/09/23 07:29:16 | 000,626,688 | ---- | M] (Microsoft Corporation) MD5=16D7DDF3B659F7CF1CB9F4DCFF4219F0 -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
[2008/07/25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) MD5=1C4D0F52B4238B9388F2A28DD0903588 -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
[2011/05/14 00:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) MD5=C9564CF4976E7E96B4052737AA2492B4 -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
[2010/10/27 20:13:50 | 000,626,688 | ---- | M] (Microsoft Corporation) MD5=E4FECE18310E23B1D8FEE993E35E7A6F -- C:\Program Files\Last.fm\Microsoft.VC80.CRT\msvcr80.dll
[2012/01/07 11:46:36 | 000,626,688 | ---- | M] (Microsoft Corporation) MD5=E4FECE18310E23B1D8FEE993E35E7A6F -- C:\Program Files\Mozilla Firefox\msvcr80.dll
[2006/12/01 21:54:32 | 000,626,688 | ---- | M] (Microsoft Corporation) MD5=E4FECE18310E23B1D8FEE993E35E7A6F -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WIN32K.SYS >
[2009/08/14 12:19:41 | 001,850,112 | ---- | M] (Microsoft Corporation) MD5=1EFBC43B33B83FD7376E63A71830CC69 -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
[2010/06/23 13:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) MD5=2F2D6B7515363E855EE44D88199ADD5F -- C:\WINDOWS\$NtUninstallKB981957$\win32k.sys
[2010/12/31 13:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) MD5=4F404415E13DDC541CB34294D266B65C -- C:\WINDOWS\$NtUninstallKB2506223$\win32k.sys
[2011/03/03 13:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) MD5=4F97E6BAAA847EA90EBBCD90A3FFA8E5 -- C:\WINDOWS\$NtUninstallKB2555917$\win32k.sys
[2010/08/31 13:38:48 | 001,861,888 | ---- | M] (Microsoft Corporation) MD5=51420D569A883CC13D656783B2C86D8E -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys
[2010/12/31 13:14:45 | 001,864,064 | ---- | M] (Microsoft Corporation) MD5=62FC2280FBEA1DCC64A276BCF71709D9 -- C:\WINDOWS\$hf_mig$\KB2479628\SP3QFE\win32k.sys
[2011/11/23 13:29:56 | 001,868,544 | ---- | M] (Microsoft Corporation) MD5=679592ECA1DAEBC7D912AFF21F68A682 -- C:\WINDOWS\$hf_mig$\KB2639417\SP3QFE\win32k.sys
[2009/08/14 13:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) MD5=716ED09D8D9A9E1E4A03549B32B68186 -- C:\WINDOWS\$hf_mig$\KB969947\SP3GDR\win32k.sys
[2009/08/14 13:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) MD5=716ED09D8D9A9E1E4A03549B32B68186 -- C:\WINDOWS\$NtUninstallKB979559$\win32k.sys
[2009/08/14 11:22:15 | 001,859,328 | ---- | M] (Microsoft Corporation) MD5=7428D506B9251429DA313D6AAE59188B -- C:\WINDOWS\$hf_mig$\KB969947\SP2QFE\win32k.sys
[2005/10/06 00:10:04 | 001,839,360 | ---- | M] (Microsoft Corporation) MD5=98D0393AEBA65F52FE5B66845C5F3A6A -- C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys
[2011/11/23 13:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) MD5=A3952692FE63986981A54AEB7BCC39C8 -- C:\WINDOWS\system32\dllcache\win32k.sys
[2011/11/23 13:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) MD5=A3952692FE63986981A54AEB7BCC39C8 -- C:\WINDOWS\system32\win32k.sys
[2010/05/02 06:34:15 | 001,860,352 | ---- | M] (Microsoft Corporation) MD5=A3D4A7B714D4A74B7CD4296302F1A9FA -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys
[2010/08/31 13:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) MD5=A77B5764CD2106D36148CB5E5DDF6BC6 -- C:\WINDOWS\$NtUninstallKB2436673$\win32k.sys
[2005/10/06 00:05:59 | 001,839,488 | ---- | M] (Microsoft Corporation) MD5=AD247B4B1EB5FA17C73908CFAE001237 -- C:\WINDOWS\$NtUninstallKB969947_0$\win32k.sys
[2004/08/10 14:00:00 | 001,835,904 | ---- | M] (Microsoft Corporation) MD5=B74C69A810949E7A54DC688CAE662206 -- C:\WINDOWS\$NtUninstallKB890859$\win32k.sys
[2010/05/02 05:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) MD5=B9D41312F6D9FFA8D1D80488D9FDE849 -- C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys
[2011/06/02 14:07:35 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=BE79F0A0273DEF353BA5D1F43CBAD858 -- C:\WINDOWS\$hf_mig$\KB2555917\SP3QFE\win32k.sys
[2011/09/06 13:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=BFE37C3B420D2CA00D83554182130D32 -- C:\WINDOWS\$NtUninstallKB2639417$\win32k.sys
[2010/06/24 02:14:38 | 001,861,120 | ---- | M] (Microsoft Corporation) MD5=C0B2DA12C5CB448F9EA3AF16416745CB -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys
[2011/09/06 13:25:11 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=C30AAF3B63F3BE3B515B50FB7292EA9F -- C:\WINDOWS\$hf_mig$\KB2567053\SP3QFE\win32k.sys
[2011/03/03 13:27:43 | 001,866,880 | ---- | M] (Microsoft Corporation) MD5=D302C0D9ADC931B598405D2C953B334B -- C:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys
[2005/03/02 01:06:57 | 001,836,288 | ---- | M] (Microsoft Corporation) MD5=D9228D813D601BA27AF486D4D167C83E -- C:\WINDOWS\$NtUninstallKB896424$\win32k.sys
[2008/04/13 19:30:10 | 001,845,632 | ---- | M] (Microsoft Corporation) MD5=DE01D79A607C7B9AE7FF88E934D0FFB2 -- C:\WINDOWS\$NtUninstallKB969947$\win32k.sys
[2008/04/13 19:30:10 | 001,845,632 | ---- | M] (Microsoft Corporation) MD5=DE01D79A607C7B9AE7FF88E934D0FFB2 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
[2010/10/26 13:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) MD5=E40E572FD5DA970921A893B05FB217D9 -- C:\WINDOWS\$NtUninstallKB2479628$\win32k.sys
[2011/06/02 14:02:05 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=E97153BE7D053976348554EFD71C53A8 -- C:\WINDOWS\$NtUninstallKB2567053$\win32k.sys
[2010/10/26 13:27:10 | 001,862,272 | ---- | M] (Microsoft Corporation) MD5=ED970A04FDAEAB9D9A5FA9B25E9196A8 -- C:\WINDOWS\$hf_mig$\KB2436673\SP3QFE\win32k.sys
[2009/08/14 12:19:38 | 001,859,712 | ---- | M] (Microsoft Corporation) MD5=F6B54A56F02D24BF43E72662D44A6B14 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys
[2005/03/02 01:11:25 | 001,836,160 | ---- | M] (Microsoft Corporation) MD5=F92DA2BB088A56B3A5FB8151E58F2964 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys

< MD5 for: WINHTTP.DLL >
[2009/08/25 09:27:30 | 000,354,816 | ---- | M] (Microsoft Corporation) MD5=2B2C6F3636BA79B0857FA7485AC29DF2 -- C:\WINDOWS\$hf_mig$\KB971737\SP3QFE\winhttp.dll
[2011/11/16 14:21:44 | 000,354,816 | ---- | M] (Microsoft Corporation) MD5=684559A03CBC1D05BA120A18B0D8BA5D -- C:\WINDOWS\SoftwareDistribution\Download\e7e3f2641db6f1463fbb38295b32ff54\sp3gdr\winhttp.dll
[2011/11/16 14:21:44 | 000,354,816 | ---- | M] (Microsoft Corporation) MD5=684559A03CBC1D05BA120A18B0D8BA5D -- C:\WINDOWS\system32\dllcache\winhttp.dll
[2008/12/16 12:36:34 | 000,354,304 | ---- | M] (Microsoft Corporation) MD5=70E80BC58EA85053B5FCDF3F93C7A59C -- C:\WINDOWS\$hf_mig$\KB960803\SP2QFE\winhttp.dll
[2008/12/16 12:22:36 | 000,354,304 | ---- | M] (Microsoft Corporation) MD5=86085D457C37D9991F756143188B2291 -- C:\WINDOWS\$hf_mig$\KB960803\SP3QFE\winhttp.dll
[2009/08/25 09:17:27 | 000,354,816 | ---- | M] (Microsoft Corporation) MD5=8C77ECF3C7DCBB926312B7ECED6ECA75 -- C:\WINDOWS\$NtUninstallKB2585542$\winhttp.dll
[2009/08/25 09:17:27 | 000,354,816 | ---- | M] (Microsoft Corporation) MD5=8C77ECF3C7DCBB926312B7ECED6ECA75 -- C:\WINDOWS\system32\winhttp.dll
[2011/11/16 14:20:51 | 000,354,816 | ---- | M] (Microsoft Corporation) MD5=D0A8A9FAD0A3ECC77D545498651C79EB -- C:\WINDOWS\$hf_mig$\KB2585542\SP3QFE\winhttp.dll
[2011/11/16 14:20:51 | 000,354,816 | ---- | M] (Microsoft Corporation) MD5=D0A8A9FAD0A3ECC77D545498651C79EB -- C:\WINDOWS\SoftwareDistribution\Download\e7e3f2641db6f1463fbb38295b32ff54\sp3qfe\winhttp.dll
[2008/04/14 00:12:08 | 000,354,304 | ---- | M] (Microsoft Corporation) MD5=D29F2889BAA10E19AD9FF70C8D5ECF50 -- C:\WINDOWS\$NtUninstallKB960803$\winhttp.dll
[2008/04/14 00:12:08 | 000,354,304 | ---- | M] (Microsoft Corporation) MD5=D29F2889BAA10E19AD9FF70C8D5ECF50 -- C:\WINDOWS\ServicePackFiles\i386\winhttp.dll
[2008/12/16 12:47:51 | 000,351,232 | ---- | M] (Microsoft Corporation) MD5=E5326C384CE33D47B8EFA715E8AC4284 -- C:\WINDOWS\$NtServicePackUninstall$\winhttp.dll
[2004/08/10 14:00:00 | 000,351,232 | ---- | M] (Microsoft Corporation) MD5=EA82A55F22654FBEDCBD82D2D4305B45 -- C:\WINDOWS\$NtUninstallKB960803_0$\winhttp.dll
[2008/12/16 12:30:34 | 000,354,304 | ---- | M] (Microsoft Corporation) MD5=F2BA72BA07CA78F4AA4AFDDD9C3AB792 -- C:\WINDOWS\$hf_mig$\KB960803\SP3GDR\winhttp.dll
[2008/12/16 12:30:34 | 000,354,304 | ---- | M] (Microsoft Corporation) MD5=F2BA72BA07CA78F4AA4AFDDD9C3AB792 -- C:\WINDOWS\$NtUninstallKB971737$\winhttp.dll

< MD5 for: WINLOGON.EXE >
[2004/08/10 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSRV.DLL >
[2005/03/02 18:19:56 | 000,291,328 | ---- | M] (Microsoft Corporation) MD5=0F292F96B5967F31793C74007A0368AB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll
[2008/04/14 00:12:09 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\$NtUninstallKB2121546$\winsrv.dll
[2008/04/14 00:12:09 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
[2005/09/01 01:41:54 | 000,291,840 | ---- | M] (Microsoft Corporation) MD5=31F2735965A8AD1EB56F774D703DDAF9 -- C:\WINDOWS\$NtServicePackUninstall$\winsrv.dll
[2005/09/01 01:44:05 | 000,291,840 | ---- | M] (Microsoft Corporation) MD5=3642C99D14EC986DDE123C9D2846427D -- C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll
[2011/06/20 17:43:21 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=3C733ABE4F13206414F670F86C5F79D8 -- C:\WINDOWS\$hf_mig$\KB2567680\SP3QFE\winsrv.dll
[2010/06/18 17:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=42B5427FAC23BF6F1F31E466B7FEB084 -- C:\WINDOWS\$NtUninstallKB2507938$\winsrv.dll
[2004/08/10 14:00:00 | 000,290,816 | ---- | M] (Microsoft Corporation) MD5=442D0EAD5534E4ADCF6D4469043C82C0 -- C:\WINDOWS\$NtUninstallKB890859$\winsrv.dll
[2005/03/02 18:09:30 | 000,291,328 | ---- | M] (Microsoft Corporation) MD5=4C6A223A9E8571073EC033E4A06D0131 -- C:\WINDOWS\$NtUninstallKB900725$\winsrv.dll
[2010/06/18 17:43:57 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=6DC05976FB5B8E1358EAC8BEDFD1FA47 -- C:\WINDOWS\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
[2011/11/25 21:57:19 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\sp3gdr\winsrv.dll
[2011/11/25 21:57:19 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\system32\dllcache\winsrv.dll
[2011/11/25 21:57:19 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\system32\winsrv.dll
[2011/06/20 17:44:52 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=95CF3446911A6E25EE4086DF8A45B2AA -- C:\WINDOWS\$NtUninstallKB2646524$\winsrv.dll
[2011/11/25 21:56:26 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=B23423313519C522E0E73BA170D3CE71 -- C:\WINDOWS\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
[2011/11/25 21:56:26 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=B23423313519C522E0E73BA170D3CE71 -- C:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\sp3qfe\winsrv.dll
[2011/04/26 11:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=EC0A223C4854E98A3AFB2C31B7B420A0 -- C:\WINDOWS\$NtUninstallKB2567680$\winsrv.dll
[2011/04/26 11:02:48 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=F52D3C601CF618479F9AD43B07599BED -- C:\WINDOWS\$hf_mig$\KB2507938\SP3QFE\winsrv.dll

< c:\program files\GFI Software\*.exe >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/03/08 06:03:18 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/07 11:46:34 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/07 11:46:34 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/07 11:46:34 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/07 11:46:39 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/07 11:46:39 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/07 11:46:39 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/03/08 06:03:18 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/07 11:46:34 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/07 11:46:34 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/07 11:46:34 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/07 11:46:39 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/07 11:46:39 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/07 11:46:39 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >




OTL Extras logfile created on: 24/01/2012 16:30:14 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.11 Mb Total Physical Memory | 780.35 Mb Available Physical Memory | 76.95% Memory free
2.38 Gb Paging File | 2.31 Gb Available in Paging File | 96.81% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.23 Gb Total Space | 59.23 Gb Free Space | 41.94% Space Free | Partition Type: NTFS

Computer Name: 107863980132 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"25499:TCP" = 25499:TCP:*:Enabled:utorrent

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm -- (Last.fm)
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:2500 Series Server -- ( )
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Device Monitor Application -- ()
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\MediaMonkey\VisHelper.exe" = C:\Program Files\MediaMonkey\VisHelper.exe:*:Enabled:VisHelper -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5A065EA0-0EEC-4E94-A2A0-40812576C122}" = Ulead PhotoImpact 10 SE
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0 SE DVD
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.47 (March 12, 2011) version v2011.build.47
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F36964-39FD-414B-8ACD-647BF5BDB1EE}" = Radio Downloader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D64A57BC-40D6-47B1-A5FB-B52F52681294}" = Spectaculator 7.0.1
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.2.336
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"ControlSkype 1.0_is1" = ControlSkype
"ControlSkype 1.4_is1" = ControlSkype
"CutePDF Writer Installation" = CutePDF Writer 2.8
"dBpoweramp [Arrange Audio] Codec" = dBpoweramp [Arrange Audio] Codec
"dBpoweramp [Audio Info] Codec" = dBpoweramp [Audio Info] Codec
"dBpoweramp [Channel Split] Codec" = dBpoweramp [Channel Split] Codec
"dBpoweramp [ID Tag Update] Codec" = dBpoweramp [ID Tag Update] Codec
"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
"dBpoweramp [ReplayGain] Codec" = dBpoweramp [ReplayGain] Codec
"dBpoweramp [Tag From Filename] Codec" = dBpoweramp [Tag From Filename] Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Defraggler" = Defraggler
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.6.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Foxit Reader" = Foxit Reader
"G-Force" = G-Force
"HandBrake" = HandBrake 0.9.5
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.27091
"Lexmark 2500 Series" = Lexmark 2500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.93
"Slawdog Smart Shutdown" = Slawdog Smart Shutdown
"Speccy" = Speccy
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeraCopy_is1" = TeraCopy 2.01
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Unlocker" = Unlocker 1.8.9
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"VolumeLogic1" = Volume Logic Plug-in for iTunes (remove only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware™
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/01/2012 15:12:45 | Computer Name = 107863980132 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d1c0.

Error - 23/01/2012 15:20:56 | Computer Name = 107863980132 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

[ Application Events ]
Error - 23/01/2012 15:12:45 | Computer Name = 107863980132 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d1c0.

Error - 23/01/2012 15:20:56 | Computer Name = 107863980132 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 23/01/2012 15:22:58 | Computer Name = 107863980132 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 23/01/2012 15:23:40 | Computer Name = 107863980132 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ehdrv Fips intelppm

Error - 23/01/2012 15:27:49 | Computer Name = 107863980132 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 23/01/2012 15:27:59 | Computer Name = 107863980132 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 23/01/2012 15:29:58 | Computer Name = 107863980132 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 24/01/2012 12:21:40 | Computer Name = 107863980132 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 24/01/2012 12:22:48 | Computer Name = 107863980132 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ehdrv Fips intelppm

Error - 24/01/2012 12:24:00 | Computer Name = 107863980132 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 24/01/2012 12:28:14 | Computer Name = 107863980132 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 24/01/2012 12:29:28 | Computer Name = 107863980132 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ehdrv Fips


< End of report >



Thanks once again!
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Try doing a manual Avast update:

http://www.avast.com/download-update

Download and save the file (avast! 5 & 6 series VPS update, size 31MB) then run it. See if it is happier then.

What make and mode number is this PC?
  • 0

#19
Dr_hfuhruhurr

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
When I ran the above, we got a message saying the definitions were already up to date. It might be irrelevant but the Avast ball has a small red cross, indicating the system is unsecured, if I try and turn on protection nothing happens and it remains unsecured
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
What make and model number is this PC?
  • 0

#21
Dr_hfuhruhurr

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Oh sorry, I forgot! It's a packard bell easynote gn45 skype edition
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Download, save and run the intel chipset program:

ftp://ftp.download.packardbell.com/NOTEBOOK/EasyNote%20GN45%20series/Driver/XP/intel_chipset_1013.exe

Other drivers for your PC are on ftp://ftp.download.packardbell.com/NOTEBOOK/EasyNote%20GN45%20series/Driver/XP/
  • 0

#23
Dr_hfuhruhurr

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ok, I've installed the chipset driver and tried a reboot into normal mode, but it's still struggling. Should I go through the rest of the drivers too?
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Wouldn't hurt.
  • 0

#25
Dr_hfuhruhurr

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ok Ron, I updated these drivers, thanks for that. Again it may be a total red herring but on the OTL log, authorized applications list there's a few references to Ubisoft and Splinter Cell. This isn't something I ever recall even playing, never mind installing. Not much of a gamer at all really. Possibly rubbish but see what you think.
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin. File, Save, to your desktop, autoruns.arn, OK

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.
  • 0

#27
Dr_hfuhruhurr

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Ron, I tried running this as Admin, but got the message that the service couldn't be started in Safe Mode, then tried running as current user (107863980132/Administrator) and got "A device attached to the system is not functioning". I ran it just by left-clicking and have attached the .arn file.

Attached Files


  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Run autoruns again. Once it finishes the scan scroll down in the Everything section and find and uncheck:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components

See if you can now reboot into regular mode.
  • 0

#29
Dr_hfuhruhurr

Dr_hfuhruhurr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi, no joy with this I'm afraid, just to check though, I unchecked the two entries then just exited autoruns and rebooted? It still froze up when I tried it in normal mode
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Go back into Autoruns and uncheck:

"eamon" "Eset file on-access scanner" "ESET" "c:\windows\system32\drivers\eamon.sys"
+ "ehdrv" "Eset Helper driver" "ESET" "c:\windows\system32\drivers\ehdrv.sys"
+ "epfwtdir" "EPFW Filter Driver" "ESET" "c:\windows\system32\drivers\epfwtdir.sys"

These are from ESET so we don't want them running.

Not sure you have this but try it:

Click Start, and then click Run.
In the Open box, type msinfo32, and then click OK.
Look for problem devices or device conflicts. To do so:

In the console tree, expand Components, and then click Problem Devices.

Note any devices that are listed in the right pane.
In the console tree, expand Hardware Resources, and then click Conflicts/Sharing.

Note any resource conflicts that are listed in the right pane.



Right click on My Computer and select Manage then Device Manager. Try Right clicking on anything you don't absolutely need and Disable it. (Don't touch Computer, DiskDrives, anything with IDE, Human Interface Devices, Keyboard, Mice, Monitor, System Devices, Processor.) then reboot and see if you can get into regular mode. IF that helps then undisable a few and try again until you locate the culprit.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP