Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32 trojan and others [Solved]

Started by archie10 , Mar 21 2012 01:53 AM

  • This topic is locked This topic is locked

#1
archie10
Posted 21 March 2012 - 01:53 AM

archie10

    Member

  • Member
  • PipPip
  • 26 posts
what is happening:
bios are shadowed
when certain drivers are installed get an error message that update failed
because the memory could not be written to
things i have done
about 3 months ago i was playing game on my comp from one of my old back up disks
there was a pop and a smell and immediate shut down
rebooted computer and it came up in safe mode at this point i yanked the comp out from
under the desk and discovered my power supply fan had failed cleaned and lubed it and
ordered a replacement
well i thought i got it (wrong)
comp didnt have its old zing was slower than the seven year itch
i figured that the power supply on its demise took something out on the mother board
found a reman because comp comes from back in 2004 (early Pleistocene in comp years)
replaced the mother board and since it had newer bios i thought great
yeah had all the stuff i needed and more first boot bios not shadowed
second boot bios shadowed and immediate slow down
replaced the ram next nope, still haven't got it
last shot replaced the hard drive cloned it from the old one

what dont work cool and quiet
memory controller
any driver update for the processor or video card
any driver up date window explorer exits with mem cant be written to error
and also have a hidden fax window with same error (dont even have a fax on board)
print spool er has a headache as well
virus soft ware
micro soft essentials
and immunet let both do full scans and swatted results
defraged hard drive and did boot time defrag to defragment page file
virus list
m32 trojan C:\\ program files\mirosoft shared\temp\ mso service.exe
dialer tpd C:\\ program files\ online services\people pc\dialer\dialer.exe
w32 suspicious C:\\program files\ online services\people pc\system\ ras wait.exe

OTL logfile created on: 3/21/2012 12:33:16 AM - Run 3
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.81% Memory free
4.85 Gb Paging File | 3.94 Gb Available in Paging File | 81.26% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.63 Gb Total Space | 44.81 Gb Free Space | 40.14% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.76 Gb Free Space | 14.55% Space Free | Partition Type: FAT32
Drive K: | 74.53 Gb Total Space | 48.11 Gb Free Space | 64.56% Space Free | Partition Type: NTFS
Drive P: | 115.99 Gb Total Space | 79.26 Gb Free Space | 68.33% Space Free | Partition Type: NTFS

Computer Name: YOUR-4F1261A8E5 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 00:59:15 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL(1).exe
PRC - [2012/03/17 07:24:51 | 002,637,088 | ---- | M] (Immunet) -- C:\Program Files\Immunet\3.0.5\iptray.exe
PRC - [2012/03/17 07:24:51 | 000,797,096 | ---- | M] (Sourcefire, Inc.) -- C:\Program Files\Immunet\3.0.5\agent.exe
PRC - [2012/03/10 19:01:49 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/06/16 07:33:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/01 20:53:32 | 000,390,720 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/02/01 20:53:26 | 000,804,528 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/02/01 20:52:40 | 005,546,376 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/11/16 04:52:28 | 002,536,448 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/10/14 00:59:19 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2010/10/01 23:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/24 16:08:46 | 000,385,024 | ---- | M] (Askarya Technologies) -- C:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
PRC - [2003/08/11 13:02:06 | 000,449,536 | ---- | M] () -- C:\Program Files\1st Evidence Remover\erasrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/17 07:24:53 | 000,357,664 | ---- | M] () -- C:\Program Files\Immunet\3.0.5\dhr.dll
MOD - [2012/03/17 07:24:53 | 000,302,368 | ---- | M] () -- C:\Program Files\Immunet\3.0.5\dsp.dll
MOD - [2012/02/23 23:11:49 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/13 12:07:30 | 000,085,288 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko11.dll
MOD - [2012/02/13 12:07:30 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko10.dll
MOD - [2012/02/13 12:07:30 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko6.dll
MOD - [2012/02/13 12:07:30 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko9.dll
MOD - [2012/02/13 12:07:30 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko8.dll
MOD - [2012/02/13 12:07:30 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko7.dll
MOD - [2012/02/13 12:07:30 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko5.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/06/16 07:33:44 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/11/08 10:15:40 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010/06/03 00:48:08 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/06/03 00:48:04 | 002,308,200 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
MOD - [2006/05/17 06:33:42 | 000,077,824 | ---- | M] () -- C:\Program Files\Askarya\Taskbar Manager\SHLoader.dll
MOD - [2005/10/07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/10/03 22:06:00 | 000,049,152 | ---- | M] () -- C:\Program Files\Askarya\Taskbar Manager\keyhandler.dll
MOD - [2003/08/11 13:02:06 | 000,449,536 | ---- | M] () -- C:\Program Files\1st Evidence Remover\erasrv.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2012/03/17 07:24:56 | 000,327,680 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Immunet\tetra\scan.dll -- (scan)
SRV - [2012/03/17 07:24:51 | 000,797,096 | ---- | M] (Sourcefire, Inc.) [Auto | Running] -- C:\Program Files\Immunet\3.0.5\agent.exe -- (ImmunetProtect)
SRV - [2012/03/10 19:01:49 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/01 20:53:26 | 000,804,528 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/01/19 00:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010/10/14 00:59:19 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2010/10/01 23:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2003/08/11 13:02:06 | 000,449,536 | ---- | M] () [Auto | Running] -- C:\Program Files\1st Evidence Remover\erasrv.exe -- (EraserThread)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GenericMount.sys -- (GenericMount)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Anti Trojan Elite\ATEPMon.sys -- (ATE_PROCMON)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a91c0k06)
DRV - [2012/03/17 07:24:55 | 000,304,712 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2012/03/17 07:24:55 | 000,051,104 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2012/03/17 07:24:55 | 000,034,080 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2012/03/10 19:01:57 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/03/10 19:01:27 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2012/03/10 19:01:22 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2012/03/10 19:00:55 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/08/10 19:58:02 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/06/06 23:30:58 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/02/19 16:45:45 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/09/22 12:10:18 | 000,044,368 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2009/12/20 18:40:34 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2006/11/10 08:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SysTool.sys -- (SysTool)
DRV - [2006/07/07 16:41:48 | 000,014,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/07/01 22:56:04 | 000,042,496 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/23 11:52:38 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Ultra.dll -- (ultra)
DRV - [2006/04/17 16:57:33 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2006/02/14 16:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2006/01/12 09:01:52 | 000,072,032 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2005/12/11 12:41:24 | 000,020,608 | ---- | M] (Jacal Consulting) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\maplom.sys -- (Maplom)
DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/06 17:14:24 | 000,048,128 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiSRaid.sys -- (SiSRaid)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/05 18:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 18:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/07/12 00:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/08/17 13:57:26 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2001/06/22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}: "URL" = http://www.skip-sear...cfg=2-82-0-icDH

IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-03-16 06:51:17&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.2.3: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/06/16 07:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/16 07:33:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/11 20:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/12 22:24:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/11 20:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\WINDOWS\vf_hip\ [2008/07/09 00:41:48 | 000,000,000 | ---D | M]

[2010/09/14 00:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/09/14 00:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/17 06:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions
[2011/12/16 01:13:07 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/02/14 03:57:26 | 000,000,000 | ---D | M] (ArchiBar Community Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}
[2011/02/05 09:18:33 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/03/30 07:51:02 | 000,000,000 | ---D | M] (Aluminium Kai 2) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2012/03/03 05:54:14 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/06/16 07:29:23 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010/07/21 02:49:02 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}(2)
[2010/09/08 01:41:34 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2012/03/03 05:46:04 | 000,000,000 | ---D | M] (TheBflix) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\[email protected]
[2011/03/13 01:39:53 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\[email protected]
[2012/02/18 23:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/05 23:32:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/06 01:09:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/13 08:20:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 01:49:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/06 02:10:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/06 01:10:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/02/18 23:20:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\LOLIFOX\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
File not found (No name found) -- C:\PROGRAM FILES\LOLIFOX\EXTENSIONS\{EF62E1CE-D2A4-4CDD-B7EC-92B120366B66}
File not found (No name found) -- C:\PROGRAM FILES\LOLIFOX\EXTENSIONS\{F0B6E3F9-ECD1-40B6-A25F-5C3FF68FB079}
File not found (No name found) -- C:\PROGRAM FILES\LOLIFOX\EXTENSIONS\{FCE36C1E-58D8-498A-B2A5-66AD1CEDEBBB}
[2011/06/16 07:33:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/02/17 04:55:00 | 000,061,440 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\mozilla firefox\components\DAPFireFox.dll
[2006/05/31 18:28:48 | 000,249,856 | ---- | M] (Icenet LLC) -- C:\Program Files\mozilla firefox\plugins\npalnn.dll
[2012/02/18 23:19:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/06/16 12:16:04 | 000,205,312 | ---- | M] (NETDIMENSION CORPORATION) -- C:\Program Files\mozilla firefox\plugins\NPMXENG.DLL
[2011/06/16 07:33:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/03/19 00:35:13 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Anonymizer Proxy) - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NetConeal\Anonymity Shield\ProxyNew.dll (Anonymizer Software)
O2 - BHO: (TheBflix Class) - {253797F5-9A48-4BE8-A22F-86A8A799F780} - C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll (Injector)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch_1.dll (www.flashget.com)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V13\ATLIECP.DLL (FUJITSU LIMITED)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V13\ATLIECP.DLL (FUJITSU LIMITED)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [00ERSRRRNKY] C:\Program Files\1st Evidence Remover\eraser.exe ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe (inKline Global Inc.)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Taskbar Manager.lnk = C:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe (Askarya Technologies)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 219
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 219
O7 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Mn@iboddPubswLfov = 0
O7 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Mn@mlrf = 0
O7 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MnOndNeg = 0
O7 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MnQtm = 0
O7 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Ghp`amfUbrhLds = 0
O8 - Extra context menu item: &FlashGetでダウンロード - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &FlashGetで全てダウンロード - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Translate with ATLAS - C:\Program Files\ATLAS V13\atlscript.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: ATLAS Translation &Editor - C:\Program Files\ATLAS V13\AtlscriptEdit.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download Link Using Mega Manager... - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with &FileFactory Turbo - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with GetRight Pro - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Open with GetRight Pro Browser - Reg Error: Value error. File not found
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLAS V13\atlscript.html ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1196729615484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1145191418640 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.neffi...ffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} http://online.invoke...iveCompTest.ocx (Reg Error: Key error.)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} http://online.invoke...7207/MILive.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C76EFFC-52BF-410A-8A3A-8E4C314FB5B6}: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/16 10:27:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck SsiEfr.e)
O34 - HKLM BootExecute: (autocheck SsiEfr.e)
O34 - HKLM BootExecute: (autocheck SsiEfr.e)
O34 - HKLM BootExecute: (autocheck SsiEfr.e)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/20 00:59:03 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL(1).exe
[2012/03/19 11:48:49 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2012/03/18 08:45:26 | 000,042,496 | ---- | C] (Advanced Micro Devices) -- C:\WINDOWS\System32\drivers\AmdK8.sys
[2012/03/18 07:15:12 | 000,012,184 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LBeepKE.sys
[2012/03/18 07:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LogiShrd
[2012/03/18 07:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2012/03/18 07:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2012/03/18 07:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2012/03/18 07:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Logitech
[2012/03/18 07:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Logishrd
[2012/03/18 07:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse
[2012/03/18 07:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/03/18 06:18:52 | 000,064,000 | ---- | C] (LSI Corporation) -- C:\WINDOWS\System32\agrsmdel.exe
[2012/03/18 06:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2012/03/18 06:18:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2012/03/18 06:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2012/03/18 06:16:51 | 000,090,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2012/03/18 06:16:49 | 010,458,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe
[2012/03/18 06:16:46 | 000,307,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2012/03/18 06:16:46 | 000,212,992 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2012/03/18 06:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/03/18 06:13:56 | 000,017,408 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys
[2012/03/18 05:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Easeware
[2012/03/18 05:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverNavigator
[2012/03/18 05:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware
[2012/03/18 04:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SiS RAID Utility
[2012/03/18 04:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Silicon Integrated Systems
[2012/03/18 03:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/03/18 03:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/03/18 03:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/03/18 02:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Device Doctor
[2012/03/18 02:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Device Doctor
[2012/03/18 02:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\Device Doctor
[2012/03/18 01:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012/03/18 01:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimComputer
[2012/03/18 01:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\SlimComputer
[2012/03/18 01:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner
[2012/03/18 01:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner
[2012/03/18 00:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\SlimWare Utilities Inc
[2012/03/18 00:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2012/03/18 00:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\e frontier
[2012/03/17 07:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Immunet
[2012/03/17 07:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Immunet
[2012/03/17 07:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Immunet 3.0
[2012/03/17 07:25:04 | 000,034,080 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2012/03/17 07:25:03 | 000,051,104 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2012/03/17 07:24:57 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2012/03/17 07:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet
[2012/03/17 06:50:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/03/17 06:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/16 21:31:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Acronis
[2012/03/16 08:19:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/03/16 07:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG
[2012/03/16 06:50:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/03/16 05:18:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/16 05:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/03/10 20:04:09 | 002,073,440 | ---- | C] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2012/03/10 19:01:57 | 000,167,968 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2012/03/10 19:01:27 | 000,752,128 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm273.sys
[2012/03/10 19:01:16 | 000,600,928 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2012/03/10 19:00:55 | 000,170,528 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2012/03/10 18:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acronis
[2012/03/10 18:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2012/03/10 18:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2012/03/10 18:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Acronis
[2012/03/10 18:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/03/10 10:22:23 | 000,000,000 | ---D | C] -- C:\VProRecovery
[2012/03/06 05:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DOSBox
[2012/03/06 05:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DOSBox-0.74
[2012/03/06 05:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2012/03/06 05:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/03/05 20:05:42 | 000,000,000 | ---D | C] -- C:\SWTOOLS
[2012/03/05 04:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CleanMyPC Registry Cleaner
[2012/03/05 04:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\CleanMyPC
[2012/03/03 05:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/03/03 02:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\PackageAware
[2012/03/03 01:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TheBflix
[2012/03/03 01:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TheBflix
[2012/03/03 01:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Premium
[2012/03/03 01:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/03/03 01:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/02/23 07:58:31 | 000,543,232 | ---- | C] (Thoughtman Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\ftoblack.exe
[2012/02/23 07:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
[2012/02/23 07:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2012/02/23 07:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\FadeToBlack
[2012/02/23 07:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\FadeToBlack
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/21 00:22:51 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2012/03/20 01:53:57 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/20 01:51:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\TaskbarManager.INI
[2012/03/20 01:48:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/20 00:59:15 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL(1).exe
[2012/03/19 20:12:45 | 000,005,679 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\My Favorite Theme.theme
[2012/03/19 11:48:49 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2012/03/19 02:08:47 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Poser Pro 2010.lnk
[2012/03/19 02:08:47 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Poser Pro 2010 (x86).lnk
[2012/03/19 01:00:31 | 000,473,728 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/19 01:00:30 | 000,085,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/19 00:35:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/19 00:30:43 | 000,002,235 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
[2012/03/18 21:19:35 | 000,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/03/18 13:00:14 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\Immunet Scan 3374359.job
[2012/03/18 12:00:05 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\Immunet Scan 2233828.job
[2012/03/18 08:55:18 | 000,002,249 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimComputer.lnk
[2012/03/18 08:53:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/18 07:45:21 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/03/18 07:45:21 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/03/18 07:45:10 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/03/18 07:44:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/18 07:41:28 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/18 07:38:56 | 000,005,030 | ---- | M] () -- C:\config.xml
[2012/03/18 07:38:15 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2012/03/18 06:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\DriverNavigator Scheduled Scan.job
[2012/03/18 05:30:52 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverNavigator.lnk
[2012/03/18 04:37:28 | 000,000,099 | ---- | M] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2012/03/18 04:15:47 | 000,073,010 | ---- | M] () -- C:\WINDOWS\System32\RW_AppData.dat
[2012/03/18 04:15:47 | 000,056,704 | ---- | M] () -- C:\WINDOWS\System32\RW_FileType.dat
[2012/03/18 04:15:47 | 000,024,248 | ---- | M] () -- C:\WINDOWS\System32\RW_{FE91971D-2521-11DC-A3D5-0011D8D02BFE}.dat
[2012/03/18 04:15:47 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\RW_FileFlag.dat
[2012/03/18 04:15:47 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\RW_{60CA5B1F-CD34-11DA-9388-806D6172696F}.dat
[2012/03/18 04:15:47 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\RW_{2230C340-6FDA-11E1-B998-0015F200843B}.dat
[2012/03/18 04:02:07 | 000,000,001 | ---- | M] () -- C:\WINDOWS\~sisRslt
[2012/03/18 02:37:59 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speed Up This PC.lnk
[2012/03/18 02:37:59 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Device Doctor.lnk
[2012/03/18 01:58:55 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/03/18 01:58:55 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/03/18 00:19:34 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Poser 7.lnk
[2012/03/17 23:22:16 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/03/17 23:22:16 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/03/17 07:25:45 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Immunet 3.0.lnk
[2012/03/17 07:24:55 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2012/03/17 07:24:55 | 000,051,104 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2012/03/17 07:24:55 | 000,034,080 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2012/03/17 06:44:33 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/17 06:19:21 | 000,004,216 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120317-062021.backup
[2012/03/17 05:56:19 | 000,006,867 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/16 22:18:50 | 092,030,579 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/16 21:31:54 | 000,000,155 | ---- | M] () -- C:\WINDOWS\System32\autopart.opt
[2012/03/16 21:21:08 | 000,001,501 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/03/16 18:48:15 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2012/03/16 18:43:53 | 002,073,440 | ---- | M] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2012/03/16 03:06:55 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Revo Uninstaller Pro.lnk
[2012/03/10 19:33:38 | 000,037,905 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2012/03/10 19:06:35 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\RW_{D5B228C5-6AAB-11E1-B7AF-806D6172696F}.dat
[2012/03/10 19:06:35 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\RW_{AB1B9C46-6ABA-11E1-837F-0015F200843B}.dat
[2012/03/10 19:01:57 | 000,167,968 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2012/03/10 19:01:27 | 000,752,128 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm273.sys
[2012/03/10 19:01:22 | 000,600,928 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2012/03/10 19:00:55 | 000,170,528 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2012/03/10 18:59:50 | 000,001,252 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis Online Backup.lnk
[2012/03/10 18:59:50 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 2011.lnk
[2012/03/10 07:23:45 | 000,002,147 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2012/03/09 00:03:35 | 000,287,927 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2012/03/06 05:19:39 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.74.lnk
[2012/03/05 21:01:51 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/05 21:01:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/05 04:37:12 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\CleanMyPC - Registry Cleaner.lnk
[2012/03/04 01:58:39 | 000,001,071 | ---- | M] () -- C:\WINDOWS\AWMODEM.INF
[2012/02/24 03:20:48 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\config.ftb
[2012/02/23 23:11:49 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/21 00:22:51 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2012/03/19 02:08:47 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Poser Pro 2010.lnk
[2012/03/19 02:08:47 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Poser Pro 2010 (x86).lnk
[2012/03/18 07:12:07 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2012/03/18 07:02:08 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\Immunet Scan 2233828.job
[2012/03/18 06:16:51 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/03/18 06:16:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/03/18 06:16:48 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2012/03/18 05:30:58 | 000,000,450 | ---- | C] () -- C:\WINDOWS\tasks\DriverNavigator Scheduled Scan.job
[2012/03/18 05:30:52 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverNavigator.lnk
[2012/03/18 03:31:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{60CA5B1F-CD34-11DA-9388-806D6172696F}.dat
[2012/03/18 03:31:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{2230C340-6FDA-11E1-B998-0015F200843B}.dat
[2012/03/18 02:37:59 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speed Up This PC.lnk
[2012/03/18 02:37:58 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Device Doctor.lnk
[2012/03/18 01:58:55 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/03/18 01:58:55 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2012/03/18 01:58:55 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/03/18 01:58:42 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/03/18 01:31:15 | 000,002,249 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimComputer.lnk
[2012/03/18 01:13:45 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
[2012/03/17 23:22:16 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/03/17 23:22:16 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/03/17 07:32:51 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\Immunet Scan 3374359.job
[2012/03/17 07:25:44 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Immunet 3.0.lnk
[2012/03/17 06:49:03 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/17 06:43:53 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/17 06:09:13 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/17 05:56:19 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/16 22:18:50 | 092,030,579 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/16 21:31:54 | 000,000,155 | ---- | C] () -- C:\WINDOWS\System32\autopart.opt
[2012/03/16 03:06:55 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Revo Uninstaller Pro.lnk
[2012/03/10 20:04:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.let
[2012/03/10 19:22:02 | 000,037,905 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2012/03/10 19:06:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{D5B228C5-6AAB-11E1-B7AF-806D6172696F}.dat
[2012/03/10 19:06:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{AB1B9C46-6ABA-11E1-837F-0015F200843B}.dat
[2012/03/10 18:59:50 | 000,001,252 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis Online Backup.lnk
[2012/03/10 18:59:50 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 2011.lnk
[2012/03/10 01:12:19 | 000,002,147 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2012/03/06 05:19:39 | 000,001,589 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.74.lnk
[2012/03/05 04:37:12 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\CleanMyPC - Registry Cleaner.lnk
[2012/03/04 01:58:39 | 000,001,071 | ---- | C] () -- C:\WINDOWS\AWMODEM.INF
[2012/02/23 08:19:47 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\config.ftb
[2012/02/23 07:55:52 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/02/15 05:07:55 | 000,073,010 | ---- | C] () -- C:\WINDOWS\System32\RW_AppData.dat
[2012/02/15 05:07:55 | 000,056,704 | ---- | C] () -- C:\WINDOWS\System32\RW_FileType.dat
[2012/02/15 05:07:55 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\RW_FileFlag.dat
[2012/02/15 05:07:54 | 000,024,248 | ---- | C] () -- C:\WINDOWS\System32\RW_{FE91971D-2521-11DC-A3D5-0011D8D02BFE}.dat
[2012/02/15 04:48:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 06:35:09 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2012/02/14 06:33:35 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2011/07/18 15:43:12 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/02/03 03:34:57 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\E70A770EF2.sys
[2011/02/03 03:34:56 | 000,001,890 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/10/14 04:21:00 | 000,165,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/22 01:47:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\UNINSTCP.EXE
[2010/08/21 02:28:01 | 000,001,280 | ---- | C] () -- C:\WINDOWS\HYAKKA.DAT
[2010/07/19 00:57:25 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/19 00:57:17 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/19 00:57:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/05/04 03:40:03 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/05/04 03:40:03 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/05/04 03:40:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/05/04 03:40:03 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/04/21 05:01:50 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/20 23:54:30 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2010/04/20 21:15:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/20 21:15:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/13 17:31:11 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/04/09 10:17:28 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

========== Files - Unicode (All) ==========
[2012/03/16 04:22:13 | 000,000,979 | ---- | M] ()(C:\Documents and Settings\All Users\Desktop\Acronis?Disk?Director?Home.lnk) -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Home.lnk
[2012/03/16 04:22:13 | 000,000,979 | ---- | C] ()(C:\Documents and Settings\All Users\Desktop\Acronis?Disk?Director?Home.lnk) -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Home.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\AUTOEXEC.BAT:SummaryInformation
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77423EAD
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6F9610D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FB6501C

< End of report >


OTL Extras logfile created on: 3/21/2012 12:33:16 AM - Run 3
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.81% Memory free
4.85 Gb Paging File | 3.94 Gb Available in Paging File | 81.26% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.63 Gb Total Space | 44.81 Gb Free Space | 40.14% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.76 Gb Free Space | 14.55% Space Free | Partition Type: FAT32
Drive K: | 74.53 Gb Total Space | 48.11 Gb Free Space | 64.56% Space Free | Partition Type: NTFS
Drive P: | 115.99 Gb Total Space | 79.26 Gb Free Space | 68.33% Space Free | Partition Type: NTFS

Computer Name: YOUR-4F1261A8E5 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"20636:TCP" = 20636:TCP:*:Enabled:BitComet 20636 TCP
"20636:UDP" = 20636:UDP:*:Enabled:BitComet 20636 UDP
"6881:TCP" = 6881:TCP:*:Enabled:BitComet 6881 TCP
"6881:UDP" = 6881:UDP:*:Enabled:BitComet 6881 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\LightWave [8]\Programs\hub.exe" = C:\Program Files\LightWave [8]\Programs\hub.exe:*:Enabled:hub -- ()
"C:\Program Files\LightWave [8]\Programs\modeler.exe" = C:\Program Files\LightWave [8]\Programs\modeler.exe:*:Enabled:modeler
"C:\Program Files\GameHouse\BounceOut\BounceOut.exe" = C:\Program Files\GameHouse\BounceOut\BounceOut.exe:*:Enabled:Super Bounce Out!
"C:\Program Files\GameHouse\Collapse II\Relapse.exe" = C:\Program Files\GameHouse\Collapse II\Relapse.exe:*:Enabled:Super Collapse! II
"C:\Program Files\GameHouse\PopDrop\PopNDrop.exe" = C:\Program Files\GameHouse\PopDrop\PopNDrop.exe:*:Enabled:Super Pop & Drop
"C:\Program Files\HP DVD\Umbrella\MyDrive.exe" = C:\Program Files\HP DVD\Umbrella\MyDrive.exe:*:Enabled:MyDrive Application -- (Hewlett-Packard Company)
"C:\Program Files\Curious Labs\Poser 6\Poser.exe" = C:\Program Files\Curious Labs\Poser 6\Poser.exe:*:Enabled:Poser executable file -- (e frontier America, Inc)
"C:\Program Files\Poser 5.0\poser.exe" = C:\Program Files\Poser 5.0\poser.exe:*:Enabled:Poser executable file -- (Curious Labs, Inc.)
"C:\Program Files\Autodesk\backburner\monitor.exe" = C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor
"C:\Program Files\Autodesk\backburner\manager.exe" = C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager
"C:\Program Files\Autodesk\backburner\server.exe" = C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server
"C:\Program Files\LightWave [8]\Programs\lightwav.exe" = C:\Program Files\LightWave [8]\Programs\lightwav.exe:*:Enabled:lightwav -- ()
"C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe" = C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe:*:Enabled:Invisible Browsing -- (Amplusnet)
"C:\Program Files\DAZ\Bryce Lightning 2.0\Lightning.exe" = C:\Program Files\DAZ\Bryce Lightning 2.0\Lightning.exe:*:Enabled:Lightning
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:μTorrent
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" = C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0 -- (SmartSoft Ltd.)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\3dsmax7\3dsmax.exe" = C:\3dsmax7\3dsmax.exe:*:Enabled:3ds max 7
"C:\Program Files\backburner 2\monitor.exe" = C:\Program Files\backburner 2\monitor.exe:*:Enabled:backburner 2.3 monitor
"C:\Program Files\backburner 2\manager.exe" = C:\Program Files\backburner 2\manager.exe:*:Enabled:backburner 2.3 manager
"C:\Program Files\backburner 2\server.exe" = C:\Program Files\backburner 2\server.exe:*:Enabled:backburner 2.3 server
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
"C:\Program Files\e frontier\Poser 7\Poser.exe" = C:\Program Files\e frontier\Poser 7\Poser.exe:*:Enabled:Poser executable file -- (Smith Micro Software, Inc)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Smith Micro\Poser Pro 2010\PoserPro.exe" = C:\Program Files\Smith Micro\Poser Pro 2010\PoserPro.exe:*:Enabled:Poser Pro executable file -- (Smith Micro Software, Inc)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{040F8F72-65AC-4EDF-80EC-2FADE3DC8827}" = Monopoly
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{13D41D72-0284-4931-A261-F86F6565D4B4}" = SiSRaidPackage
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20c31435-2a0a-4580-be8b-ac06fc243ca4}" = Python 2.7
"{26A24AE4-039D-4CA4-87B4-2F83216021F0}" = Java™ 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2CA032FD-09D9-4B52-BA1D-4932216885FE}" = InterLok Driver Kit
"{312DFE8A-7B3A-41D4-AB00-52ACDB05ABE2}" = Ten Thumbs 4.3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3DBC8C6C-59CC-4EA3-9AB6-6BDE5B6E85DD}" = modo Support Videos
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{433C2951-F34C-460A-A6DA-C0ACA0A90B97}" = ATLAS Translation Double Pack V13.0 Trial Version
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4C8123F8-0002-6FD5-48B1-F6413E6E1DBF}" = Catalyst Control Center InstallProxy
"{51203E62-4DE3-49F5-86BC-357CE193891D}" = TransPoser
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.0.2
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70AB1576-7883-2313-C650-7A71270B1033}" = Nero 7 Demo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = Sentinel System Driver
"{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}" = Sim Brothel
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A34773-F701-46E1-9414-657F35391413}" = SlimComputer
"{8B2C1E97-E7EC-4CB9-91B9-2B1C0C1F4840}" = SlimCleaner
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{92C9D8BD-D305-4205-95E1-67F65F4944AD}_is1" = ZIP Password Unlocker 3.0
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9B8FCF12-9922-46AF-A394-703E7F38E9E5}" = modo 202
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis Disk Director Home
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B95F3D27-F1B3-E680-F73C-29D2F8C78AF0}" = ATI Catalyst Install Manager
"{BA0601E1-B65C-11D5-80A9-0000B494D9A6}" = PC Booster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client 2.0
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF49146-C6EC-44E8-9B07-1B98AD7611AD}" = FileUploader
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E0879DDC-F053-4068-80C1-DBC358AC5917}" = LS_HSI
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC122DB2-338C-49CF-BBB6-9AB78B23234D}" = Diskeeper 2010 Pro Premier
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1Click DVD Copy_is1" = 1Click DVD Copy 4.2.9.11
"1st Evidence Remover_is1" = 1st Evidence Remover
"3DWin and Rheingold 3D" = 3DWin and Rheingold 3D
"7-Zip" = 7-Zip 9.19 beta
"ABC Amber CHM Converter" = ABC Amber CHM Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AI RoboForm" = RoboForm 7-3-2 (All Users)
"Alligator Flash Designer 5" = Alligator Flash Designer 5 (5.0.30.2)
"Anti Tracks_is1" = Anti Tracks 6.4.1
"Applian FLV Player2.0.24" = Applian FLV Player
"Avatar Lab" = Avatar Lab
"Babylon" = Babylon
"Blender" = Blender (remove only)
"BlenderNIFScripts" = Blender NIF Scripts (remove only)
"CCleaner" = CCleaner
"CheckIt Diagnostics" = CheckIt Diagnostics
"CHM To PDF PRO_is1" = CHM To PDF Converter PRO
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CopyToDVD_is1" = CopyToDVD
"DAZ Studio 3 3.0.1.135" = DAZ Studio 3
"DAZ|Mimic" = DAZ|Mimic 3.1
"Device Doctor_is1" = Device Doctor v2.1
"Draw3D" = Draw3D v4.1.2
"DriverNavigator_is1" = DriverNavigator 2.1.0
"DSL Speed V6.2_is1" = DSL Speed V6.2
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v3.9.0
"EE1DC957B9D5CFE4087AED74D34CA1D9BA0C218F" = Windows Driver Package - KME Inc. (KMWDFILTER) HIDClass (09/16/2008 6.0.6000.0)
"FadeToBlack" = FadeToBlack
"Fallout 3 - Mothership Zeta Addon_is1" = Fallout 3 - Mothership Zeta Addon
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.12.6
"Fallout New Vegas_is1" = Fallout New Vegas
"ffdshow_is1" = ffdshow v1.1.4096 [2011-11-29]
"File Chopper" = File Chopper
"Flash Decompiler_is1" = Flash Decompiler
"FlashDiggerPlus" = FlashDigger Plus
"FlashGet" = FlashGet 1.9.6.1073
"FlashGet(JetCar)" = FlashGet(JetCar)
"Fraps" = Fraps (remove only)
"Game Maker 6 Resource Pack 1" = Game Maker 6 Resource Pack 1
"Game Maker 6 Resource Pack 2" = Game Maker 6 Resource Pack 2
"Game Maker 6 Resource Pack 3" = Game Maker 6 Resource Pack 3
"Game Maker 6 Resource Pack 4" = Game Maker 6 Resource Pack 4
"Game Maker 6.1" = Game Maker 6.1
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"getPlus®_dll" = getPlus®_dll
"Gmask 1.70 English" = Gmask 1.70 English
"Help and Support Additions" = Help and Support Additions
"Hex Workshop v4.20" = Hex Workshop v4.23
"Hexagon2.1" = Hexagon
"HP DVD" = HP DVD Writer
"IconCool Studio 1.92" = IconCool Studio 1.92
"i-Fun Viewer_is1" = i-Fun Viewer
"Immunet Protect" = Immunet 3.0
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"IrfanView" = IrfanView (remove only)
"LSI Soft Modem" = LSI PCI Soft Modem
"Magic Memory Optimizer_is1" = Magic Memory Optimizer v8.2.1.652
"Manga Studio EX 3.0" = Manga Studio EX 3.0
"MatrixEngine 1.0" = MatrixEngine
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Morph Loader " = Morph Loader
"Morph Loader DS3 1.4.5.119" = Morph Loader DS3
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"NetConceal Anonymity Shield" = NetConceal Anonymity Shield
"NifSkope" = NifSkope (remove only)
"Notepad++" = Notepad++
"NoteTab Light 5_is1" = NoteTab Light 5 (Remove only)
"NTREGOPT_is1" = NTREGOPT 1.1f
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office8.0" = Microsoft Office 97, Professional Edition
"P3dO Explorer" = P3dO Explorer (remove only)
"Parameters Organizer " = Parameters Organizer
"Parameters Organizer DS3 1.1.5.119" = Parameters Organizer DS3
"Picasa 3" = Picasa 3
"Poser 6" = Poser 6
"Poser 7" = Poser 7
"Poser 7_is1" = Poser 7.0.4 Service Release
"Poser Pro 2010_is1" = Poser Pro 2010 Content
"Privacy Shield_is1" = Privacy Shield
"PrtScr_is1" = PrtScr 1.5
"PS2" = PS2
"PyFFI" = PyFFI 2.1.6
"PyFFI-py2.6" = Python 2.6 PyFFI-2.1.6
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RADVideo" = RAD Video Tools
"RealPlayer 6.0" = RealPlayer
"RegClean Pro_is1" = RegClean Pro
"Rhinoceros 3.0 Evaluation" = Rhinoceros 3.0 Evaluation
"Robbox_is1" = Robbox
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"Saint Paint Studio" = Saint Paint Studio
"Silo" = Silo 1.42
"SimpleMU MUD Client" = SimpleMU MUD Client
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SmartFTP Client 2.0 Setup Files" = SmartFTP Client 2.0 Setup Files (remove only)
"SolSuite Graphics Pack Volume 1" = SolSuite Graphics Pack Volume 1
"SolSuite Graphics Pack Volume 2" = SolSuite Graphics Pack Volume 2
"SolSuite_is1" = SolSuite 2007 v7.2
"sp6" = Logitech SetPoint 6.32
"SWF, Lock & Load_is1" = SWF, Lock & Load 1.206
"SWFKit Pro_is1" = SWFKit Pro 3
"SystemRequirementsLab" = System Requirements Lab
"Tank Wars" = Tank Wars
"Taskbar Manager 3.1 Evaluation_is1" = Taskbar Manager 3.1 Evaluation
"The Tailor" = The Tailor
"Trickster Online" = Trickster Online
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Victoria 4.2 Base DAZ Studio Content ps_pe069_Victoria4DS" = Victoria 4.2 Base DAZ Studio Content
"Victoria 4.2 Base ps_pe069_Victoria4" = Victoria 4.2 Base
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinZip" = WinZip
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Professional V4.93
"Xfire" = Xfire (remove only)
"xp-AntiSpy" = xp-AntiSpy 3.95-2
"黒と黒と黒の祭壇" = 黒と黒と黒の祭壇

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"That Store Grid" = CiD Help
"The CrossDresser 2.4.0" = The CrossDresser 2.4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/19/2012 1:49:47 AM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 3/19/2012 1:49:48 AM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 3/19/2012 1:49:48 AM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 3/19/2012 1:49:48 AM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 3/19/2012 4:32:08 AM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 3/19/2012 4:32:10 AM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 3/19/2012 3:12:39 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 3/19/2012 3:12:39 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 3/19/2012 3:12:43 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 3/19/2012 3:12:43 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 3/18/2012 12:30:10 AM | Computer Name = YOUR-4F1261A8E5 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 3/18/2012 1:20:31 AM | Computer Name = YOUR-4F1261A8E5 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 3/18/2012 2:06:33 AM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7000
Description = The iolo FileInfoList Service service failed to start due to the following
error: %%2

Error - 3/18/2012 2:06:33 AM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7000
Description = The iolo System Service service failed to start due to the following
error: %%2

Error - 3/18/2012 8:51:48 AM | Computer Name = YOUR-4F1261A8E5 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 3/18/2012 8:52:00 AM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%32

Error - 3/19/2012 1:48:39 AM | Computer Name = YOUR-4F1261A8E5 | Source = Microsoft Antimalware | ID = 1005
Description = %%860 scan has encountered an error and terminated. Scan ID: {16650B7E-4680-41BC-A52D-9443FA20EEF5}

Scan
Type: %%802 Scan Parameters: %%805 User: NT AUTHORITY\NETWORK SERVICE Error Code:
0x8050800d Error description: Some history items could not be displayed. Please wait
a few minutes and try again. If that doesn't work, clear the history and then try
again.

Error - 3/19/2012 2:09:33 AM | Computer Name = YOUR-4F1261A8E5 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 3/20/2012 4:30:57 AM | Computer Name = YOUR-4F1261A8E5 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 3/20/2012 4:31:02 AM | Computer Name = YOUR-4F1261A8E5 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.


< End of report >

thanks in advance hope you can help me
its looking pretty dire from this end
  • 0

Advertisements

#2
myrti
Posted 28 March 2012 - 05:34 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti
  • 0

#3
archie10
Posted 28 March 2012 - 09:59 PM

archie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
have followed the guide.
and downloaded and run antimalware bytes
and a new symptom now recycle bin will freeze up the machine.
I can back door with ccleaner to empty it but any attempt to use the bin normally will lock up my machine.
and here is the log scan you requested

OTL logfile created on: 3/28/2012 10:13:19 PM - Run 4
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.73% Memory free
4.85 Gb Paging File | 4.05 Gb Available in Paging File | 83.60% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.63 Gb Total Space | 43.59 Gb Free Space | 39.05% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.76 Gb Free Space | 14.56% Space Free | Partition Type: FAT32
Drive K: | 74.53 Gb Total Space | 48.11 Gb Free Space | 64.56% Space Free | Partition Type: NTFS
Drive P: | 115.99 Gb Total Space | 78.99 Gb Free Space | 68.09% Space Free | Partition Type: NTFS

Computer Name: YOUR-4F1261A8E5 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 00:59:15 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL(1).exe
PRC - [2012/03/17 07:24:51 | 002,637,088 | ---- | M] (Immunet) -- C:\Program Files\Immunet\3.0.5\iptray.exe
PRC - [2012/03/17 07:24:51 | 000,797,096 | ---- | M] (Sourcefire, Inc.) -- C:\Program Files\Immunet\3.0.5\agent.exe
PRC - [2012/03/10 19:01:49 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/16 07:33:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/01 20:53:32 | 000,390,720 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/02/01 20:53:26 | 000,804,528 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/02/01 20:52:40 | 005,546,376 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/11/16 04:52:28 | 002,536,448 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/10/14 00:59:19 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2010/10/01 23:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/24 16:08:46 | 000,385,024 | ---- | M] (Askarya Technologies) -- C:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
PRC - [2003/08/11 13:02:06 | 000,449,536 | ---- | M] () -- C:\Program Files\1st Evidence Remover\erasrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/17 07:24:53 | 000,357,664 | ---- | M] () -- C:\Program Files\Immunet\3.0.5\dhr.dll
MOD - [2012/03/17 07:24:53 | 000,302,368 | ---- | M] () -- C:\Program Files\Immunet\3.0.5\dsp.dll
MOD - [2012/02/23 23:11:49 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/13 12:07:30 | 000,085,288 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko11.dll
MOD - [2012/02/13 12:07:30 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko10.dll
MOD - [2012/02/13 12:07:30 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko6.dll
MOD - [2012/02/13 12:07:30 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko9.dll
MOD - [2012/02/13 12:07:30 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko8.dll
MOD - [2012/02/13 12:07:30 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko7.dll
MOD - [2012/02/13 12:07:30 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\RadioWMPCoreGecko5.dll
MOD - [2011/06/16 07:33:44 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/11/08 10:15:40 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010/06/03 00:48:08 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/06/03 00:48:04 | 002,308,200 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
MOD - [2006/05/17 06:33:42 | 000,077,824 | ---- | M] () -- C:\Program Files\Askarya\Taskbar Manager\SHLoader.dll
MOD - [2005/10/07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/10/03 22:06:00 | 000,049,152 | ---- | M] () -- C:\Program Files\Askarya\Taskbar Manager\keyhandler.dll
MOD - [2003/08/11 13:02:06 | 000,449,536 | ---- | M] () -- C:\Program Files\1st Evidence Remover\erasrv.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2012/03/17 07:24:56 | 000,327,680 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Immunet\tetra\scan.dll -- (scan)
SRV - [2012/03/17 07:24:51 | 000,797,096 | ---- | M] (Sourcefire, Inc.) [Auto | Running] -- C:\Program Files\Immunet\3.0.5\agent.exe -- (ImmunetProtect)
SRV - [2012/03/10 19:01:49 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/01 20:53:26 | 000,804,528 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/01/19 00:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010/10/14 00:59:19 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2010/10/01 23:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2003/08/11 13:02:06 | 000,449,536 | ---- | M] () [Auto | Running] -- C:\Program Files\1st Evidence Remover\erasrv.exe -- (EraserThread)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GenericMount.sys -- (GenericMount)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Anti Trojan Elite\ATEPMon.sys -- (ATE_PROCMON)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a7g4to1w)
DRV - [2012/03/28 05:29:24 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B846BFEF-BB0F-4E7A-BBB0-39C24CBD654D}\MpKsl273285c8.sys -- (MpKsl273285c8)
DRV - [2012/03/17 07:24:55 | 000,304,712 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2012/03/17 07:24:55 | 000,051,104 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2012/03/17 07:24:55 | 000,034,080 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2012/03/10 19:01:57 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/03/10 19:01:27 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2012/03/10 19:01:22 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2012/03/10 19:00:55 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/08/10 19:58:02 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/06/06 23:30:58 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/02/19 16:45:45 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/09/22 12:10:18 | 000,044,368 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2009/12/20 18:40:34 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2006/11/10 08:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SysTool.sys -- (SysTool)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/07/07 16:41:48 | 000,014,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/07/01 22:56:04 | 000,042,496 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/23 11:52:38 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Ultra.dll -- (ultra)
DRV - [2006/02/14 16:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2006/01/12 09:01:52 | 000,072,032 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2005/12/11 12:41:24 | 000,020,608 | ---- | M] (Jacal Consulting) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\maplom.sys -- (Maplom)
DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/06 17:14:24 | 000,048,128 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiSRaid.sys -- (SiSRaid)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/05 18:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 18:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/07/12 00:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/08/17 13:57:26 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2001/06/22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}: "URL" = http://www.skip-sear...cfg=2-82-0-icDH

IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-03-16 06:51:17&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/06/16 07:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/16 07:33:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/21 17:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/12 22:24:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/11 20:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\WINDOWS\vf_hip\ [2008/07/09 00:41:48 | 000,000,000 | ---D | M]

[2010/09/14 00:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/09/14 00:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/28 01:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions
[2011/12/16 01:13:07 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/02/14 03:57:26 | 000,000,000 | ---D | M] (ArchiBar Community Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}
[2011/02/05 09:18:33 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/03/30 07:51:02 | 000,000,000 | ---D | M] (Aluminium Kai 2) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2012/03/03 05:54:14 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/03/28 01:17:46 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010/07/21 02:49:02 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}(2)
[2010/09/08 01:41:34 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2012/03/03 05:46:04 | 000,000,000 | ---D | M] (TheBflix) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\[email protected]
[2011/03/13 01:39:53 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lumkxaj6.default\extensions\[email protected]
[2012/02/18 23:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/05 23:32:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/06 01:09:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/13 08:20:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 01:49:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/06 02:10:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/06 01:10:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/02/18 23:20:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\LOLIFOX\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
File not found (No name found) -- C:\PROGRAM FILES\LOLIFOX\EXTENSIONS\{EF62E1CE-D2A4-4CDD-B7EC-92B120366B66}
File not found (No name found) -- C:\PROGRAM FILES\LOLIFOX\EXTENSIONS\{F0B6E3F9-ECD1-40B6-A25F-5C3FF68FB079}
File not found (No name found) -- C:\PROGRAM FILES\LOLIFOX\EXTENSIONS\{FCE36C1E-58D8-498A-B2A5-66AD1CEDEBBB}
[2011/06/16 07:33:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/02/17 04:55:00 | 000,061,440 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\mozilla firefox\components\DAPFireFox.dll
[2012/02/18 23:19:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/06/16 12:16:04 | 000,205,312 | ---- | M] (NETDIMENSION CORPORATION) -- C:\Program Files\mozilla firefox\plugins\NPMXENG.DLL
[2011/06/16 07:33:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/03/19 00:35:13 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Anonymizer Proxy) - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NetConeal\Anonymity Shield\ProxyNew.dll (Anonymizer Software)
O2 - BHO: (TheBflix Class) - {253797F5-9A48-4BE8-A22F-86A8A799F780} - C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll (Injector)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch_1.dll (www.flashget.com)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V13\ATLIECP.DLL (FUJITSU LIMITED)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V13\ATLIECP.DLL (FUJITSU LIMITED)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [00ERSRRRNKY] C:\Program Files\1st Evidence Remover\eraser.exe ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe (inKline Global Inc.)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Taskbar Manager.lnk = C:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe (Askarya Technologies)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 219
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 219
O7 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Mn@iboddPubswLfov = 0
O7 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Mn@mlrf = 0
O7 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MnOndNeg = 0
O7 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MnQtm = 0
O7 - HKU\S-1-5-21-3135469109-2156850678-1911169484-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Ghp`amfUbrhLds = 0
O8 - Extra context menu item: &FlashGetでダウンロード - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &FlashGetで全てダウンロード - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Translate with ATLAS - C:\Program Files\ATLAS V13\atlscript.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: ATLAS Translation &Editor - C:\Program Files\ATLAS V13\AtlscriptEdit.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download Link Using Mega Manager... - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with &FileFactory Turbo - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with GetRight Pro - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Open with GetRight Pro Browser - Reg Error: Value error. File not found
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLAS V13\atlscript.html ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1196729615484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1145191418640 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.neffi...ffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} http://online.invoke...iveCompTest.ocx (Reg Error: Key error.)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} http://online.invoke...7207/MILive.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C76EFFC-52BF-410A-8A3A-8E4C314FB5B6}: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/16 10:27:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck SsiEfr.e)
O34 - HKLM BootExecute: (autocheck SsiEfr.e)
O34 - HKLM BootExecute: (autocheck SsiEfr.e)
O34 - HKLM BootExecute: (autocheck SsiEfr.e)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0E9A3196-39EA-409D-8EB4-20D7FABC191A} - Microsoft .NET Framework 1.0 Hotfix (KB928367)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14303301-758B-402B-9A0D-2C6A591680DB} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {786BE91A-2789-C53D-0354-C5AFC473CD01} - Java (Sun)
ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework
ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)
ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A304CEC1-51C0-B6FE-6BE6-D444D0E9A32A} - Microsoft Windows Media Player
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: SENTINEL - C:\WINDOWS\System32\snti386.dll (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/28 05:42:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2012/03/28 01:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\SpeedFan
[2012/03/28 01:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2012/03/21 21:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/21 17:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2012/03/21 17:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/21 17:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/21 17:31:28 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/21 17:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/20 00:59:03 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL(1).exe
[2012/03/19 11:48:49 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2012/03/18 08:45:26 | 000,042,496 | ---- | C] (Advanced Micro Devices) -- C:\WINDOWS\System32\drivers\AmdK8.sys
[2012/03/18 07:15:12 | 000,012,184 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LBeepKE.sys
[2012/03/18 07:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LogiShrd
[2012/03/18 07:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2012/03/18 07:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2012/03/18 07:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2012/03/18 07:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Logitech
[2012/03/18 07:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Logishrd
[2012/03/18 07:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse
[2012/03/18 07:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/03/18 06:18:52 | 000,064,000 | ---- | C] (LSI Corporation) -- C:\WINDOWS\System32\agrsmdel.exe
[2012/03/18 06:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2012/03/18 06:18:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2012/03/18 06:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2012/03/18 06:16:51 | 000,090,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2012/03/18 06:16:49 | 010,458,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe
[2012/03/18 06:16:46 | 000,307,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2012/03/18 06:16:46 | 000,212,992 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2012/03/18 06:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/03/18 06:13:56 | 000,017,408 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys
[2012/03/18 05:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Easeware
[2012/03/18 05:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverNavigator
[2012/03/18 05:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware
[2012/03/18 04:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SiS RAID Utility
[2012/03/18 04:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Silicon Integrated Systems
[2012/03/18 03:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/03/18 03:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/03/18 03:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/03/18 01:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012/03/18 01:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimComputer
[2012/03/18 01:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\SlimComputer
[2012/03/18 01:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner
[2012/03/18 01:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner
[2012/03/18 00:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\SlimWare Utilities Inc
[2012/03/18 00:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2012/03/18 00:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\e frontier
[2012/03/17 07:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Immunet
[2012/03/17 07:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Immunet
[2012/03/17 07:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Immunet 3.0
[2012/03/17 07:25:04 | 000,034,080 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2012/03/17 07:25:03 | 000,051,104 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2012/03/17 07:24:57 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2012/03/17 07:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet
[2012/03/17 06:50:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/03/17 06:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/16 21:31:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Acronis
[2012/03/16 08:19:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/03/16 07:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG
[2012/03/16 06:50:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/03/16 05:18:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/16 05:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/03/10 20:04:09 | 002,073,440 | ---- | C] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2012/03/10 19:01:57 | 000,167,968 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2012/03/10 19:01:27 | 000,752,128 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm273.sys
[2012/03/10 19:01:16 | 000,600,928 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2012/03/10 19:00:55 | 000,170,528 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2012/03/10 18:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acronis
[2012/03/10 18:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2012/03/10 18:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2012/03/10 18:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Acronis
[2012/03/10 18:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/03/10 10:22:23 | 000,000,000 | ---D | C] -- C:\VProRecovery
[2012/03/06 05:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DOSBox
[2012/03/06 05:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DOSBox-0.74
[2012/03/06 05:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2012/03/06 05:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/03/05 20:05:42 | 000,000,000 | ---D | C] -- C:\SWTOOLS
[2012/03/05 04:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CleanMyPC Registry Cleaner
[2012/03/05 04:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\CleanMyPC
[2012/03/03 05:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/03/03 02:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\PackageAware
[2012/03/03 01:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TheBflix
[2012/03/03 01:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TheBflix
[2012/03/03 01:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Premium
[2012/03/03 01:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/03/03 01:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/28 05:34:16 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/28 05:31:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\TaskbarManager.INI
[2012/03/28 05:29:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/28 01:42:13 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SpeedFan.lnk
[2012/03/28 01:42:09 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/03/25 22:53:47 | 000,005,030 | ---- | M] () -- C:\config.xml
[2012/03/25 13:00:07 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\Immunet Scan 90774421.job
[2012/03/25 13:00:07 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\Immunet Scan 3374359.job
[2012/03/25 12:00:08 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\Immunet Scan 2233828.job
[2012/03/25 03:00:05 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\Immunet Scan 90750515.job
[2012/03/22 19:31:08 | 000,005,679 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\My Favorite Theme.theme
[2012/03/22 03:17:32 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/22 00:06:10 | 000,002,654 | ---- | M] () -- C:\WINDOWS\OPENFX_.INI
[2012/03/21 21:21:52 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/21 20:29:30 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to SlimComputer.exe.lnk
[2012/03/21 20:28:15 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel
[2012/03/21 20:24:20 | 000,000,121 | ---- | M] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2012/03/21 17:31:50 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/20 00:59:15 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL(1).exe
[2012/03/19 11:48:49 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2012/03/19 02:08:47 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Poser Pro 2010.lnk
[2012/03/19 02:08:47 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Poser Pro 2010 (x86).lnk
[2012/03/19 01:00:31 | 000,473,728 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/19 01:00:30 | 000,085,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/19 00:35:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/19 00:30:43 | 000,002,235 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
[2012/03/18 21:19:35 | 000,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/03/18 08:55:18 | 000,002,249 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimComputer.lnk
[2012/03/18 08:53:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/18 07:45:21 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/03/18 07:45:21 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/03/18 07:45:10 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/03/18 07:44:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/18 07:41:28 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/18 07:38:15 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2012/03/18 06:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\DriverNavigator Scheduled Scan.job
[2012/03/18 05:30:52 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverNavigator.lnk
[2012/03/18 04:15:47 | 000,073,010 | ---- | M] () -- C:\WINDOWS\System32\RW_AppData.dat
[2012/03/18 04:15:47 | 000,056,704 | ---- | M] () -- C:\WINDOWS\System32\RW_FileType.dat
[2012/03/18 04:15:47 | 000,024,248 | ---- | M] () -- C:\WINDOWS\System32\RW_{FE91971D-2521-11DC-A3D5-0011D8D02BFE}.dat
[2012/03/18 04:15:47 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\RW_FileFlag.dat
[2012/03/18 04:15:47 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\RW_{60CA5B1F-CD34-11DA-9388-806D6172696F}.dat
[2012/03/18 04:15:47 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\RW_{2230C340-6FDA-11E1-B998-0015F200843B}.dat
[2012/03/18 04:02:07 | 000,000,001 | ---- | M] () -- C:\WINDOWS\~sisRslt
[2012/03/18 01:58:55 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/03/18 01:58:55 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/03/18 00:19:34 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Poser 7.lnk
[2012/03/17 07:25:45 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Immunet 3.0.lnk
[2012/03/17 07:24:55 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2012/03/17 07:24:55 | 000,051,104 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2012/03/17 07:24:55 | 000,034,080 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2012/03/17 06:44:33 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/17 06:19:21 | 000,004,216 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120317-062021.backup
[2012/03/17 05:56:19 | 000,006,867 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/16 22:18:50 | 092,030,579 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/16 21:31:54 | 000,000,155 | ---- | M] () -- C:\WINDOWS\System32\autopart.opt
[2012/03/16 21:21:08 | 000,001,501 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/03/16 18:48:15 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2012/03/16 18:43:53 | 002,073,440 | ---- | M] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2012/03/16 03:06:55 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Revo Uninstaller Pro.lnk
[2012/03/10 19:33:38 | 000,037,905 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2012/03/10 19:06:35 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\RW_{D5B228C5-6AAB-11E1-B7AF-806D6172696F}.dat
[2012/03/10 19:06:35 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\RW_{AB1B9C46-6ABA-11E1-837F-0015F200843B}.dat
[2012/03/10 19:01:57 | 000,167,968 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2012/03/10 19:01:27 | 000,752,128 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm273.sys
[2012/03/10 19:01:22 | 000,600,928 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2012/03/10 19:00:55 | 000,170,528 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2012/03/10 18:59:50 | 000,001,252 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis Online Backup.lnk
[2012/03/10 18:59:50 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 2011.lnk
[2012/03/10 07:23:45 | 000,002,147 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2012/03/09 00:03:35 | 000,287,927 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2012/03/06 05:19:39 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.74.lnk
[2012/03/05 21:01:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/05 04:37:12 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\CleanMyPC - Registry Cleaner.lnk
[2012/03/04 01:58:39 | 000,001,071 | ---- | M] () -- C:\WINDOWS\AWMODEM.INF
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/28 01:42:13 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SpeedFan.lnk
[2012/03/28 01:42:06 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/03/23 19:23:41 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\Immunet Scan 90774421.job
[2012/03/23 19:23:18 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\Immunet Scan 90750515.job
[2012/03/21 21:21:52 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/21 20:29:30 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to SlimComputer.exe.lnk
[2012/03/21 20:28:15 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel
[2012/03/21 17:31:50 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/19 02:08:47 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Poser Pro 2010.lnk
[2012/03/19 02:08:47 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Poser Pro 2010 (x86).lnk
[2012/03/18 07:12:07 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2012/03/18 07:02:08 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\Immunet Scan 2233828.job
[2012/03/18 06:16:51 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/03/18 06:16:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/03/18 06:16:48 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2012/03/18 05:30:58 | 000,000,450 | ---- | C] () -- C:\WINDOWS\tasks\DriverNavigator Scheduled Scan.job
[2012/03/18 05:30:52 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverNavigator.lnk
[2012/03/18 03:31:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{60CA5B1F-CD34-11DA-9388-806D6172696F}.dat
[2012/03/18 03:31:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{2230C340-6FDA-11E1-B998-0015F200843B}.dat
[2012/03/18 01:58:55 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/03/18 01:58:55 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2012/03/18 01:58:55 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/03/18 01:58:42 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/03/18 01:31:15 | 000,002,249 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimComputer.lnk
[2012/03/18 01:13:45 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
[2012/03/17 07:32:51 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\Immunet Scan 3374359.job
[2012/03/17 07:25:44 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Immunet 3.0.lnk
[2012/03/17 06:49:03 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/17 06:43:53 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/17 06:09:13 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/17 05:56:19 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/16 22:18:50 | 092,030,579 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/16 21:31:54 | 000,000,155 | ---- | C] () -- C:\WINDOWS\System32\autopart.opt
[2012/03/16 03:06:55 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Revo Uninstaller Pro.lnk
[2012/03/10 20:04:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.let
[2012/03/10 19:22:02 | 000,037,905 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2012/03/10 19:06:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{D5B228C5-6AAB-11E1-B7AF-806D6172696F}.dat
[2012/03/10 19:06:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{AB1B9C46-6ABA-11E1-837F-0015F200843B}.dat
[2012/03/10 18:59:50 | 000,001,252 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis Online Backup.lnk
[2012/03/10 18:59:50 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 2011.lnk
[2012/03/10 01:12:19 | 000,002,147 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2012/03/06 05:19:39 | 000,001,589 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.74.lnk
[2012/03/05 04:37:12 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\CleanMyPC - Registry Cleaner.lnk
[2012/03/04 01:58:39 | 000,001,071 | ---- | C] () -- C:\WINDOWS\AWMODEM.INF
[2012/02/23 07:55:52 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/02/15 05:07:55 | 000,073,010 | ---- | C] () -- C:\WINDOWS\System32\RW_AppData.dat
[2012/02/15 05:07:55 | 000,056,704 | ---- | C] () -- C:\WINDOWS\System32\RW_FileType.dat
[2012/02/15 05:07:55 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\RW_FileFlag.dat
[2012/02/15 05:07:54 | 000,024,248 | ---- | C] () -- C:\WINDOWS\System32\RW_{FE91971D-2521-11DC-A3D5-0011D8D02BFE}.dat
[2012/02/15 04:48:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 06:35:09 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2012/02/14 06:33:35 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2011/07/18 15:43:12 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/02/03 03:34:57 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\E70A770EF2.sys
[2011/02/03 03:34:56 | 000,001,890 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/10/14 04:21:00 | 000,165,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/22 01:47:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\UNINSTCP.EXE
[2010/08/21 02:28:01 | 000,001,280 | ---- | C] () -- C:\WINDOWS\HYAKKA.DAT
[2010/07/19 00:57:25 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/19 00:57:17 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/19 00:57:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/05/04 03:40:03 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/05/04 03:40:03 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/05/04 03:40:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/05/04 03:40:03 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/04/21 05:01:50 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/20 23:54:30 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2010/04/20 21:15:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/20 21:15:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/13 17:31:11 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/04/09 10:17:28 | 000,000,121 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2006/09/26 16:57:21 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\dvt.exe

< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/07/16 03:16:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/03 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/07/16 03:16:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/07/16 03:16:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/03 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/07/16 03:16:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011/02/19 16:45:45 | 000,431,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2004/10/15 05:29:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/10/15 05:29:40 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/10/15 05:29:40 | 000,868,352 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/03/10 19:01:57 | 000,167,968 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\afcdp.sys
[2012/03/17 07:24:55 | 000,051,104 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys
[2012/03/17 07:24:55 | 000,034,080 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys
[2012/03/19 11:48:49 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LNonPnP.sys
[2012/01/09 11:20:25 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2012/03/10 19:00:55 | 000,170,528 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys
[2012/03/10 19:01:27 | 000,752,128 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tdrpm273.sys
[2012/03/10 19:01:22 | 000,600,928 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\timntr.sys
[2012/03/17 07:24:55 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\system32\drivers\Trufos.sys

========== Files - Unicode (All) ==========
[2012/03/16 04:22:13 | 000,000,979 | ---- | M] ()(C:\Documents and Settings\All Users\Desktop\Acronis?Disk?Director?Home.lnk) -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Home.lnk
[2012/03/16 04:22:13 | 000,000,979 | ---- | C] ()(C:\Documents and Settings\All Users\Desktop\Acronis?Disk?Director?Home.lnk) -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Home.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\AUTOEXEC.BAT:SummaryInformation
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77423EAD
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6F9610D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FB6501C

< End of report >
a side bar imunet keeps telling me that my system restore points are corrupt and contain a trojan
so at this point i am not using them.
thank you very much for your time it is greatly appreciated
  • 0

#4
myrti
Posted 29 March 2012 - 06:12 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

looking at the detections you've listed and your logs, I'm not sure you are or were infected.

dialer tpd C:\\ program files\ online services\people pc\dialer\dialer.exe
w32 suspicious C:\\program files\ online services\people pc\system\ ras wait.exe

These seem to be false positive. So legit files mistakenly identified as malware. PeoplePC is an ISP, do you use them?

n C:\\ program files\mirosoft shared\temp\ mso service.exe

Regarding this one, I would like you to upload that file to virustotal to see what other programs say:
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\program files\common files\microsoft shared\temp\ [/b]msoservice.exe[/b]

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti
  • 0

#5
archie10
Posted 29 March 2012 - 06:14 PM

archie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
The files you had mentioned were in quarantine and I have since deleted them.
my hidden folder and files settings were already set to the proper settings to
see them all.
Antimalware had found 5 more files than secure essentials,
and imunet, also sent to quarantine and deleted I will look for the logs and post them here.
At this point I am pretty sure that all the nasty buggies have been punished off my system.
I don't have a clue where people pc came from?
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Compaq_Owner :: YOUR-4F1261A8E5 [administrator]

Protection: Enabled

3/21/2012 5:34:38 PM
mbam-log-2012-03-21 (17-34-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284290
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SVKP (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\XPRepairPro2007 (Rogue.XPRepairPro2007) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.2.3 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Program Files\Mozilla Firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SVKP.sys (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

and the latest
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.22.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Compaq_Owner :: YOUR-4F1261A8E5 [administrator]

Protection: Disabled

3/24/2012 12:50:52 AM
mbam-log-2012-03-24 (00-50-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280172
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
the files in immunet are in quarantine and disabled
once again thank you for your time
  • 0

#6
myrti
Posted 31 March 2012 - 12:40 PM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

have you checked in Add/Remove if there is anything relating to PCPeople? If so you could simply uninstall it.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

regards myrti
  • 0

#7
archie10
Posted 31 March 2012 - 03:42 PM

archie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
java now updated
Still getting explorer exe had to close memory could not be written to,
and the hidden fax window explorer exe had to close memory could not be written to.
Also system is not saving settings every time I reboot I get the language bar,
normally disabled.

again thank you for your time, it is greatly appreciated.
  • 0

#8
myrti
Posted 01 April 2012 - 09:53 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

could you please run a scan with aswMBR:
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Please also try to run gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
  • 0

#9
archie10
Posted 01 April 2012 - 01:15 PM

archie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
here are the logs you requested,

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-01 12:50:21
-----------------------------
12:50:21.125 OS Version: Windows 5.1.2600 Service Pack 3
12:50:21.125 Number of processors: 1 586 0xC00
12:50:21.125 ComputerName: YOUR-4F1261A8E5 UserName: Compaq_Owner
12:50:45.359 Initialize success
12:51:29.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
12:51:29.109 Disk 0 Vendor: WDC_WD2500AAJB-00J3A0 01.03E01 Size: 238475MB BusType: 3
12:51:29.140 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
12:51:29.140 Disk 1 Vendor: ST3802110A 3.AAJ Size: 76319MB BusType: 3
12:51:29.203 Disk 0 MBR read successfully
12:51:29.203 Disk 0 MBR scan
12:51:29.203 Disk 0 unknown MBR code
12:51:29.218 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 5388 MB offset 63
12:51:29.234 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114306 MB offset 11036656
12:51:29.250 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 118777 MB offset 245135835
12:51:29.328 Disk 0 scanning sectors +488392065
12:51:29.625 Disk 0 scanning C:\WINDOWS\system32\drivers
12:52:24.328 Service scanning
12:53:01.640 Service MpKsl553ed910 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E4D4171-1F03-4BA1-A63A-195BB5B57602}\MpKsl553ed910.sys **LOCKED** 32
12:53:28.000 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:53:42.562 Modules scanning
12:54:48.671 Disk 0 trace - called modules:
12:54:48.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys
12:54:48.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa31ab8]
12:54:48.718 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\00000062[0x8aaeaf18]
12:54:48.718 5 ACPI.sys[b7e57620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8aaee940]
12:54:48.734 Scan finished successfully
12:55:18.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat"
12:55:18.484 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt"

had a little trouble with gmer
was running fine suddenly exited
brought it up in safe mode (no networking)
here is the log file

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-01 13:47:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD2500AAJB-00J3A0 rev.01.03E01
Running: c5ufvzt3.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kwayrfow.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF75039E0]
SSDT sptd.sys ZwEnumerateKey [0xF75380EE]
SSDT sptd.sys ZwEnumerateValueKey [0xF753847C]
SSDT sptd.sys ZwOpenKey [0xF75039C0]
SSDT sptd.sys ZwQueryKey [0xF7538554]
SSDT sptd.sys ZwQueryValueKey [0xF75383D4]
SSDT sptd.sys ZwSetValueKey [0xF75385E6]

INT 0x62 ? 8AAB4CB8
INT 0x63 ? 8A8F0CB8
INT 0x73 ? 8AAB7CB8
INT 0x82 ? 8AAB4CB8
INT 0x83 ? 8AAB4CB8
INT 0x94 ? 8A8F0CB8
INT 0xA4 ? 8A8F0CB8
INT 0xB4 ? 8A8F0CB8

---- Kernel code sections - GMER 1.0.15 ----

.text sptd.sys F74C7000 32 Bytes [98, 12, 6F, 80, 20, 17, 6F, ...]
.text sptd.sys F74C7024 4 Bytes [74, 9F, 4B, F7]
.text sptd.sys F74C702C 424 Bytes [3E, 9C, 5C, 80, A7, 92, 4D, ...]
.text sptd.sys F74C71E4 4 Bytes [A1, A9, EB, 4C]
.text sptd.sys F74C71EC 1 Byte [02]
.text ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF75A10AD]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B83D98AC 5 Bytes JMP 8A8F01C8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8AAB72F8
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F74C922E] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F74C871C] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F74C8F0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74C871C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74C8910] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74C8852] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74C90EC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74C8F0E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A8F02F8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AA7B1E8

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device \FileSystem\Fastfat \FatCdrom 8A8131E8
Device \Driver\usbehci \Device\USBPDO-0 8A8EA1E8
Device \Driver\usbohci \Device\USBPDO-1 8A8E41E8
Device \Driver\usbohci \Device\USBPDO-2 8A8E41E8
Device \Driver\usbohci \Device\USBPDO-3 8A8E41E8
Device \Driver\USBSTOR \Device\00000070 8A81D1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000071 8A81D1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Cdrom \Device\CdRom0 8A8DE1E8
Device \Driver\atapi \Device\Ide\IdePort0 [F7848B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-24 [F7848B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7848B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7848B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7848B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7848B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7848B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1c [F7848B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Cdrom \Device\CdRom1 8A8DE1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\USBSTOR \Device\0000006b 8A81D1E8
Device \Driver\usbohci \Device\USBFDO-0 8A8E41E8
Device \Driver\usbohci \Device\USBFDO-1 8A8E41E8
Device \Driver\usbohci \Device\USBFDO-2 8A8E41E8
Device \Driver\USBSTOR \Device\0000006e 8A81D1E8
Device \Driver\usbehci \Device\USBFDO-3 8A8EA1E8
Device \Driver\USBSTOR \Device\0000006f 8A81D1E8
Device \Driver\SiSRaid \Device\Scsi\SiSRaid1 8AA7C1E8
Device \FileSystem\Fastfat \Fat 8A8131E8

AttachedDevice \FileSystem\Fastfat \Fat tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A7401E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xA0 0x1D 0x99 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x45 0x28 0x01 0x09 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x93 0x0F 0xCD 0xEA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9D 0xE6 0x41 0xE5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x45 0x28 0x01 0x09 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x93 0x0F 0xCD 0xEA ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x59 0x53 0xA3 0x7B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x45 0x28 0x01 0x09 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x93 0x0F 0xCD 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBD 0xB9 0x10 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x45 0x28 0x01 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x93 0x0F 0xCD 0xEA ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBD 0xB9 0x10 0xFA ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x45 0x28 0x01 0x09 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x93 0x0F 0xCD 0xEA ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fallout 3: Operation Anchorage
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fallout 3: Operation Anchorage@DisplayName Fallout 3: Operation Anchorageキ
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fallout 3: Operation Anchorage@UninstallString K:\games\Uninstall.exe
Reg HKLM\SOFTWARE\Classes\.ybm@ ybmfile
Reg HKLM\SOFTWARE\Classes\.ybm@ContentType text/ybm
Reg HKLM\SOFTWARE\Classes\.ymg@ YPager.Messenger
Reg HKLM\SOFTWARE\Classes\.ymg@Content Type application/ymsgr
Reg HKLM\SOFTWARE\Classes\.yps@ YPager.Messenger
Reg HKLM\SOFTWARE\Classes\.yps@Content Type application/ymsgr
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@EncoderType 1
Reg HKLM\SOFTWARE\Classes\CLSID\{5be3ef8e-5393-407b-83f9-6653439a2e71}@Model 147
Reg HKLM\SOFTWARE\Classes\CLSID\{5be3ef8e-5393-407b-83f9-6653439a2e71}@Therad 15
Reg HKLM\SOFTWARE\Classes\CLSID\{5be3ef8e-5393-407b-83f9-6653439a2e71}@MData 0x2B 0x8F 0x78 0x29 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xC9 0xF7 0xA1 0x40 ...
Reg HKLM\SOFTWARE\Classes\ft60.YFT@ CYFT Object
Reg HKLM\SOFTWARE\Classes\ft60.YFT\CLSID
Reg HKLM\SOFTWARE\Classes\ft60.YFT\CLSID@ {24F3EAD6-8B87-4C1A-97DA-71C126BDA08F}
Reg HKLM\SOFTWARE\Classes\ft60.YFT\CurVer
Reg HKLM\SOFTWARE\Classes\ft60.YFT\CurVer@ ft60.YFT.1
Reg HKLM\SOFTWARE\Classes\ft60.YFT.1@ CYFT Object
Reg HKLM\SOFTWARE\Classes\ft60.YFT.1\CLSID
Reg HKLM\SOFTWARE\Classes\ft60.YFT.1\CLSID@ {24F3EAD6-8B87-4C1A-97DA-71C126BDA08F}
Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel@ PhotoPanel Class
Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel\CLSID
Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel\CLSID@ {6FF98F64-474B-416F-A5B8-B593F8B44D24}
Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel\CurVer
Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel\CurVer@ PhotoShare.PhotoPanel.1
Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel.1@ PhotoPanel Class
Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel.1\CLSID
Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel.1\CLSID@ {6FF98F64-474B-416F-A5B8-B593F8B44D24}
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf@ Yahoo! Audio Conferencing
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf\CLSID@ {2B323CD9-50E3-11D3-9466-00A0C9700498}
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf\CurVer
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf\CurVer@ Yahoo.AudioConf.1
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf.1@ Yahoo! Audio Conferencing
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf.1\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf.1\CLSID@ {2B323CD9-50E3-11D3-9466-00A0C9700498}
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider@ Yahoo! Audio Slider
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider\CLSID@ {EC1831E0-C231-11D3-87A8-009027A35D73}
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider\CurVer
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider\CurVer@ Yahoo.AudioSlider.1
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider.1@ Yahoo! Audio Slider
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider.1\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider.1\CLSID@ {EC1831E0-C231-11D3-87A8-009027A35D73}
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1@ Yahoo! Audio UI1
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1\CLSID@ {7D1E9C49-BD6A-11D3-87A8-009027A35D73}
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1\CurVer
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1\CurVer@ Yahoo.Audio UI1.1
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1.1@ Yahoo! Audio UI1
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1.1\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1.1\CLSID@ {7D1E9C49-BD6A-11D3-87A8-009027A35D73}
Reg HKLM\SOFTWARE\Classes\Yahoo.Messenger@ Messenger Class
Reg HKLM\SOFTWARE\Classes\Yahoo.Messenger\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo.Messenger\CLSID@ {96F8C0C7-F106-437D-90DC-6C92793246C4}
Reg HKLM\SOFTWARE\Classes\Yahoo.Messenger\CurVer
Reg HKLM\SOFTWARE\Classes\Yahoo.Messenger\CurVer@ Yahoo.Messenger.1
Reg HKLM\SOFTWARE\Classes\Yahoo.Messenger.1@ Messenger Class
Reg HKLM\SOFTWARE\Classes\Yahoo.Messenger.1\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo.Messenger.1\CLSID@ {96F8C0C7-F106-437D-90DC-6C92793246C4}
Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl@ MessengerCompanionControl Class
Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl\CurVer
Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl\CurVer@ Yahoo.MessengerCompanionControl.5
Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5@ MessengerCompanionControl Class
Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5\CLSID@ {FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin@ PopupBlocker Class
Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin\CurVer
Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin\CurVer@ Yahoo.PopupBlockerPlugin.4
Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4@ PopupBlocker Class
Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4\CLSID@ {1147DC83-6208-4dca-8E88-DD45BAAB3043}
Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter@ Yahoo! VU Meter
Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter\CLSID@ {EB54205E-BF1F-11D3-87A8-009027A35D73}
Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter\CurVer
Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter\CurVer@ Yahoo.VuMeter.1
Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter.1@ Yahoo! VU Meter
Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter.1\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter.1\CLSID@ {EB54205E-BF1F-11D3-87A8-009027A35D73}
Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3@ Yahoo Class
Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3\CurVer
Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3\CurVer@ Yahoo3.Yahoo3.1
Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3.1@ Yahoo Class
Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3.1\CLSID
Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3.1\CLSID@ {29F46F81-4B2A-11D1-9BCE-00A0C96ED13A}
Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge@ YahooBridge Class
Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge\CLSID
Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge\CLSID@ {58916BE6-BAFF-4f33-AEFE-B2AA03FE4C86}
Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge\CurVer
Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge\CurVer@ YahooBridgeLib.YahooBridge.1
Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge.1@ YahooBridge Class
Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge.1\CLSID
Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge.1\CLSID@ {58916BE6-BAFF-4f33-AEFE-B2AA03FE4C86}
Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert@ YAlert Class
Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert\CLSID
Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert\CLSID@ {97D85205-80CF-4b71-90A5-D220DA4FEE58}
Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert\CurVer
Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert\CurVer@ YAlertCenter.YAlert.1
Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert.1@ YAlert Class
Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert.1\CLSID
Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert.1\CLSID@ {97D85205-80CF-4b71-90A5-D220DA4FEE58}
Reg HKLM\SOFTWARE\Classes\Ybmfile\shell
Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\open
Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\open\command@ C:\PROGRA~1\Yahoo!\Common\YSHORT~1.EXE %1
Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\opennew
Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\opennew\command
Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\opennew\command@ C:\PROGRA~1\Yahoo!\Common\YSHORT~1.EXE %1
Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX@ YbButtonX Class
Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX\CLSID
Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX\CLSID@ {B448FAA5-DC36-4C3D-9436-67021CDECA82}
Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX\CurVer
Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX\CurVer@ YbSkin.YbButtonX.1
Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX.1@ YbButtonX Class
Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX.1\CLSID
Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX.1\CLSID@ {B448FAA5-DC36-4C3D-9436-67021CDECA82}
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage@ YbImage Class
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage\CLSID
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage\CLSID@ {E4528244-55B0-4FBC-B27E-26851B634D02}
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage\CurVer
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage\CurVer@ YbSkin.YbImage.1
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage.1@ YbImage Class
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage.1\CLSID
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage.1\CLSID@ {E4528244-55B0-4FBC-B27E-26851B634D02}
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX@ YbImgX Class
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX\CLSID
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX\CLSID@ {E7EEC168-A4C4-42C6-8601-B02816959B24}
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX\CurVer
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX\CurVer@ YbSkin.YbImgX.1
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX.1@ YbImgX Class
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX.1\CLSID
Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX.1\CLSID@ {E7EEC168-A4C4-42C6-8601-B02816959B24}
Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin@ YbSkin Class
Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin\CLSID
Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin\CLSID@ {3D5D83B0-47DC-4862-93D6-3E827A14AED1}
Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin\CurVer
Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin\CurVer@ YbSkin.YbSkin.1
Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin.1@ YbSkin Class
Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin.1\CLSID
Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin.1\CLSID@ {3D5D83B0-47DC-4862-93D6-3E827A14AED1}
Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector@ SkinSelector Class
Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector\CLSID
Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector\CLSID@ {2018C303-E3F2-4455-AA1A-773F84F10902}
Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector\CurVer
Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector\CurVer@ YbSkinSelect.SkinSelector.1
Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector.1@ SkinSelector Class
Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector.1\CLSID
Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector.1\CLSID@ {2018C303-E3F2-4455-AA1A-773F84F10902}
Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM@ YahooTaggedBM Class
Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM\CLSID
Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM\CLSID@ {65D886A2-7CA7-479B-BB95-14D1EFB7946A}
Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM\CurVer
Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM\CurVer@ YIeTagBm.YahooTaggedBM.1
Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM.1@ YahooTaggedBM Class
Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM.1\CLSID
Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM.1\CLSID@ {65D886A2-7CA7-479B-BB95-14D1EFB7946A}
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter@ YInstStarter Class
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter\CLSID
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter\CLSID@ {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter\CurVer
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter\CurVer@ YInstHelper.YInstStarter.1
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter.1@ YInstStarter Class
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter.1\CLSID
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter.1\CLSID@ {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade@ YInstStarterUpgrade Class
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade\CLSID
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade\CLSID@ {0291E591-EA41-4c82-8106-3DC6CE7F7664}
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade\CurVer
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade\CurVer@ YInstHelper.YInstStarterUpgrade.1
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade.1@ YInstStarterUpgrade Class
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade.1\CLSID
Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade.1\CLSID@ {0291E591-EA41-4c82-8106-3DC6CE7F7664}
Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2@ YSearchSetting2 Class
Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2\CLSID
Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2\CLSID@ {347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2\CurVer
Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2\CurVer@ YInstHelper.YSearchSetting2.1
Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2.1@ YSearchSetting2 Class
Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2.1\CLSID
Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2.1\CLSID@ {347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds@ LoginMenuIds Class
Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds\CLSID
Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds\CLSID@ {2840354C-234F-4450-8F2D-12459E75AE71}
Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds\CurVer
Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds\CurVer@ YLoginIds.LoginMenuIds.1
Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds.1@ LoginMenuIds Class
Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds.1\CLSID
Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds.1\CLSID@ {2840354C-234F-4450-8F2D-12459E75AE71}
Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin@ YMECompPlugin Class
Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin\CurVer
Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin\CurVer@ YMERemote.YMECompPlugin.1
Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1@ YMECompPlugin Class
Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1\CLSID
Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1\CLSID@ {F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl@ YMERemoteCtl Class
Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl\CurVer
Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl\CurVer@ YMERemote.YMERemoteCtl.1
Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1@ YMERemoteCtl Class
Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1\CLSID@ {8B9A2A56-55A7-4A3D-8A3F-A0D3EED7477D}
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach@ YMailAttach Class
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach\CLSID
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach\CLSID@ {AA218328-0EA8-4D70-8972-E987A9190FF4}
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach\CurVer
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach\CurVer@ YMMAPI.YMailAttach.1
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach.1@ YMailAttach Class
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach.1\CLSID
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach.1\CLSID@ {AA218328-0EA8-4D70-8972-E987A9190FF4}
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt@ YMailShellExt Class
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt\CLSID
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt\CLSID@ {5464D816-CF16-4784-B9F3-75C0DB52B499}
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt\CurVer
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt\CurVer@ YMMAPI.YMailShellExt.1
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt.1@ YMailShellExt Class
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt.1\CLSID
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt.1\CLSID@ {5464D816-CF16-4784-B9F3-75C0DB52B499}
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo@ YahooYMailTo Class
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo\CLSID
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo\CLSID@ {A17E30C4-A9BA-11D4-8673-60DB54C10000}
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo\CurVer
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo\CurVer@ YMMAPI.YMailTo.1
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo.1@ YahooYMailTo Class
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo.1\CLSID
Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo.1\CLSID@ {A17E30C4-A9BA-11D4-8673-60DB54C10000}
Reg HKLM\SOFTWARE\Classes\ymsgr@ URL: YMessenger Protocol
Reg HKLM\SOFTWARE\Classes\ymsgr@URL Protocol
Reg HKLM\SOFTWARE\Classes\ymsgr\shell
Reg HKLM\SOFTWARE\Classes\ymsgr\shell\open
Reg HKLM\SOFTWARE\Classes\ymsgr\shell\open\command
Reg HKLM\SOFTWARE\Classes\ymsgr\shell\open\command@ "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" %1
Reg HKLM\SOFTWARE\Classes\YPager.Messenger@ Messenger Class
Reg HKLM\SOFTWARE\Classes\YPager.Messenger\CLSID
Reg HKLM\SOFTWARE\Classes\YPager.Messenger\CLSID@ {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
Reg HKLM\SOFTWARE\Classes\YPager.Messenger\CurVer
Reg HKLM\SOFTWARE\Classes\YPager.Messenger\CurVer@ Ypager.Messenger.1
Reg HKLM\SOFTWARE\Classes\YPager.Messenger\shell
Reg HKLM\SOFTWARE\Classes\YPager.Messenger\shell\open
Reg HKLM\SOFTWARE\Classes\YPager.Messenger\shell\open\command
Reg HKLM\SOFTWARE\Classes\YPager.Messenger\shell\open\command@ "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" %1
Reg HKLM\SOFTWARE\Classes\YPager.Messenger.1@ Messenger Class
Reg HKLM\SOFTWARE\Classes\YPager.Messenger.1\CLSID
Reg HKLM\SOFTWARE\Classes\YPager.Messenger.1\CLSID@ {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
Reg HKLM\SOFTWARE\Classes\YPager.Messenger.1\shell
Reg HKLM\SOFTWARE\Classes\YPager.Messenger.1\shell\open
Reg HKLM\SOFTWARE\Classes\YPager.Messenger.1\shell\open\command
Reg HKLM\SOFTWARE\Classes\YPager.Messenger.1\shell\open\command@ "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" %1
Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker@ MessengerChecker Class
Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker\CLSID
Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker\CLSID@ {DA4F543C-C8A9-4E88-9A79-548CBB46F18F}
Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker\CurVer
Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker\CurVer@ YPagerChecker.MessengerChecker.1
Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker.1@ MessengerChecker Class
Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker.1\CLSID
Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker.1\CLSID@ {DA4F543C-C8A9-4E88-9A79-548CBB46F18F}
Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl@ BlockerCtrl Class
Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CLSID
Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CLSID@ {6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CurVer
Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CurVer@ YPUBC.BlockerCtrl.1
Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1@ BlockerCtrl Class
Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1\CLSID@ {6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore@ DataStore Class
Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CLSID
Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CLSID@ {E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CurVer
Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CurVer@ YPUBC.DataStore.1
Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore.1@ DataStore Class
Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore.1\CLSID
Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore.1\CLSID@ {E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler@ PUBHTMLEventHandler Class
Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CLSID
Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CLSID@ {37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CurVer
Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CurVer@ YPUBC.PUBHTMLEventHandler.1
Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1@ PUBHTMLEventHandler Class
Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1\CLSID
Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1\CLSID@ {37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Reg HKLM\SOFTWARE\Classes\YPUBC.StringList@ StringList Class
Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CLSID
Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CLSID@ {11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CurVer
Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CurVer@ YPUBC.StringList.1
Reg HKLM\SOFTWARE\Classes\YPUBC.StringList.1@ StringList Class
Reg HKLM\SOFTWARE\Classes\YPUBC.StringList.1\CLSID
Reg HKLM\SOFTWARE\Classes\YPUBC.StringList.1\CLSID@ {11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Reg HKLM\SOFTWARE\Classes\YServer.Component.1@ YServer
Reg HKLM\SOFTWARE\Classes\YServer.Component.1\CLSID
Reg HKLM\SOFTWARE\Classes\YServer.Component.1\CLSID@ {B26DA9C0-7921-11D4-B0F2-0050DA2B3579}
Reg HKLM\SOFTWARE\Classes\YServer.Component.1\CurVer
Reg HKLM\SOFTWARE\Classes\YServer.Component.1\CurVer@ YServer.Component.1
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut@ Shortcut Class
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut\CLSID
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut\CLSID@ {67CE97C5-ABE6-429A-B6BD-3BD1333A0825}
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut\CurVer
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut\CurVer@ YShortcut_DLL.Shortcut.1
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut.1@ Shortcut Class
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut.1\CLSID
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut.1\CLSID@ {67CE97C5-ABE6-429A-B6BD-3BD1333A0825}
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension@ TabExtension Class
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension\CLSID
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension\CLSID@ {0B9DB0A9-D390-431A-9F98-39AEE11F2022}
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension\CurVer
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension\CurVer@ YShortcut_DLL.TabExtension.1
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension.1@ TabExtension Class
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension.1\CLSID
Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension.1\CLSID@ {0B9DB0A9-D390-431A-9F98-39AEE11F2022}
Reg HKLM\SOFTWARE\Classes\yt.YTHelper@ Yahoo! Toolbar Helper
Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CLSID
Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CLSID@ {02478D38-C3F9-4efb-9B51-7695ECA05670}
Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CurVer
Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CurVer@ yt.YTHelper.2
Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2@ Yahoo! Toolbar Helper
Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2\CLSID
Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2\CLSID@ {02478D38-C3F9-4efb-9B51-7695ECA05670}
Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand@ Yahoo! Toolbar
Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand\CurVer
Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand\CurVer@ yt.YToolbarBand.1
Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1@ Yahoo! Toolbar
Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1\CLSID
Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1\CLSID@ {EF99BD32-C1FB-11D2-892F-0090271D4F88}
Reg HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl@ YTabBarControl Class
Reg HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl\CurVer
Reg HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl\CurVer@ YTabBar.YTabBarControl.1
Reg HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1@ YTabBarControl Class
Reg HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1\CLSID
Reg HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1\CLSID@ {DDCED22E-D018-471D-9A5C-A4EA2F21133D}
Reg HKLM\SOFTWARE\Classes\YUber.UberButton@ Yahoo! IE Services Button Class
Reg HKLM\SOFTWARE\Classes\YUber.UberButton\CLSID
Reg HKLM\SOFTWARE\Classes\YUber.UberButton\CLSID@ {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Reg HKLM\SOFTWARE\Classes\YUber.UberButton\CurVer
Reg HKLM\SOFTWARE\Classes\YUber.UberButton\CurVer@ YUber.UberButton.1
Reg HKLM\SOFTWARE\Classes\YUber.UberButton.1@ Yahoo! IE Services Button Class
Reg HKLM\SOFTWARE\Classes\YUber.UberButton.1\CLSID
Reg HKLM\SOFTWARE\Classes\YUber.UberButton.1\CLSID@ {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo@ GetInfo Class
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo\CLSID
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo\CLSID@ {D5184A39-CBDF-4A4F-AC1A-7A45A852C883}
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo\CurVer
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo\CurVer@ YVerInfo.GetInfo.1
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo.1@ GetInfo Class
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo.1\CLSID
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo.1\CLSID@ {D5184A39-CBDF-4A4F-AC1A-7A45A852C883}
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2@ GetInfo2 Class
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2\CLSID
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2\CLSID@ {B345F37E-6763-433b-BC53-9B526A9B7B8B}
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2\CurVer
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2\CurVer@ YVerInfo.GetInfo2.1
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2.1@ GetInfo2 Class
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2.1\CLSID
Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2.1\CLSID@ {B345F37E-6763-433b-BC53-9B526A9B7B8B}
Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload@ Yahoo! Webcam Upload
Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload\CLSID
Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload\CLSID@ {DCE2F8B1-A520-11D4-8FD0-00D0B7730277}
Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload\CurVer
Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload\CurVer@ YWcUpl.WcUpload.1
Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload.1@ Yahoo! Webcam Upload
Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload.1\CLSID
Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload.1\CLSID@ {DCE2F8B1-A520-11D4-8FD0-00D0B7730277}
Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer@ Yahoo! Webcam Viewer
Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer\CLSID
Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer\CLSID@ {9D39223E-AE8E-11D4-8FD3-00D0B7730277}
Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer\CurVer
Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer\CurVer@ YWcVwr.WcViewer.1
Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer.1@ Yahoo! Webcam Viewer
Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer.1\CLSID
Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer.1\CLSID@ {9D39223E-AE8E-11D4-8FD3-00D0B7730277}

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
Hope that it is not the mess I think it is.
Been trying for years to get yahoo off my comp
judging by the entries that remain I wasn't very successful.
again thank you very much for your time
  • 0

#10
myrti
Posted 01 April 2012 - 01:37 PM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

There's something a bit odd, even though there's no direct indentication of malware. Try this please. You will need a USB drive.

Download http://unetbootin.so...dows-latest.exe & http://noahdfear.net.../xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK and make sure to select the downloaded ISO file as source and don't let the installer get the linux from th internet.
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • You will see a list of folders: sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB, please open that and confirm it's your flash drive.
  • If it is your flash drive press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.
  • 0

Advertisements

#11
archie10
Posted 02 April 2012 - 02:19 AM

archie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Huston we have a problem?
Boots fine from usb drive. (Hewlett Packard Athlon processor)(escape key brings up boot menu)
But I get a splash screen that counts down from 10,
then it inputs a bunch of dots then adds extras,
more dots then checks a bunch of stuff,
then gets to the bottom and says I give up.
Something about not being able to find a device and a server.
Then goes to a command prompt. (sorry charlie I wont work (lol))
No desk top no options.
So just for laughs I inputted the code(dd if=/dev/sda of=MBRbackup.zip bs=512 count=1)
and then it really got confused,threw up about 30 more options. (a real head scratcher)
Um not to completely sound like mister potato head,
but I guess I am not to well versed in Linux (lol),nor command line use.
I can do it from a shell but no shell = mass confusion for me.
is there a plan b?
  • 0

#12
myrti
Posted 02 April 2012 - 05:29 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

if you have a quick connection, we could try and use ubuntu instead. The issue here is likely that the small packages of drivers xpud comes with does not support your hardware. Ubuntu has a much wider range of drivers by default.
You cna find a guide on how to create an Ubuntu flash drive here: http://www.pendrivel...-using-windows/

The download is roughly 700Mb. If that's too much, let me know and we'll try it a different way.

regards myrti
  • 0

#13
archie10
Posted 02 April 2012 - 12:25 PM

archie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Okay that one works, boots nicely
from my 32 gig pen drive.
um now what do I do??
  • 0

#14
archie10
Posted 02 April 2012 - 04:10 PM

archie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
only thing i could find?????

Attached Files


  • 0

#15
myrti
Posted 02 April 2012 - 04:39 PM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

press alt+f2 to open a window and type in terminal. in there use the command: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1
Once the command is done type in nautilus . (the . is part of the command) this will open your file browser with the folder you're currently in. You should see MBRbackup.zip there. Copy it over onto your flash drive and attach it here.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP