Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer Infected Please Help...

Started by Joecastle , Oct 21 2009 05:39 PM

  • This topic is locked This topic is locked
118 replies to this topic

#106 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 02 November 2009 - 11:29 AM

Hi,

Please do the following:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove

#107 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 02 November 2009 - 07:24 PM

Hi,

I'd like to take another approach as well.

Please do the following scan:

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#108 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 02 November 2009 - 07:25 PM

Here is Kaspersky online Scan... -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, November 2, 2009 Operating system: Microsoft Windows Vista Business Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, November 02, 2009 22:52:39 Records in database: 3115681 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 217521 Threats found: 1 Infected objects found: 1 Suspicious objects found: 0 Scan duration: 01:19:40 File name / Threat / Threats count C:\WINDOWSTEYQ.006 Infected: not-a-virus:Monitor.Win32.Ardamax.271 1 Selected area has been scanned.

#109 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 02 November 2009 - 07:45 PM

Here is OTL...

OTL.Txt

OTL logfile created on: 11/2/2009 8:38:39 PM - Run 1
OTL by OldTimer - Version 3.1.3.2 Folder = C:\Users\Viper1\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.48 Gb Total Space | 65.71 Gb Free Space | 47.45% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 335.25 Gb Free Space | 89.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOSE-7166B2798B
Current User Name: Viper1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Viper1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\CustomApp\Razer Barracuda AC-1 Gaming Audio card.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Windows\System32\HPZipm12.exe (HP)


========== Modules (SafeList) ==========

MOD - C:\Users\Viper1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Windows\System32\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (PD91Engine) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
SRV - (PD91Agent) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP)
SRV - (HP Port Resolver) -- C:\Windows\System32\spool\drivers\w32x86\3\HPBPRO.EXE (Hewlett-Packard Company)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (HP Status Server) -- C:\Windows\System32\spool\drivers\w32x86\3\HPBOID.EXE (Hewlett-Packard Company)


========== Driver Services (SafeList) ==========

DRV - (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (epfwwfp) epfwwfp [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)
DRV - (Epfwndis) Eset Personal Firewall [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys (ESET)
DRV - (epfw) epfw [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (ehdrv) ehdrv [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) eamon [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys (ESET)
DRV - (DefragFS) DefragFS [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFS.sys (Raxco Software, Inc.)
DRV - (hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (MegaSR) MegaSR [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) adpu320 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (megasas) megasas [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpahci) adpahci [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m) adpu160m [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) arcsas [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (vsmraid) vsmraid [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) arc [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) Intel RAID Controller Vista [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (elxstor) elxstor [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) adp94xx [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) uliahci [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (nvraid) NVIDIA nForce RAID Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) nvstor [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (viaide) viaide [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) cmdide [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) aliide [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) Intel RAID Controller [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ENTECH) ENTECH [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Entech.sys (EnTech Taiwan)
DRV - (RxFilter) RxFilter [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (LachesisFltr) Lachesis Mouse Driver [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (PxHelp20) PxHelp20 [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (cmudaxp) Razer Barracuda AC-1 Gaming Interface [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys (Razer)
DRV - (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) UlSata [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) iirsp [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) aic78xx [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (secdrv) Security Driver [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AsIO) AsIO [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (ubumapi) Unibrain 1394 FireAPI Driver [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\UBUMAPI.sys (Unibrain S.A.)
DRV - (ubsbm) Unibrain 1394 SBM Driver [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\UBSBM.sys (Unibrain S.A.)
DRV - (MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.3.4
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/12 12:07:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/12 16:57:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/31 09:27:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/31 09:27:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/07/13 18:20:09 | 00,000,000 | ---D | M]

[2009/07/12 12:17:54 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Extensions
[2008/07/23 11:31:08 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/01 20:40:28 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions
[2009/07/13 17:21:25 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/15 17:14:30 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/09/15 15:33:41 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2009/09/15 15:14:05 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions\nasanightlaunch@example.com
[2009/11/01 20:40:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/31 09:27:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/12 12:07:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/07/12 12:07:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/07/12 12:07:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/31 09:27:32 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/31 09:27:32 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/03/09 04:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/10/31 09:27:32 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/02 20:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/12 19:25:20 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/12 19:25:20 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/12 19:25:20 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/12 19:25:20 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/12 19:25:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/12 19:25:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/12 19:25:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/05 19:04:15 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/05 19:04:15 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/05 19:04:15 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/05 19:04:15 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/05 19:04:15 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/05 19:04:15 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/05 19:04:15 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cmaudio8788] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1214964226984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/02 20:34:32 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Users\Viper1\Desktop\OTL.exe
[2009/11/01 14:49:05 | 00,000,000 | ---D | C] -- C:\Users\Viper1\DoctorWeb
[2009/11/01 14:29:59 | 20,395,304 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Viper1\Desktop\drweb-cureit.exe
[2009/10/31 09:30:36 | 00,095,616 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Viper1\Desktop\junction.exe
[2009/10/28 19:43:35 | 02,224,128 | ---- | C] (Smallfrogs Studio) -- C:\Users\Viper1\Desktop\SREngLdr.EXE
[2009/10/28 19:43:35 | 00,000,000 | ---D | C] -- C:\Users\Viper1\Desktop\Upload
[2009/10/27 19:58:42 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Viper1\Desktop\mbam-setup.exe
[2009/10/26 17:39:46 | 00,000,000 | ---D | C] -- C:\Users\Viper1\Desktop\SysProt
[2009/10/25 11:38:31 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/10/25 10:58:47 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Viper1\Desktop\OTS.exe
[2009/10/23 20:51:41 | 00,472,064 | ---- | C] ( ) -- C:\Users\Viper1\Desktop\RootRepeal.exe
[2009/10/22 19:09:20 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/22 19:09:19 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/22 19:09:19 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/22 19:09:18 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/22 19:09:16 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/22 19:07:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/21 21:59:36 | 00,000,000 | ---D | C] -- C:\Users\Viper1\AppData\Local\Adobe
[2009/10/21 21:59:11 | 00,000,000 | ---D | C] -- C:\Users\Viper1\AppData\Local\Apple Computer
[2009/10/19 17:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/19 17:45:21 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Viper1\Desktop\HJTInstall.exe
[2009/10/18 22:38:12 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009/10/15 20:48:05 | 00,000,000 | ---D | C] -- C:\Users\Viper1\SiteGrinderData
[2009/10/14 21:14:23 | 00,000,000 | ---D | C] -- C:\Users\Viper1\Desktop\Sitegrinder 2.1.1
[2009/10/14 19:03:01 | 00,000,000 | ---D | C] -- C:\Users\Viper1\Desktop\PhotoshopUserEbookMagazine
[2009/10/13 19:56:45 | 00,000,000 | ---D | C] -- C:\Users\Viper1\Desktop\Downloads
[2009/10/13 19:47:02 | 00,000,000 | ---D | C] -- C:\Users\Viper1\Office Genuine Advantage
[2009/10/13 19:21:13 | 00,021,099 | ---- | C] (Adobe Systems Incorporated.) -- C:\Windows\System32\AdobePDF.dll
[2009/10/13 18:51:52 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/13 18:51:39 | 01,176,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/13 18:51:39 | 00,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/13 18:51:38 | 03,599,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/13 18:51:35 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/13 18:51:34 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/10/13 18:51:33 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/13 18:51:33 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/10/13 18:51:23 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/13 18:51:22 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/13 18:51:17 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/13 18:51:16 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/13 18:51:15 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/12 20:08:34 | 00,000,000 | ---D | C] -- C:\Users\Viper1\Documents\Cucusoft Backup
[2009/10/12 19:27:30 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/10/12 19:27:30 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/10/12 19:26:55 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/12 19:26:54 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/12 19:26:54 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/12 19:26:54 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/12 18:58:39 | 00,000,000 | ---D | C] -- C:\ProgramData\iPodtoComputer
[2009/10/12 18:58:39 | 00,000,000 | ---D | C] -- C:\ProgramData\iPodtoComputer
[2009/10/12 18:58:28 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2009/10/12 18:58:27 | 00,098,304 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\L3CODECX.AX
[2009/10/04 14:54:36 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2008/07/01 21:37:03 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Viper1\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2009/11/02 20:37:32 | 02,097,152 | -HS- | M] () -- C:\Users\Viper1\NTUSER.DAT
[2009/11/02 20:35:49 | 00,002,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/02 20:35:49 | 00,002,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/02 20:34:33 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Users\Viper1\Desktop\OTL.exe
[2009/11/02 18:42:06 | 00,748,480 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/02 18:42:06 | 00,634,598 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/02 18:42:06 | 00,117,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/02 18:36:19 | 00,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/02 18:36:19 | 00,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/02 18:36:18 | 00,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/02 18:36:18 | 00,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/02 18:35:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/02 18:35:45 | 34,887,06560 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/02 05:52:13 | 22,790,6085 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/01 22:12:37 | 00,524,288 | -HS- | M] () -- C:\Users\Viper1\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2009/11/01 22:12:37 | 00,065,536 | -HS- | M] () -- C:\Users\Viper1\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2009/11/01 21:33:25 | 03,557,646 | -H-- | M] () -- C:\Users\Viper1\AppData\Local\IconCache.db
[2009/11/01 14:30:01 | 20,395,304 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Viper1\Desktop\drweb-cureit.exe
[2009/11/01 10:23:00 | 01,876,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/31 19:01:59 | 00,111,128 | ---- | M] () -- C:\Users\Viper1\Desktop\fix.exe
[2009/10/31 09:33:42 | 00,000,065 | ---- | M] () -- C:\Users\Viper1\Desktop\junction.bat
[2009/10/31 09:30:06 | 00,046,375 | ---- | M] () -- C:\Users\Viper1\Desktop\Junction.zip
[2009/10/29 18:48:13 | 00,523,776 | ---- | M] () -- C:\Users\Viper1\Desktop\dds.scr
[2009/10/28 19:42:52 | 00,868,323 | ---- | M] () -- C:\Users\Viper1\Desktop\sreng2.zip
[2009/10/27 20:04:21 | 00,000,520 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/27 19:58:59 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Viper1\Desktop\mbam-setup.exe
[2009/10/26 17:39:17 | 00,354,396 | ---- | M] () -- C:\Users\Viper1\Desktop\SysProt.zip
[2009/10/26 17:10:04 | 00,037,189 | ---- | M] () -- C:\Users\Viper1\Desktop\Gmer.rar
[2009/10/25 19:26:28 | 00,282,833 | ---- | M] () -- C:\Users\Viper1\Desktop\gmer.zip
[2009/10/25 12:52:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/25 12:52:12 | 00,000,099 | ---- | M] () -- C:\Users\Viper1\Desktop\fix.reg
[2009/10/25 10:58:47 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Viper1\Desktop\OTS.exe
[2009/10/25 10:39:45 | 00,374,584 | ---- | M] () -- C:\Users\Viper1\Desktop\exe_fix.com
[2009/10/25 05:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/24 21:16:13 | 00,000,272 | ---- | M] () -- C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/10/24 20:14:04 | 00,047,104 | ---- | M] () -- C:\Users\Viper1\Desktop\Win32kDiag.exe
[2009/10/24 20:13:30 | 00,288,256 | ---- | M] () -- C:\Users\Viper1\Desktop\exeHelper.com
[2009/10/24 20:13:16 | 00,085,504 | ---- | M] () -- C:\Users\Viper1\Desktop\Inherit.exe
[2009/10/23 21:26:14 | 00,001,778 | ---- | M] () -- C:\Users\Viper1\Desktop\HijackThis.lnk
[2009/10/23 20:51:47 | 00,000,000 | ---- | M] () -- C:\Users\Viper1\Desktop\settings.dat
[2009/10/23 20:48:46 | 00,465,298 | ---- | M] () -- C:\Users\Viper1\Desktop\RootRepeal.rar
[2009/10/22 17:33:27 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009/10/21 17:59:08 | 00,001,356 | ---- | M] () -- C:\Users\Viper1\AppData\Local\d3d9caps.dat
[2009/10/19 17:42:42 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Viper1\Desktop\HJTInstall.exe
[2009/10/16 17:46:51 | 02,292,537 | ---- | M] () -- C:\Users\Viper1\Desktop\SiteGrinder-2-ZeroToHeroGuide.pdf
[2009/10/16 17:41:50 | 00,006,498 | ---- | M] () -- C:\Users\Viper1\Documents\cc_20091016_184142.reg
[2009/10/16 17:36:19 | 17,697,271 | ---- | M] () -- C:\Users\Viper1\Desktop\SiteGrinder_214_Win.zip
[2009/10/16 12:22:44 | 00,291,328 | ---- | M] () -- C:\Users\Viper1\Desktop\gmer.exe
[2009/10/14 21:07:58 | 26,052,898 | ---- | M] () -- C:\Users\Viper1\Desktop\grinder_website.rar
[2009/10/14 18:14:00 | 00,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2009/10/11 07:10:09 | 00,236,544 | ---- | M] () -- C:\Windows\PEV.exe
[2009/10/04 11:50:23 | 00,039,298 | ---- | M] () -- C:\Users\Viper1\Documents\cc_20091004_124944.reg

========== Files Created - No Company Name ==========

[2009/11/02 05:52:14 | 34,887,06560 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/01 18:09:01 | 22,790,6085 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/10/31 19:01:36 | 00,111,128 | ---- | C] () -- C:\Users\Viper1\Desktop\fix.exe
[2009/10/31 09:33:42 | 00,000,065 | ---- | C] () -- C:\Users\Viper1\Desktop\junction.bat
[2009/10/31 09:30:06 | 00,046,375 | ---- | C] () -- C:\Users\Viper1\Desktop\Junction.zip
[2009/10/29 18:48:06 | 00,523,776 | ---- | C] () -- C:\Users\Viper1\Desktop\dds.scr
[2009/10/28 23:07:14 | 03,557,646 | -H-- | C] () -- C:\Users\Viper1\AppData\Local\IconCache.db
[2009/10/28 19:43:35 | 00,035,952 | ---- | C] () -- C:\Users\Viper1\Desktop\releasenotes_cht.htm
[2009/10/28 19:43:35 | 00,032,326 | ---- | C] () -- C:\Users\Viper1\Desktop\releasenotes_chs.htm
[2009/10/28 19:42:51 | 00,868,323 | ---- | C] () -- C:\Users\Viper1\Desktop\sreng2.zip
[2009/10/27 20:04:21 | 00,000,520 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/26 19:28:49 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/10/26 17:39:17 | 00,354,396 | ---- | C] () -- C:\Users\Viper1\Desktop\SysProt.zip
[2009/10/26 17:10:03 | 00,037,189 | ---- | C] () -- C:\Users\Viper1\Desktop\Gmer.rar
[2009/10/25 19:27:44 | 00,291,328 | ---- | C] () -- C:\Users\Viper1\Desktop\gmer.exe
[2009/10/25 19:26:28 | 00,282,833 | ---- | C] () -- C:\Users\Viper1\Desktop\gmer.zip
[2009/10/25 12:52:12 | 00,000,099 | ---- | C] () -- C:\Users\Viper1\Desktop\fix.reg
[2009/10/25 10:39:44 | 00,374,584 | ---- | C] () -- C:\Users\Viper1\Desktop\exe_fix.com
[2009/10/24 20:16:35 | 00,047,104 | ---- | C] () -- C:\Users\Viper1\Desktop\Win32kDiag.exe
[2009/10/24 20:16:27 | 00,288,256 | ---- | C] () -- C:\Users\Viper1\Desktop\exeHelper.com
[2009/10/24 20:16:11 | 00,085,504 | ---- | C] () -- C:\Users\Viper1\Desktop\Inherit.exe
[2009/10/23 21:24:44 | 00,001,778 | ---- | C] () -- C:\Users\Viper1\Desktop\HijackThis.lnk
[2009/10/23 20:51:47 | 00,000,000 | ---- | C] () -- C:\Users\Viper1\Desktop\settings.dat
[2009/10/23 20:51:20 | 00,465,298 | ---- | C] () -- C:\Users\Viper1\Desktop\RootRepeal.rar
[2009/10/22 19:09:19 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/22 19:09:19 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/22 19:09:19 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/22 19:09:19 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/16 17:46:51 | 02,292,537 | ---- | C] () -- C:\Users\Viper1\Desktop\SiteGrinder-2-ZeroToHeroGuide.pdf
[2009/10/16 17:41:46 | 00,006,498 | ---- | C] () -- C:\Users\Viper1\Documents\cc_20091016_184142.reg
[2009/10/16 17:35:27 | 17,697,271 | ---- | C] () -- C:\Users\Viper1\Desktop\SiteGrinder_214_Win.zip
[2009/10/14 21:46:32 | 00,000,051 | -HS- | C] () -- C:\Users\Viper1\AppData\Local\desktop.ini
[2009/10/14 21:04:44 | 26,052,898 | ---- | C] () -- C:\Users\Viper1\Desktop\grinder_website.rar
[2009/10/12 18:58:28 | 00,094,854 | ---- | C] () -- C:\Windows\System32\HKCU_GNU.reg
[2009/10/12 18:58:28 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/12 18:58:28 | 00,014,909 | ---- | C] () -- C:\Windows\System32\A_reg.reg
[2009/10/12 18:58:28 | 00,006,144 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
[2009/10/12 18:58:28 | 00,002,004 | ---- | C] () -- C:\Windows\System32\HKLM_GNU.reg
[2009/10/12 18:58:28 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/10/04 11:50:16 | 00,039,298 | ---- | C] () -- C:\Users\Viper1\Documents\cc_20091004_124944.reg
[2009/09/12 18:40:16 | 00,034,333 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2009/09/12 18:40:16 | 00,001,093 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2009/09/12 18:40:16 | 00,000,720 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2009/09/12 18:40:16 | 00,000,322 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/12 20:12:02 | 00,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/12 20:12:01 | 00,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/12 17:07:02 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 15:47:23 | 00,028,672 | ---- | C] () -- C:\Windows\System32\cmrmdrvp.dll
[2009/07/12 15:47:09 | 00,005,810 | R--- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/12 12:37:09 | 00,000,552 | ---- | C] () -- C:\Users\Viper1\AppData\Local\d3d8caps.dat
[2009/07/12 12:30:36 | 00,176,112 | ---- | C] () -- C:\Users\Viper1\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/12 12:30:23 | 00,005,632 | ---- | C] () -- C:\Users\Viper1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/12 12:29:24 | 00,001,356 | ---- | C] () -- C:\Users\Viper1\AppData\Local\d3d9caps.dat
[2009/07/05 14:03:42 | 00,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2009/06/10 05:31:04 | 00,089,088 | ---- | C] () -- C:\Windows\System32\nvimage.dll
[2009/04/14 13:17:32 | 00,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/04/03 13:10:04 | 07,262,208 | ---- | C] () -- C:\Windows\System32\tliadjust32.dll
[2008/12/11 20:21:25 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/07/02 18:40:57 | 00,065,536 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2008/07/02 18:40:56 | 00,065,536 | R--- | C] () -- C:\Windows\VMix.dll
[2008/07/01 22:18:05 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/07/01 21:47:36 | 00,000,060 | ---- | C] () -- C:\Users\Viper1\AppData\Roaming\Printer.ini
[2008/07/01 21:37:08 | 00,000,034 | ---- | C] () -- C:\Users\Viper1\AppData\Roaming\pcouffin.log
[2008/07/01 21:37:03 | 00,087,608 | ---- | C] () -- C:\Users\Viper1\AppData\Roaming\inst.exe
[2008/07/01 21:37:03 | 00,007,887 | ---- | C] () -- C:\Users\Viper1\AppData\Roaming\pcouffin.cat
[2008/07/01 21:37:03 | 00,001,144 | ---- | C] () -- C:\Users\Viper1\AppData\Roaming\pcouffin.inf
[2008/07/01 21:21:08 | 00,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008/06/30 22:19:38 | 00,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2008/06/30 22:19:38 | 00,012,664 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2008/06/30 22:03:39 | 00,032,521 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/06/30 21:36:59 | 00,032,139 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/06/30 21:36:54 | 00,012,536 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008/06/10 19:07:20 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/06/10 19:03:26 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/06/10 19:03:26 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/06/05 07:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/05/22 17:18:54 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/08/21 05:22:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/07/27 07:00:00 | 00,000,637 | ---- | C] () -- C:\Windows\win.ini
[2007/07/27 07:00:00 | 00,000,227 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 07:50:56 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:40 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:40 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:40 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:40 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/02/19 02:28:56 | 00,012,288 | ---- | C] () -- C:\Windows\Fonts\RandFont.dll
[2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini

========== LOP Check ==========

[2009/07/05 20:57:46 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\CopyToDvd
[2009/07/12 12:17:53 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\ESET
[2009/07/12 12:17:54 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\ICQ
[2009/07/12 12:17:54 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Leadertech
[2009/07/12 19:58:07 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\nView_Wallpaper
[2009/07/12 12:36:59 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\SystemRequirementsLab
[2009/07/12 12:17:55 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\TeamViewer
[2009/07/12 12:17:55 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\TMP
[2009/07/12 12:17:55 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Uniblue
[2009/07/12 12:17:55 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Vso
[2006/02/28 07:00:00 | 00,000,065 | RH-- | M] () -- C:\Windows\Tasks\desktop.ini
[2009/10/25 12:52:40 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2008/01/20 21:58:23 | 00,003,456 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/24 21:16:13 | 00,000,272 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/07/01 21:16:52 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2008/01/20 21:25:18 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2008/01/20 21:24:31 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2007/03/21 07:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\$WINDOWS.~Q\DATA\WINDOWS\OemDir\iaStor.sys
[2007/09/29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\$WINDOWS.~Q\DATA\WINDOWS\system32\drivers\iaStor.sys
[2007/03/21 11:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\$WINDOWS.~Q\DATA\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\iaStor.sys
[2007/09/29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/29 22:03:32 | 00,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/09/29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_a0b974ec\iaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2008/01/20 21:23:45 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:45 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:45 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/20 21:23:26 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:26 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/01/20 21:23:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/20 21:23:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< >
< End of report >

#110 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 02 November 2009 - 07:47 PM

OTL Extras.Txt

OTL Extras logfile created on: 11/2/2009 8:38:39 PM - Run 1
OTL by OldTimer - Version 3.1.3.2 Folder = C:\Users\Viper1\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.48 Gb Total Space | 65.71 Gb Free Space | 47.45% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 335.25 Gb Free Space | 89.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOSE-7166B2798B
Current User Name: Viper1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\NovaLogic\Delta Force Xtreme 2 BETA\DFX2BETA.EXE" = C:\Program Files\NovaLogic\Delta Force Xtreme 2 BETA\DFX2BETA.EXE:*:Enabled:Delta Force Xtreme 2 BETA -- File not found
"C:\Program Files\NovaLogic\Delta Force Xtreme 2 BETA\UPDATE.EXE" = C:\Program Files\NovaLogic\Delta Force Xtreme 2 BETA\UPDATE.EXE:*:Enabled:Delta Force Xtreme 2 BETA -- File not found
"C:\Program Files\NovaLogic\Delta Force Xtreme 2\dfx2.exe" = C:\Program Files\NovaLogic\Delta Force Xtreme 2\dfx2.exe:*:Enabled:Delta Force Xtreme 2 -- (NovaLogic)
"C:\Program Files\NovaLogic\Delta Force Xtreme 2\UPDATE.EXE" = C:\Program Files\NovaLogic\Delta Force Xtreme 2\UPDATE.EXE:*:Enabled:Delta Force Xtreme 2 -- (NovaLogic)
"D:\Program Files\Ventrilo\Ventrilo.exe" = D:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2263862A-4FF1-4F34-B6E7-3FC10C271C91}" = lport=138 | protocol=17 | dir=in | app=system |
"{364634D6-F481-4699-8894-0B927534B7E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4358A0E6-E9CE-4777-A62D-F4F19127EA06}" = lport=137 | protocol=17 | dir=in | app=system |
"{4933C669-727A-4630-837A-EC2FCDEBD6CF}" = rport=445 | protocol=6 | dir=out | app=system |
"{4D73C71D-B3E7-439A-8043-43A13AE94504}" = lport=139 | protocol=6 | dir=in | app=system |
"{4F014E5A-37E0-4EE0-8E7C-E1C188B2BDBF}" = rport=139 | protocol=6 | dir=out | app=system |
"{4F2A93DE-EFDD-4B6F-A553-B7D51F9DC730}" = rport=138 | protocol=17 | dir=out | app=system |
"{6AF841E6-A947-47DE-9018-1D13A61FF5A0}" = rport=137 | protocol=17 | dir=out | app=system |
"{9B2AF888-3CCB-42A8-9D08-C62C4A7692E4}" = lport=445 | protocol=6 | dir=in | app=system |
"{FAFE25CA-8C5E-4486-B9EF-95C462E4CCEE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A96B5A-80B7-4F39-A85F-F6EF3835B5F1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F29CB74-EFEE-4832-9BBB-8057F01E489A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{226336B3-1669-4C3A-8325-ADE7BE57B4B4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{271CF702-77F7-421A-B6AB-5B561EDCC1CE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65A5B193-4300-4943-8A8A-B1404791E65B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{67AB178A-CB22-403A-B806-160D11AB41F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{96BA1842-E1C1-453B-AAAA-38F894105B29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9785F706-CF42-4042-8F00-5C07FDF47D11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BA00771E-DCEA-4138-96BC-718E2B1A366D}" = protocol=6 | dir=out | app=%systemroot%\system32\msra.exe |
"{D179ACE2-7427-4F56-9B1F-A27DBFAC839F}" = protocol=6 | dir=in | app=%systemroot%\system32\msra.exe |
"{DBEE20B8-8477-4B7A-B57A-C9268D55093C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0325F1C1-883A-41AB-8981-B27359ABDFAF}" = Joint Operations: Typhoon Rising
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193C41B9-1A0F-45E6-8546-41C91C99A5F8}" = Delta Force Xtreme 2
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1CBBDFD4-E235-4008-842E-7DC2D8A4911B}" = Joint Operations: Escalation
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008 Professional
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32C36BC4-87F2-4CF5-B160-BB54C007B4D7}" = WolfRAT 0.95
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71CBF9BB-7E07-4A9D-BF30-84C11810B242}" = ESET Smart Security
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{866FEF35-C429-4131-86FE-8B11F067485F}" = WinZip Corporate
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{948BE614-F37B-4A73-AD43-0245F23C110D}" = Logitech GamePanel Software 2.00
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.7 Professional
"Adobe Acrobat 8 Professional_817" = Adobe Acrobat 8.1.7 - CPSID_50029
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5ac697db6c6103f6f8b5198d25f73f7" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"CCleaner" = CCleaner (remove only)
"C-Media Oxygen HD Sound" = Razer Barracuda AC-1 Gaming Audio Card
"Cucusoft iPhone/iTouch/iPod to Computer Transfer_is1" = iPhone/iTouch/iPod to Computer Transfer 5.8.1
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"G15_TeamSpeak" = G15_TeamSpeak (NSIS)
"Game Booster_is1" = Game Booster
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie7" = Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore
"JO:IC" = Joint Operations: International Conflict Mod
"JO:ICE" = Joint Operations: International Conflict Europe Mod
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OTF Map Cycle Tool" = OTF Map Cycle Tool
"Razer Barracuda AC-1 Soundcard" = Razer Barracuda AC-1 Gaming Audio Card
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"SGMod-1.5" = SGMod-1.5
"ShocknAwe-JointOps" = ShocknAwe-JointOps
"SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC 3
"Sqirlz Water Reflections" = Sqirlz Water Reflections
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"VSO PhotoDVD_is1" = PhotoDVD 2.9.6.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

#111 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 02 November 2009 - 08:16 PM

Hi,

Please do the following:

Download LockSearch to your desktop
  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop.
  • Post the contents of the log in your reply



NEXT

Run another scan with OTL
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in


C:\windows\system32\drivers\*.sys /md5

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them

The OTL.Txt will probably be very large. You may have to zip it up and attach it.

If it is too big to attach here. Upload it to Media Fire and post the sharing link

http://www.mediafire.com

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#112 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 02 November 2009 - 08:27 PM

Here is LockSearch

LockSearch by jpshortstuff (01.11.09.1)
Log created at 21:22 on 02/11/2009 (Viper1)
Scanning C:\

No locked files found.

-=E.O.F=-

OTL

OTL logfile created on: 11/2/2009 9:25:00 PM - Run 2
OTL by OldTimer - Version 3.1.3.2 Folder = C:\Users\Viper1\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.48 Gb Total Space | 65.72 Gb Free Space | 47.45% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 335.25 Gb Free Space | 89.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOSE-7166B2798B
Current User Name: Viper1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Viper1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\CustomApp\Razer Barracuda AC-1 Gaming Audio card.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Windows\System32\HPZipm12.exe (HP)


========== Modules (SafeList) ==========

MOD - C:\Users\Viper1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Windows\System32\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (PD91Engine) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
SRV - (PD91Agent) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP)
SRV - (HP Port Resolver) -- C:\Windows\System32\spool\drivers\w32x86\3\HPBPRO.EXE (Hewlett-Packard Company)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (HP Status Server) -- C:\Windows\System32\spool\drivers\w32x86\3\HPBOID.EXE (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.3.4
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/12 12:07:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/12 16:57:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/31 09:27:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/31 09:27:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/07/13 18:20:09 | 00,000,000 | ---D | M]

[2009/07/12 12:17:54 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Extensions
[2008/07/23 11:31:08 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/02 20:55:02 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions
[2009/07/13 17:21:25 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/15 17:14:30 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/09/15 15:33:41 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2009/09/15 15:14:05 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions\nasanightlaunch@example.com
[2009/11/02 20:55:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/31 09:27:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/12 12:07:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/07/12 12:07:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/07/12 12:07:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/31 09:27:32 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/31 09:27:32 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/03/09 04:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/10/31 09:27:32 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/02 20:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/12 19:25:20 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/12 19:25:20 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/12 19:25:20 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/12 19:25:20 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/12 19:25:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/12 19:25:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/12 19:25:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/05 19:04:15 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/05 19:04:15 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/05 19:04:15 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/05 19:04:15 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/05 19:04:15 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/05 19:04:15 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/05 19:04:15 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cmaudio8788] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1214964226984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/02 20:34:32 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Users\Viper1\Desktop\OTL.exe
[2009/11/01 14:49:05 | 00,000,000 | ---D | C] -- C:\Users\Viper1\DoctorWeb
[2009/11/01 14:29:59 | 20,395,304 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Viper1\Desktop\drweb-cureit.exe
[2009/10/31 09:30:36 | 00,095,616 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Viper1\Desktop\junction.exe
[2009/10/28 19:43:35 | 02,224,128 | ---- | C] (Smallfrogs Studio) -- C:\Users\Viper1\Desktop\SREngLdr.EXE
[2009/10/28 19:43:35 | 00,000,000 | ---D | C] -- C:\Users\Viper1\Desktop\Upload
[2009/10/27 19:58:42 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Viper1\Desktop\mbam-setup.exe
[2009/10/26 17:39:46 | 00,000,000 | ---D | C] -- C:\Users\Viper1\Desktop\SysProt
[2009/10/25 11:38:31 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/10/25 10:58:47 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Viper1\Desktop\OTS.exe
[2009/10/23 20:51:41 | 00,472,064 | ---- | C] ( ) -- C:\Users\Viper1\Desktop\RootRepeal.exe
[2009/10/22 19:09:20 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/22 19:09:19 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/22 19:09:19 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/22 19:09:18 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/22 19:09:16 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/22 19:07:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/21 21:59:36 | 00,000,000 | ---D | C] -- C:\Users\Viper1\AppData\Local\Adobe
[2009/10/21 21:59:11 | 00,000,000 | ---D | C] -- C:\Users\Viper1\AppData\Local\Apple Computer
[2008/07/01 21:37:03 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Viper1\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 14 Days ==========

[2009/11/02 21:23:12 | 02,097,152 | -HS- | M] () -- C:\Users\Viper1\NTUSER.DAT
[2009/11/02 21:19:14 | 00,032,653 | ---- | M] () -- C:\Users\Viper1\Desktop\LockSearch.exe
[2009/11/02 20:35:49 | 00,002,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/02 20:35:49 | 00,002,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/02 20:34:33 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Users\Viper1\Desktop\OTL.exe
[2009/11/02 18:42:06 | 00,748,480 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/02 18:42:06 | 00,634,598 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/02 18:42:06 | 00,117,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/02 18:36:19 | 00,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/02 18:36:19 | 00,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/02 18:36:18 | 00,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/02 18:36:18 | 00,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/02 18:35:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/02 18:35:45 | 34,887,06560 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/02 05:52:13 | 22,790,6085 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/01 22:12:37 | 00,524,288 | -HS- | M] () -- C:\Users\Viper1\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2009/11/01 22:12:37 | 00,065,536 | -HS- | M] () -- C:\Users\Viper1\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2009/11/01 21:33:25 | 03,557,646 | -H-- | M] () -- C:\Users\Viper1\AppData\Local\IconCache.db
[2009/11/01 14:30:01 | 20,395,304 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Viper1\Desktop\drweb-cureit.exe
[2009/11/01 10:23:00 | 01,876,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/31 19:01:59 | 00,111,128 | ---- | M] () -- C:\Users\Viper1\Desktop\fix.exe
[2009/10/31 09:33:42 | 00,000,065 | ---- | M] () -- C:\Users\Viper1\Desktop\junction.bat
[2009/10/31 09:30:06 | 00,046,375 | ---- | M] () -- C:\Users\Viper1\Desktop\Junction.zip
[2009/10/29 18:48:13 | 00,523,776 | ---- | M] () -- C:\Users\Viper1\Desktop\dds.scr
[2009/10/28 19:42:52 | 00,868,323 | ---- | M] () -- C:\Users\Viper1\Desktop\sreng2.zip
[2009/10/27 20:04:21 | 00,000,520 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/27 19:58:59 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Viper1\Desktop\mbam-setup.exe
[2009/10/26 17:39:17 | 00,354,396 | ---- | M] () -- C:\Users\Viper1\Desktop\SysProt.zip
[2009/10/26 17:10:04 | 00,037,189 | ---- | M] () -- C:\Users\Viper1\Desktop\Gmer.rar
[2009/10/25 19:26:28 | 00,282,833 | ---- | M] () -- C:\Users\Viper1\Desktop\gmer.zip
[2009/10/25 12:52:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/25 12:52:12 | 00,000,099 | ---- | M] () -- C:\Users\Viper1\Desktop\fix.reg
[2009/10/25 10:58:47 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Viper1\Desktop\OTS.exe
[2009/10/25 10:39:45 | 00,374,584 | ---- | M] () -- C:\Users\Viper1\Desktop\exe_fix.com
[2009/10/25 05:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/24 21:16:13 | 00,000,272 | ---- | M] () -- C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/10/24 20:14:04 | 00,047,104 | ---- | M] () -- C:\Users\Viper1\Desktop\Win32kDiag.exe
[2009/10/24 20:13:30 | 00,288,256 | ---- | M] () -- C:\Users\Viper1\Desktop\exeHelper.com
[2009/10/24 20:13:16 | 00,085,504 | ---- | M] () -- C:\Users\Viper1\Desktop\Inherit.exe
[2009/10/23 21:26:14 | 00,001,778 | ---- | M] () -- C:\Users\Viper1\Desktop\HijackThis.lnk
[2009/10/23 20:51:47 | 00,000,000 | ---- | M] () -- C:\Users\Viper1\Desktop\settings.dat
[2009/10/23 20:48:46 | 00,465,298 | ---- | M] () -- C:\Users\Viper1\Desktop\RootRepeal.rar
[2009/10/21 17:59:08 | 00,001,356 | ---- | M] () -- C:\Users\Viper1\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2009/11/02 21:19:14 | 00,032,653 | ---- | C] () -- C:\Users\Viper1\Desktop\LockSearch.exe
[2009/11/02 05:52:14 | 34,887,06560 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/01 18:09:01 | 22,790,6085 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/10/31 19:01:36 | 00,111,128 | ---- | C] () -- C:\Users\Viper1\Desktop\fix.exe
[2009/10/31 09:33:42 | 00,000,065 | ---- | C] () -- C:\Users\Viper1\Desktop\junction.bat
[2009/10/31 09:30:06 | 00,046,375 | ---- | C] () -- C:\Users\Viper1\Desktop\Junction.zip
[2009/10/29 18:48:06 | 00,523,776 | ---- | C] () -- C:\Users\Viper1\Desktop\dds.scr
[2009/10/28 23:07:14 | 03,557,646 | -H-- | C] () -- C:\Users\Viper1\AppData\Local\IconCache.db
[2009/10/28 19:43:35 | 00,035,952 | ---- | C] () -- C:\Users\Viper1\Desktop\releasenotes_cht.htm
[2009/10/28 19:43:35 | 00,032,326 | ---- | C] () -- C:\Users\Viper1\Desktop\releasenotes_chs.htm
[2009/10/28 19:42:51 | 00,868,323 | ---- | C] () -- C:\Users\Viper1\Desktop\sreng2.zip
[2009/10/27 20:04:21 | 00,000,520 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/26 19:28:49 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/10/26 17:39:17 | 00,354,396 | ---- | C] () -- C:\Users\Viper1\Desktop\SysProt.zip
[2009/10/26 17:10:03 | 00,037,189 | ---- | C] () -- C:\Users\Viper1\Desktop\Gmer.rar
[2009/10/25 19:27:44 | 00,291,328 | ---- | C] () -- C:\Users\Viper1\Desktop\gmer.exe
[2009/10/25 19:26:28 | 00,282,833 | ---- | C] () -- C:\Users\Viper1\Desktop\gmer.zip
[2009/10/25 12:52:12 | 00,000,099 | ---- | C] () -- C:\Users\Viper1\Desktop\fix.reg
[2009/10/25 10:39:44 | 00,374,584 | ---- | C] () -- C:\Users\Viper1\Desktop\exe_fix.com
[2009/10/24 20:16:35 | 00,047,104 | ---- | C] () -- C:\Users\Viper1\Desktop\Win32kDiag.exe
[2009/10/24 20:16:27 | 00,288,256 | ---- | C] () -- C:\Users\Viper1\Desktop\exeHelper.com
[2009/10/24 20:16:11 | 00,085,504 | ---- | C] () -- C:\Users\Viper1\Desktop\Inherit.exe
[2009/10/23 21:24:44 | 00,001,778 | ---- | C] () -- C:\Users\Viper1\Desktop\HijackThis.lnk
[2009/10/23 20:51:47 | 00,000,000 | ---- | C] () -- C:\Users\Viper1\Desktop\settings.dat
[2009/10/23 20:51:20 | 00,465,298 | ---- | C] () -- C:\Users\Viper1\Desktop\RootRepeal.rar
[2009/10/22 19:09:19 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/22 19:09:19 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/22 19:09:19 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/22 19:09:19 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/14 21:46:32 | 00,000,051 | -HS- | C] () -- C:\Users\Viper1\AppData\Local\desktop.ini
[2009/10/12 18:58:28 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/12 18:58:28 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/09/12 18:40:16 | 00,034,333 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2009/09/12 18:40:16 | 00,001,093 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2009/09/12 18:40:16 | 00,000,720 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2009/09/12 18:40:16 | 00,000,322 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/12 20:12:02 | 00,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/12 20:12:01 | 00,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/12 17:07:02 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 15:47:23 | 00,028,672 | ---- | C] () -- C:\Windows\System32\cmrmdrvp.dll
[2009/07/12 15:47:09 | 00,005,810 | R--- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/12 12:37:09 | 00,000,552 | ---- | C] () -- C:\Users\Viper1\AppData\Local\d3d8caps.dat
[2009/07/12 12:30:36 | 00,176,112 | ---- | C] () -- C:\Users\Viper1\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/12 12:30:23 | 00,005,632 | ---- | C] () -- C:\Users\Viper1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/12 12:29:24 | 00,001,356 | ---- | C] () -- C:\Users\Viper1\AppData\Local\d3d9caps.dat
[2009/07/05 14:03:42 | 00,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2009/06/10 05:31:04 | 00,089,088 | ---- | C] () -- C:\Windows\System32\nvimage.dll
[2009/04/14 13:17:32 | 00,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/04/03 13:10:04 | 07,262,208 | ---- | C] () -- C:\Windows\System32\tliadjust32.dll
[2008/12/11 20:21:25 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/07/02 18:40:57 | 00,065,536 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2008/07/02 18:40:56 | 00,065,536 | R--- | C] () -- C:\Windows\VMix.dll
[2008/07/01 22:18:05 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/07/01 21:47:36 | 00,000,060 | ---- | C] () -- C:\Users\Viper1\AppData\Roaming\Printer.ini
[2008/07/01 21:37:08 | 00,000,034 | ---- | C] () -- C:\Users\Viper1\AppData\Roaming\pcouffin.log
[2008/07/01 21:37:03 | 00,087,608 | ---- | C] () -- C:\Users\Viper1\AppData\Roaming\inst.exe
[2008/07/01 21:37:03 | 00,007,887 | ---- | C] () -- C:\Users\Viper1\AppData\Roaming\pcouffin.cat
[2008/07/01 21:37:03 | 00,001,144 | ---- | C] () -- C:\Users\Viper1\AppData\Roaming\pcouffin.inf
[2008/07/01 21:21:08 | 00,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008/06/30 22:19:38 | 00,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2008/06/30 22:19:38 | 00,012,664 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2008/06/30 22:03:39 | 00,032,521 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/06/30 21:36:59 | 00,032,139 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/06/30 21:36:54 | 00,012,536 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008/06/10 19:07:20 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/06/10 19:03:26 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/06/10 19:03:26 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/06/05 07:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/05/22 17:18:54 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/08/21 05:22:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/07/27 07:00:00 | 00,000,637 | ---- | C] () -- C:\Windows\win.ini
[2007/07/27 07:00:00 | 00,000,227 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 07:50:56 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:40 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:40 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:40 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:40 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/02/19 02:28:56 | 00,012,288 | ---- | C] () -- C:\Windows\Fonts\RandFont.dll
[2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini

========== LOP Check ==========

[2009/07/05 20:57:46 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\CopyToDvd
[2009/07/12 12:17:53 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\ESET
[2009/07/12 12:17:54 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\ICQ
[2009/07/12 12:17:54 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Leadertech
[2009/07/12 19:58:07 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\nView_Wallpaper
[2009/07/12 12:36:59 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\SystemRequirementsLab
[2009/07/12 12:17:55 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\TeamViewer
[2009/07/12 12:17:55 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\TMP
[2009/07/12 12:17:55 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Uniblue
[2009/07/12 12:17:55 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Vso
[2006/02/28 07:00:00 | 00,000,065 | RH-- | M] () -- C:\Windows\Tasks\desktop.ini
[2009/10/25 12:52:40 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2008/01/20 21:58:23 | 00,003,456 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/24 21:16:13 | 00,000,272 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/07/01 21:16:52 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC.job

========== Purity Check ==========



========== Custom Scans ==========


< C:\windows\system32\drivers\*.sys /md5 >
[2008/01/20 21:23:46 | 00,053,376 | ---- | M] (Microsoft Corporation) MD5=0349BE02F329F4F48F1D48097FD65974 -- C:\Windows\System32\drivers\1394bus.sys
[2009/04/11 01:32:46 | 00,265,688 | ---- | M] (Microsoft Corporation) MD5=82B296AE1892FE3DBEE00C9CF92F8AC7 -- C:\Windows\System32\drivers\acpi.sys
[2008/01/20 21:23:45 | 00,422,968 | ---- | M] (Adaptec, Inc.) MD5=04F0FCAC69C7C71A3AC4EB97FAFC8303 -- C:\Windows\System32\drivers\adp94xx.sys
[2008/01/20 21:23:50 | 00,300,600 | ---- | M] (Adaptec, Inc.) MD5=60505E0041F7751BDBB80F88BF45C2CE -- C:\Windows\System32\drivers\adpahci.sys
[2008/01/20 21:23:50 | 00,101,432 | ---- | M] (Adaptec, Inc.) MD5=8A42779B02AEC986EAB64ECFC98F8BD7 -- C:\Windows\System32\drivers\adpu160m.sys
[2008/01/20 21:23:51 | 00,149,560 | ---- | M] (Adaptec, Inc.) MD5=241C9E37F8CE45EF51C3DE27515CA4E5 -- C:\Windows\System32\drivers\adpu320.sys
[2009/04/10 23:47:03 | 00,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\System32\drivers\afd.sys
[2008/01/20 21:23:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:26 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) MD5=9EAEF5FC9B8E351AFA7E78A6FAE91F91 -- C:\Windows\System32\drivers\aliide.sys
[2008/01/20 21:23:26 | 00,057,400 | ---- | M] (Microsoft Corporation) MD5=C47344BC706E5F0B9DCE369516661578 -- C:\Windows\System32\drivers\AMDAGP.SYS
[2008/01/20 21:23:26 | 00,017,976 | ---- | M] (Microsoft Corporation) MD5=9B78A39A4C173FDBC1321E0DD659B34C -- C:\Windows\System32\drivers\amdide.sys
[2008/01/20 21:23:26 | 00,041,472 | ---- | M] (Microsoft Corporation) MD5=18F29B49AD23ECEE3D2A826C725C8D48 -- C:\Windows\System32\drivers\amdk7.sys
[2008/01/20 21:23:26 | 00,044,032 | ---- | M] (Microsoft Corporation) MD5=93AE7F7DD54AB986A6F1A1B37BE7442D -- C:\Windows\System32\drivers\amdk8.sys
[2008/01/20 21:23:48 | 00,079,416 | ---- | M] (Adaptec, Inc.) MD5=5D2888182FB46632511ACEE92FDAD522 -- C:\Windows\System32\drivers\arc.sys
[2008/01/20 21:23:49 | 00,079,928 | ---- | M] (Adaptec, Inc.) MD5=5E2A321BD7C8B3624E41FDEC3E244945 -- C:\Windows\System32\drivers\arcsas.sys
[2004/08/12 21:56:20 | 00,005,810 | R--- | M] () MD5=D48659BB24C48345D926ECB45C1EBDF5 -- C:\Windows\System32\drivers\ASACPI.sys
[2006/10/18 14:12:16 | 00,012,664 | R--- | M] () MD5=663F2FB92608073824EE3106886120F3 -- C:\Windows\System32\drivers\AsIO.sys
[2007/07/31 22:39:28 | 00,012,536 | ---- | M] () MD5=2AD78087FF299D1596F0336749F84B1F -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008/01/20 21:24:30 | 00,017,408 | ---- | M] (Microsoft Corporation) MD5=53B202ABEE6455406254444303E87BE1 -- C:\Windows\System32\drivers\asyncmac.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:42 | 00,109,032 | ---- | M] (Microsoft Corporation) MD5=64B0052340B8EC28FA8A56B708AE71CC -- C:\Windows\System32\drivers\ataport.sys
[2008/01/20 21:23:26 | 00,028,216 | ---- | M] (Microsoft Corporation) MD5=2B8A5A8879238C3BA9A89A8E3AC4E45D -- C:\Windows\System32\drivers\battc.sys
[2008/01/20 21:23:57 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=9F5F8F2318DFA3974A6F6A5602733929 -- C:\Windows\System32\drivers\bdasup.sys
[2008/01/20 21:24:11 | 00,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/20 21:23:27 | 00,045,568 | ---- | M] (Microsoft Corporation) MD5=D4DF28447741FD3D953526E33A617397 -- C:\Windows\System32\drivers\blbdrive.sys
[2008/01/20 21:24:17 | 00,069,632 | ---- | M] (Microsoft Corporation) MD5=74B442B2BE1260B7588C136177CEAC66 -- C:\Windows\System32\drivers\bowser.sys
[2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) MD5=9F9ACC7F7CCDE8A15C282D3F88B43309 -- C:\Windows\System32\drivers\BrFiltLo.sys
[2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) MD5=56801AD62213A41F6497F96DEE83755A -- C:\Windows\System32\drivers\BrFiltUp.sys
[2009/04/11 00:42:55 | 00,093,696 | ---- | M] (Microsoft Corporation) MD5=B1564976D98E91FC764D5DC28A0297DA -- C:\Windows\System32\drivers\bridge.sys
[2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) MD5=B304E75CFF293029EDDF094246747113 -- C:\Windows\System32\drivers\BrSerId.sys
[2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) MD5=203F0B1E73ADADBBB7B7B1FABD901F6B -- C:\Windows\System32\drivers\BrSerWdm.sys
[2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) MD5=BD456606156BA17E60A04E18016AE54B -- C:\Windows\System32\drivers\BrUsbMdm.sys
[2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) MD5=AF72ED54503F717A43268B3CC5FAEC2E -- C:\Windows\System32\drivers\BrUsbSer.sys
[2006/11/02 03:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) MD5=AD07C1EC6665B8B35741AB91200C6B68 -- C:\Windows\System32\drivers\bthmodem.sys
[2008/01/20 21:24:15 | 00,070,144 | ---- | M] (Microsoft Corporation) MD5=7ADD03E75BEB9E6DD102C3081D29840A -- C:\Windows\System32\drivers\cdfs.sys
[2005/08/19 02:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) MD5=BF79E659C506674C0497CC9C61F1A165 -- C:\Windows\System32\drivers\cdr4_xp.sys
[2005/08/19 02:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) MD5=2C41CD49D82D5FD85C72D57B6CA25471 -- C:\Windows\System32\drivers\cdralw2k.sys
[2009/04/10 23:39:17 | 00,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2008/01/20 21:23:50 | 00,035,328 | ---- | M] (Microsoft Corporation) MD5=E5D4133F37219DBCFE102BC61072589D -- C:\Windows\System32\drivers\circlass.sys
[2009/04/11 01:32:43 | 00,125,928 | ---- | M] (Microsoft Corporation) MD5=0767B09C74D935A590B4879D14463B64 -- C:\Windows\System32\drivers\Classpnp.sys
[2008/01/20 21:23:26 | 00,019,000 | ---- | M] (CMD Technology, Inc.) MD5=0CA25E686A4928484E9FDABD168AB629 -- C:\Windows\System32\drivers\cmdide.sys
[2007/03/26 18:14:20 | 01,503,040 | ---- | M] (Razer) MD5=1E996383BBFB2EACE3E7904CB6DBBB3E -- C:\Windows\System32\drivers\cmudaxp.sys
[2008/01/20 21:23:26 | 00,020,792 | ---- | M] (Microsoft Corporation) MD5=6AFEF0B60FA25DE07C0968983EE4F60A -- C:\Windows\System32\drivers\compbatt.sys
[2009/04/11 01:32:30 | 00,035,304 | ---- | M] (Microsoft Corporation) MD5=36975327EF03949CC378AB01E316B574 -- C:\Windows\System32\drivers\crashdmp.sys
[2008/01/20 21:23:46 | 00,024,632 | ---- | M] (Microsoft Corporation) MD5=741E9DFF4F42D2D8477D0FC1DC0DF871 -- C:\Windows\System32\drivers\crcdisk.sys
[2008/01/20 21:23:26 | 00,040,960 | ---- | M] (Microsoft Corporation) MD5=1F07BECDCA750766A96CDA811BA86410 -- C:\Windows\System32\drivers\crusoe.sys
[2009/04/10 23:14:52 | 00,351,744 | ---- | M] (Microsoft Corporation) MD5=9BDB2E89BE8D0EF37B1F25C3D3FC192C -- C:\Windows\System32\drivers\csc.sys
[2008/08/28 13:16:40 | 00,071,184 | ---- | M] (Raxco Software, Inc.) MD5=E08557F41650B505571D50C9247A1E03 -- C:\Windows\System32\drivers\DefragFS.sys
[2009/04/10 23:14:12 | 00,075,264 | ---- | M] (Microsoft Corporation) MD5=218D8AE46C88E82014F5D73D0236D9B2 -- C:\Windows\System32\drivers\dfsc.sys
[2009/04/11 01:32:31 | 00,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 23:39:11 | 00,019,456 | ---- | M] (Microsoft Corporation) MD5=494075282E23D838F43A4C9FB7143959 -- C:\Windows\System32\drivers\Diskdump.sys
[2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) MD5=AE1FDF7BF7BB6C6A70F67699D880592A -- C:\Windows\System32\drivers\djsvs.sys
[2008/01/20 21:23:45 | 00,130,048 | ---- | M] (Microsoft Corporation) MD5=7BE5A3C671A2CB56E94403BFC2020A0D -- C:\Windows\System32\drivers\drmk.sys
[2008/01/20 21:23:45 | 00,005,632 | ---- | M] (Microsoft Corporation) MD5=97FEF831AB90BEE128C9AF390E243F80 -- C:\Windows\System32\drivers\drmkaud.sys
[2009/04/11 01:32:29 | 00,027,624 | ---- | M] (Microsoft Corporation) MD5=C67EBF9C05531C406E1E079FF669A2E6 -- C:\Windows\System32\drivers\Dumpata.sys
[2008/01/20 21:24:47 | 00,013,312 | ---- | M] (Microsoft Corporation) MD5=EAAAFEF04FBB45665C9576E525D45A12 -- C:\Windows\System32\drivers\dxapi.sys
[2009/04/10 23:23:23 | 00,076,288 | ---- | M] (Microsoft Corporation) MD5=C8D5369BFE193B5FB53337DCE77CE314 -- C:\Windows\System32\drivers\dxg.sys
[2009/04/10 23:23:48 | 00,626,176 | ---- | M] (Microsoft Corporation) MD5=FB85F7F69E9B109820409243F578CC4D -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008/01/20 21:23:49 | 00,118,784 | ---- | M] (Intel Corporation) MD5=5425F74AC0C1DBD96A1E04F17D63F94C -- C:\Windows\System32\drivers\E1G60I32.sys
[2009/05/14 14:41:10 | 00,114,472 | ---- | M] (ESET) MD5=E31464CE787E3A0FFEA55BAA591897F0 -- C:\Windows\System32\drivers\eamon.sys
[2009/04/11 01:32:43 | 00,141,288 | ---- | M] (Microsoft Corporation) MD5=7F64EA048DCFAC7ACF8B4D7B4E6FE371 -- C:\Windows\System32\drivers\ecache.sys
[2009/05/14 14:47:14 | 00,107,256 | ---- | M] (ESET) MD5=2C95A7A87E4272C1FFF9BAF579677DB3 -- C:\Windows\System32\drivers\ehdrv.sys
[2008/01/20 21:23:46 | 00,342,584 | ---- | M] (Emulex) MD5=23B62471681A124889978F6295B3F4C6 -- C:\Windows\System32\drivers\elxstor.sys
[2007/08/20 09:05:02 | 00,027,672 | R--- | M] (EnTech Taiwan) MD5=16EBD8BF1D5090923694CC972C7CE1B4 -- C:\Windows\System32\drivers\Entech.sys
[2004/06/22 14:44:50 | 00,005,632 | ---- | M] (EnTech Taiwan) MD5=4FC3498AAB35E5B78993B2AAFBCCFB62 -- C:\Windows\System32\drivers\Entech64.sys
[2009/05/14 14:49:22 | 00,133,000 | ---- | M] (ESET) MD5=C2C9A92B560A775C65B89E78DCB6951A -- C:\Windows\System32\drivers\epfw.sys
[2009/05/14 14:49:26 | 00,033,096 | ---- | M] (ESET) MD5=73FC7C4A5952B5493C6BE2708D1538C0 -- C:\Windows\System32\drivers\epfwndis.sys
[2009/05/14 14:49:32 | 00,038,240 | ---- | M] (ESET) MD5=5211FB96523E6C1AEE19D6FB4D57CE25 -- C:\Windows\System32\drivers\epfwwfp.sys
[2008/01/20 21:23:26 | 00,006,656 | ---- | M] (Microsoft Corporation) MD5=3DB974F3935483555D7148663F726C61 -- C:\Windows\System32\drivers\errdev.sys
[2009/04/10 23:13:53 | 00,136,704 | ---- | M] (Microsoft Corporation) MD5=22B408651F9123527BCEE54B4F6C5CAE -- C:\Windows\System32\drivers\exfat.sys
[2009/04/10 23:13:52 | 00,142,848 | ---- | M] (Microsoft Corporation) MD5=1E9B9A70D332103C52995E957DC09EF8 -- C:\Windows\System32\drivers\fastfat.sys
[2008/01/20 21:23:44 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=AFE1E8B9782A0DD7FB46BBD88E43F89A -- C:\Windows\System32\drivers\fdc.sys
[2008/01/20 21:24:29 | 00,058,936 | ---- | M] (Microsoft Corporation) MD5=A8C0139A884861E3AAE9CFE73B208A9F -- C:\Windows\System32\drivers\fileinfo.sys
[2008/01/20 21:24:47 | 00,027,648 | ---- | M] (Microsoft Corporation) MD5=0AE429A696AECBC5970E3CF2C62635AE -- C:\Windows\System32\drivers\filetrace.sys
[2008/01/20 21:23:44 | 00,020,480 | ---- | M] (Microsoft Corporation) MD5=85B7CF99D532820495D68D747FDA9EBD -- C:\Windows\System32\drivers\flpydisk.sys
[2009/04/11 01:32:46 | 00,190,424 | ---- | M] (Microsoft Corporation) MD5=01334F9EA68E6877C4EF05D3EA8ABB05 -- C:\Windows\System32\drivers\fltMgr.sys
[2008/01/20 21:24:32 | 00,012,800 | ---- | M] (Microsoft Corporation) MD5=65EA8B77B5851854F0C55C43FA51A198 -- C:\Windows\System32\drivers\fs_rec.sys
[2009/04/11 01:32:43 | 00,099,816 | ---- | M] (Microsoft Corporation) MD5=73594DBC99E22958150192EE99BC48CE -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2008/01/20 21:23:46 | 00,061,496 | ---- | M] (Microsoft Corporation) MD5=34582A6E6573D54A07ECE5FE24A126B5 -- C:\Windows\System32\drivers\GAGP30KX.SYS
[2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) MD5=8182FF89C65E4D38B2DE4BB0FB18564E -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2008/07/16 22:08:30 | 00,025,280 | ---- | M] (LogMeIn, Inc.) MD5=7929A161F9951D173CA9900FE7067391 -- C:\Windows\System32\drivers\hamachi.sys
[2009/04/10 23:42:42 | 00,561,152 | ---- | M] (Microsoft Corporation) MD5=062452B7FFD68C8C042A6261FE8DFF4A -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/04/10 23:43:02 | 00,236,544 | ---- | M] (Microsoft Corporation) MD5=3F90E001369A07243763BD5A523D8722 -- C:\Windows\System32\drivers\HdAudio.sys
[2006/11/02 03:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) MD5=1338520E78D90154ED6BE8F84DE5FCEB -- C:\Windows\System32\drivers\hidbth.sys
[2009/04/10 23:42:48 | 00,039,424 | ---- | M] (Microsoft Corporation) MD5=5961CADB7CAD938368D2028725EF771D -- C:\Windows\System32\drivers\hidclass.sys
[2006/11/02 03:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=FF3160C3A2445128C5A6D9B076DA519E -- C:\Windows\System32\drivers\hidir.sys
[2008/01/20 21:23:51 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=175444D3A01CA45D0E1C5DC5F48DF7CD -- C:\Windows\System32\drivers\hidparse.sys
[2009/04/10 23:42:48 | 00,012,800 | ---- | M] (Microsoft Corporation) MD5=CCA4B519B17E23A00B826C55716809CC -- C:\Windows\System32\drivers\hidusb.sys
[2008/01/20 21:23:51 | 00,040,504 | ---- | M] (Hewlett-Packard Company) MD5=16EE7B23A009E00D835CDB79574A91A6 -- C:\Windows\System32\drivers\HpCISSs.sys
[2009/04/10 23:45:32 | 00,401,408 | ---- | M] (Microsoft Corporation) MD5=ABBC72793F1C588B1A7DB0CAC69A4FE8 -- C:\Windows\System32\drivers\http.sys
[2008/01/20 21:23:28 | 00,019,000 | ---- | M] (Microsoft Corporation) MD5=95BD3EA81EBE6B8CACAFDB6CDAB3586C -- C:\Windows\System32\drivers\i2omgmt.sys
[2008/01/20 21:23:28 | 00,030,264 | ---- | M] (Microsoft Corporation) MD5=C6B032D69650985468160FC9937CF5B4 -- C:\Windows\System32\drivers\i2omp.sys
[2008/01/20 21:23:44 | 00,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\drivers\i8042prt.sys
[2007/09/29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2008/01/20 21:23:47 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) MD5=2D077BF86E843F901D8DB709C95B49A5 -- C:\Windows\System32\drivers\iirsp.sys
[2008/01/20 21:23:26 | 00,017,976 | ---- | M] (Microsoft Corporation) MD5=83AA759F3189E6370C30DE5DC5590718 -- C:\Windows\System32\drivers\intelide.sys
[2008/01/20 21:23:26 | 00,041,472 | ---- | M] (Microsoft Corporation) MD5=224191001E78C89DFA78924C3EA595FF -- C:\Windows\System32\drivers\intelppm.sys
[2008/01/20 21:25:09 | 00,047,616 | ---- | M] (Microsoft Corporation) MD5=62C265C38769B864CB25B4BCF62DF6C3 -- C:\Windows\System32\drivers\ipfltdrv.sys
[2008/01/20 21:23:46 | 00,064,512 | ---- | M] (Microsoft Corporation) MD5=B25AAF203552B7B3491139D582B39AD1 -- C:\Windows\System32\drivers\IPMIDrv.sys
[2008/01/20 21:24:51 | 00,100,864 | ---- | M] (Microsoft Corporation) MD5=8793643A67B42CEC66490B2A0CF92D68 -- C:\Windows\System32\drivers\ipnat.sys
[2008/01/20 21:24:56 | 00,095,744 | ---- | M] (Microsoft Corporation) MD5=E50A95179211B12946F7E035D60AF560 -- C:\Windows\System32\drivers\irda.sys
[2008/01/20 21:24:18 | 00,013,312 | ---- | M] (Microsoft Corporation) MD5=109C0DFB82C3632FBD11949B73AEEAC9 -- C:\Windows\System32\drivers\irenum.sys
[2008/01/20 21:23:26 | 00,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\drivers\isapnp.sys
[2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) MD5=BCED60D16156E428F8DF8CF27B0DF150 -- C:\Windows\System32\drivers\iteatapi.sys
[2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) MD5=06FA654504A498C30ADCA8BEC4E87E7E -- C:\Windows\System32\drivers\iteraid.sys
[2008/01/20 21:23:48 | 00,035,384 | ---- | M] (Microsoft Corporation) MD5=37605E0A8CF00CBBA538E753E4344C6E -- C:\Windows\System32\drivers\kbdclass.sys
[2009/04/10 23:38:40 | 00,017,408 | ---- | M] (Microsoft Corporation) MD5=EDE59EC70E25C24581ADD1FBEC7325F7 -- C:\Windows\System32\drivers\kbdhid.sys
[2009/04/10 23:38:49 | 00,149,504 | ---- | M] (Microsoft Corporation) MD5=EF73C1E29FBE7B0FD0274BF4394E346A -- C:\Windows\System32\drivers\ks.sys
[2009/06/15 18:15:25 | 00,439,864 | ---- | M] (Microsoft Corporation) MD5=86165728AF9BF72D6442A894FDFB4F8B -- C:\Windows\System32\drivers\ksecdd.sys
[2007/08/08 02:04:16 | 00,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) MD5=5E34CD48B7EB440BB77E93528CC9F0CC -- C:\Windows\System32\drivers\Lachesis.sys
[2008/01/20 21:25:02 | 00,047,104 | ---- | M] (Microsoft Corporation) MD5=D1C5883087A0C3F1344D9D55A44901F6 -- C:\Windows\System32\drivers\lltdio.sys
[2008/01/20 21:23:48 | 00,096,312 | ---- | M] (LSI Logic) MD5=C7E15E82879BF3235B559563D4185365 -- C:\Windows\System32\drivers\lsi_fc.sys
[2008/01/20 21:23:50 | 00,089,656 | ---- | M] (LSI Logic) MD5=EE01EBAE8C9BF0FA072E0FF68718920A -- C:\Windows\System32\drivers\lsi_sas.sys
[2008/01/20 21:23:47 | 00,096,312 | ---- | M] (LSI Logic) MD5=912A04696E9CA30146A62AFA1463DD5C -- C:\Windows\System32\drivers\lsi_scsi.sys
[2008/01/20 21:25:02 | 00,084,480 | ---- | M] (Microsoft Corporation) MD5=8F5C7426567798E62A3B3614965D62CC -- C:\Windows\System32\drivers\luafv.sys
[2009/09/10 13:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) MD5=C2B26AF5DA2E31FD3221D2B21FAE6249 -- C:\Windows\System32\drivers\mbam.sys
[2009/09/10 13:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) MD5=00C4A0992D4EA5520AC12DB4FD11C3E3 -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/01/20 21:25:10 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=B271EC02E71271A2DA28B3B7BC4E4F15 -- C:\Windows\System32\drivers\mcd.sys
[2008/01/20 21:23:51 | 00,031,288 | ---- | M] (LSI Corporation) MD5=0001CE609D66632FA17B84705F658879 -- C:\Windows\System32\drivers\megasas.sys
[2008/01/20 21:23:51 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) MD5=C252F32CD9A49DBFC25ECF26EBD51A99 -- C:\Windows\System32\drivers\MegaSR.sys
[2008/01/20 21:25:22 | 00,031,744 | ---- | M] (Microsoft Corporation) MD5=E13B5EA0F51BA5B1512EC671393D09BA -- C:\Windows\System32\drivers\modem.sys
[2008/01/20 21:23:46 | 00,041,984 | ---- | M] (Microsoft Corporation) MD5=0A9BB33B56E294F686ABB7C1E4E2D8A8 -- C:\Windows\System32\drivers\monitor.sys
[2008/01/20 21:23:44 | 00,034,360 | ---- | M] (Microsoft Corporation) MD5=5BF6A1326A335C5298477754A506D263 -- C:\Windows\System32\drivers\mouclass.sys
[2008/01/20 21:23:44 | 00,015,872 | ---- | M] (Microsoft Corporation) MD5=93B8D4869E12CFBE663915502900876F -- C:\Windows\System32\drivers\mouhid.sys
[2008/01/20 21:24:11 | 00,057,400 | ---- | M] (Microsoft Corporation) MD5=BDAFC88AA6B92F7842416EA6A48E1600 -- C:\Windows\System32\drivers\mountmgr.sys
[2008/01/20 21:23:45 | 00,105,016 | ---- | M] (Microsoft Corporation) MD5=511D011289755DD9F9A7579FB0B064E6 -- C:\Windows\System32\drivers\mpio.sys
[2008/01/20 21:25:11 | 00,064,000 | ---- | M] (Microsoft Corporation) MD5=22241FEBA9B2DEFA669C8CB0A8DD7D2E -- C:\Windows\System32\drivers\mpsdrv.sys
[2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) MD5=4FBBB70D30FD20EC51F80061703B001E -- C:\Windows\System32\drivers\Mraid35x.sys
[2009/04/10 23:14:40 | 00,114,688 | ---- | M] (Microsoft Corporation) MD5=82CEA0395524AACFEB58BA1448E8325C -- C:\Windows\System32\drivers\mrxdav.sys
[2009/04/10 23:14:28 | 00,105,984 | ---- | M] (Microsoft Corporation) MD5=317EB668973951BAD512EE8BEBF9ED25 -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/04/10 23:14:36 | 00,212,992 | ---- | M] (Microsoft Corporation) MD5=05716F0203B5C774A87384A1FF7B968F -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/04/10 23:14:29 | 00,079,360 | ---- | M] (Microsoft Corporation) MD5=C70C50D101B92B45C42BA11EA9FE6CD1 -- C:\Windows\System32\drivers\mrxsmb20.sys
[2008/01/20 21:23:26 | 00,028,728 | ---- | M] (Microsoft Corporation) MD5=28023E86F17001F7CD9B15A5BC9AE07D -- C:\Windows\System32\drivers\msahci.sys
[2008/01/20 21:23:45 | 00,094,776 | ---- | M] (Microsoft Corporation) MD5=4468B0F385A86ECDDAF8D3CA662EC0E7 -- C:\Windows\System32\drivers\msdsm.sys
[2008/01/20 21:24:15 | 00,022,528 | ---- | M] (Microsoft Corporation) MD5=A9927F4A46B816C92F461ACB90CF8515 -- C:\Windows\System32\drivers\msfs.sys
[2008/01/20 21:23:26 | 00,016,440 | ---- | M] (Microsoft Corporation) MD5=0F400E306F385C56317357D6DEA56F62 -- C:\Windows\System32\drivers\msisadrv.sys
[2009/04/11 01:32:46 | 00,180,712 | ---- | M] (Microsoft Corporation) MD5=232FA340531D940AAC623B121A595034 -- C:\Windows\System32\drivers\msiscsi.sys
[2008/01/20 21:25:18 | 00,008,192 | ---- | M] (Microsoft Corporation) MD5=D8C63D34D9C9E56C059E24EC7185CC07 -- C:\Windows\System32\drivers\mskssrv.sys
[2008/01/20 21:25:18 | 00,005,888 | ---- | M] (Microsoft Corporation) MD5=1D373C90D62DDB641D50E55B9E78D65E -- C:\Windows\System32\drivers\mspclock.sys
[2008/01/20 21:25:18 | 00,005,504 | ---- | M] (Microsoft Corporation) MD5=B572DA05BF4E098D4BBA3A4734FB505B -- C:\Windows\System32\drivers\mspqm.sys
[2009/04/11 01:32:46 | 00,161,752 | ---- | M] (Microsoft Corporation) MD5=B49456D70555DE905C311BCDA6EC6ADB -- C:\Windows\System32\drivers\msrpc.sys
[2008/01/20 21:23:26 | 00,031,288 | ---- | M] (Microsoft Corporation) MD5=E384487CB84BE41D09711C30CA79646C -- C:\Windows\System32\drivers\mssmbios.sys
[2008/01/20 21:25:18 | 00,006,016 | ---- | M] (Microsoft Corporation) MD5=7199C1EEC1E4993CAF96B8C0A26BD58A -- C:\Windows\System32\drivers\mstee.sys
[2009/04/11 01:32:31 | 00,048,104 | ---- | M] (Microsoft Corporation) MD5=6A57B5733D4CB702C8EA4542E836B96C -- C:\Windows\System32\drivers\mup.sys
[2009/04/11 01:32:49 | 00,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2008/01/20 21:24:50 | 00,020,992 | ---- | M] (Microsoft Corporation) MD5=0E186E90404980569FB449BA7519AE61 -- C:\Windows\System32\drivers\ndistapi.sys
[2008/01/20 21:25:20 | 00,016,896 | ---- | M] (Microsoft Corporation) MD5=D6973AA34C4D5D76C0430B181C3CD389 -- C:\Windows\System32\drivers\ndisuio.sys
[2009/04/10 23:46:32 | 00,121,344 | ---- | M] (Microsoft Corporation) MD5=818F648618AE34F729FDB47EC68345C3 -- C:\Windows\System32\drivers\ndiswan.sys
[2008/01/20 21:24:50 | 00,049,664 | ---- | M] (Microsoft Corporation) MD5=71DAB552B41936358F3B541AE5997FB3 -- C:\Windows\System32\drivers\ndproxy.sys
[2008/01/20 21:24:46 | 00,035,840 | ---- | M] (Microsoft Corporation) MD5=BCD093A5A6777CF626434568DC7DBA78 -- C:\Windows\System32\drivers\netbios.sys
[2009/04/10 23:45:37 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/11 01:32:46 | 00,223,208 | ---- | M] (Microsoft Corporation) MD5=063EE4D3CB88A14EAB9901875CEE98B1 -- C:\Windows\System32\drivers\netio.sys
[2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) MD5=2E7FB731D4790A1BC6270ACCEFACB36E -- C:\Windows\System32\drivers\nfrd960.sys
[2009/04/10 23:14:01 | 00,035,328 | ---- | M] (Microsoft Corporation) MD5=D36F239D7CCE1931598E8FB90A0DBC26 -- C:\Windows\System32\drivers\npfs.sys
[2008/01/20 21:25:11 | 00,016,384 | ---- | M] (Microsoft Corporation) MD5=609773E344A97410CE4EBF74A8914FCF -- C:\Windows\System32\drivers\nsiproxy.sys
[2009/04/11 01:32:49 | 01,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\System32\drivers\ntfs.sys
[2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) MD5=E875C093AEC0C978A90F30C9E0DFBB72 -- C:\Windows\System32\drivers\ntrigdigi.sys
[2008/01/20 21:24:14 | 00,004,608 | ---- | M] (Microsoft Corporation) MD5=C5DBBCDA07D780BDA9B685DF333BB41E -- C:\Windows\System32\drivers\null.sys
[2009/06/10 05:03:00 | 09,899,296 | ---- | M] (NVIDIA Corporation) MD5=2913F72C5F4007CD2226E5D34E0AEECE -- C:\Windows\System32\drivers\nvlddmkm.sys
[2008/01/20 21:23:45 | 00,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 21:23:45 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:26 | 00,109,112 | ---- | M] (Microsoft Corporation) MD5=18BBDF913916B71BD54575BDB6EEAC0B -- C:\Windows\System32\drivers\NV_AGP.SYS
[2009/04/10 23:43:28 | 00,148,480 | ---- | M] (Microsoft Corporation) MD5=85C44FDFF9CF7E72A40DCB7EC06A4416 -- C:\Windows\System32\drivers\nwifi.sys
[2009/04/10 23:43:04 | 00,062,208 | ---- | M] (Microsoft Corporation) MD5=6F310E890D46E246E0E261A63D9B36B4 -- C:\Windows\System32\drivers\ohci1394.sys
[2009/04/10 23:45:51 | 00,072,192 | ---- | M] (Microsoft Corporation) MD5=99514FAA8DF93D34B5589187DB3AA0BA -- C:\Windows\System32\drivers\pacer.sys
[2006/11/02 03:51:30 | 00,079,360 | ---- | M] (Microsoft Corporation) MD5=0FA9B5055484649D63C303FE404E5F4D -- C:\Windows\System32\drivers\parport.sys
[2009/04/11 01:32:31 | 00,054,248 | ---- | M] (Microsoft Corporation) MD5=57389FA59A36D96B3EB09D0CB91E9CDC -- C:\Windows\System32\drivers\partmgr.sys
[2006/11/02 03:51:23 | 00,008,704 | ---- | M] (Microsoft Corporation) MD5=4F9A6A8A31413180D0FCB279AD5D8112 -- C:\Windows\System32\drivers\parvdm.sys
[2009/04/11 01:32:55 | 00,149,480 | ---- | M] (Microsoft Corporation) MD5=941DC1D19E7E8620F40BBC206981EFDB -- C:\Windows\System32\drivers\pci.sys
[2001/11/19 18:05:18 | 00,003,972 | ---- | M] () MD5=D6829ACFA6315DB9A963D3EDE2BCBCFF -- C:\Windows\System32\drivers\PciBus.sys
[2009/04/11 01:32:49 | 00,014,312 | ---- | M] (Microsoft Corporation) MD5=1636D43F10416AEB483BC6001097B26C -- C:\Windows\System32\drivers\pciide.sys
[2009/04/11 01:32:52 | 00,043,496 | ---- | M] (Microsoft Corporation) MD5=6429D10C5D149AC9EB2D95052A390CFF -- C:\Windows\System32\drivers\pciidex.sys
[2006/11/02 04:51:12 | 00,167,528 | ---- | M] (Microsoft Corporation) MD5=E6F3FB1B86AA519E7698AD05E58B04E5 -- C:\Windows\System32\drivers\pcmcia.sys
[2006/11/02 04:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) MD5=6349F6ED9C623B44B52EA3C63C831A92 -- C:\Windows\System32\drivers\PEAuth.sys
[2009/04/10 23:42:50 | 00,167,936 | ---- | M] (Microsoft Corporation) MD5=218286724EC530FF252648369E05B090 -- C:\Windows\System32\drivers\portcls.sys
[2008/01/20 21:23:26 | 00,040,960 | ---- | M] (Microsoft Corporation) MD5=2027293619DD0F047C584CF2E7DF4FFD -- C:\Windows\System32\drivers\processr.sys
[2007/07/26 02:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) MD5=49452BFCEC22F36A7A9B9C2181BC3042 -- C:\Windows\System32\drivers\pxhelp20.sys
[2008/01/20 21:23:49 | 01,122,360 | ---- | M] (QLogic Corporation) MD5=0A6DB55AFB7820C99AA1F3A1D270F4F6 -- C:\Windows\System32\drivers\ql2300.sys
[2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) MD5=81A7E5C076E59995D54BC1ED3A16E60B -- C:\Windows\System32\drivers\ql40xx.sys
[2008/01/20 21:23:57 | 00,031,232 | ---- | M] (Microsoft Corporation) MD5=9F5E0E1926014D17486901C88ECA2DB7 -- C:\Windows\System32\drivers\qwavedrv.sys
[2008/01/20 21:24:45 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\System32\drivers\rasacd.sys
[2008/01/20 21:25:21 | 00,076,288 | ---- | M] (Microsoft Corporation) MD5=A214ADBAF4CB47DD2728859EF31F26B0 -- C:\Windows\System32\drivers\rasl2tp.sys
[2009/04/10 23:46:30 | 00,041,472 | ---- | M] (Microsoft Corporation) MD5=509A98DD18AF4375E1FC40BC175F1DEF -- C:\Windows\System32\drivers\raspppoe.sys
[2008/01/20 21:25:21 | 00,062,976 | ---- | M] (Microsoft Corporation) MD5=ECFFFAEC0C1ECD8DBC77F39070EA1DB1 -- C:\Windows\System32\drivers\raspptp.sys
[2009/04/10 23:46:40 | 00,069,120 | ---- | M] (Microsoft Corporation) MD5=2005F4A1E05FA09389AC85840F0A9E4D -- C:\Windows\System32\drivers\rassstp.sys
[2009/04/10 23:14:29 | 00,225,280 | ---- | M] (Microsoft Corporation) MD5=B14C9D5B9ADD2F84F70570BBBFAA7935 -- C:\Windows\System32\drivers\rdbss.sys
[2008/01/20 21:24:32 | 00,006,144 | ---- | M] (Microsoft Corporation) MD5=89E59BE9A564262A3FB6C4F4F1CD9899 -- C:\Windows\System32\drivers\RDPCDD.sys
[2009/04/10 23:52:34 | 00,248,320 | ---- | M] (Microsoft Corporation) MD5=943B18305EAE3935598A9B4A3D560B4C -- C:\Windows\System32\drivers\rdpdr.sys
[2008/01/20 21:25:17 | 00,006,144 | ---- | M] (Microsoft Corporation) MD5=9D91FE5286F748862ECFFA05F8A0710C -- C:\Windows\System32\drivers\RDPENCDD.sys
[2009/04/10 23:51:27 | 00,180,736 | ---- | M] (Microsoft Corporation) MD5=30BFBDFB7F95559EDE971F9DDB9A00BA -- C:\Windows\System32\drivers\rdpwd.sys
[2009/04/10 23:45:24 | 00,113,664 | ---- | M] (Microsoft Corporation) MD5=EEC7EE5675294B03E88AA868540007C1 -- C:\Windows\System32\drivers\rmcast.sys
[2009/04/10 23:46:07 | 00,033,280 | ---- | M] (Microsoft Corporation) MD5=D9225D107E40D0FA5C5069446759C8E9 -- C:\Windows\System32\drivers\RNDISMP.sys
[2008/01/20 21:25:17 | 00,008,192 | ---- | M] (Microsoft Corporation) MD5=75E8A6BFA7374ABA833AE92BF41AE4E6 -- C:\Windows\System32\drivers\rootmdm.sys
[2008/01/20 21:25:02 | 00,060,416 | ---- | M] (Microsoft Corporation) MD5=9C508F4074A39E8B4B31D27198146FAD -- C:\Windows\System32\drivers\rspndr.sys
[2007/08/18 02:09:04 | 00,057,328 | ---- | M] (Sonic Solutions) MD5=80CAE340F37B52D1CB75FF74E6A087CD -- C:\Windows\System32\drivers\RxFilter.sys
[2006/11/02 04:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) MD5=3CE8F073A557E172B330109436984E30 -- C:\Windows\System32\drivers\sbp2port.sys
[2008/01/20 21:24:18 | 00,142,904 | ---- | M] (Microsoft Corporation) MD5=6F5CA34AE885645ACF8A20D564DB976C -- C:\Windows\System32\drivers\scsiport.sys
[2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=90A3935D05B494A5A39D37E71F09A677 -- C:\Windows\System32\drivers\secdrv.sys
[2006/11/02 03:51:25 | 00,017,920 | ---- | M] (Microsoft Corporation) MD5=68E44E331D46F0FB38F0863A84CD1A31 -- C:\Windows\System32\drivers\serenum.sys
[2006/11/02 03:51:30 | 00,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\drivers\serial.sys
[2008/01/20 21:23:44 | 00,019,968 | ---- | M] (Microsoft Corporation) MD5=8AF3D28A879BF75DB53A0EE7A4289624 -- C:\Windows\System32\drivers\sermouse.sys
[2008/01/20 21:23:47 | 00,013,312 | ---- | M] (Microsoft Corporation) MD5=3EFA810BDCA87F6ECC24F9832243FE86 -- C:\Windows\System32\drivers\sffdisk.sys
[2008/01/20 21:23:47 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=E95D451F7EA3E583AEC75F3B3EE42DC5 -- C:\Windows\System32\drivers\sffp_mmc.sys
[2008/01/20 21:23:47 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=3D0EA348784B7AC9EA9BD9F317980979 -- C:\Windows\System32\drivers\sffp_sd.sys
[2006/11/02 03:51:40 | 00,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\drivers\sfloppy.sys
[2008/01/20 21:23:26 | 00,055,864 | ---- | M] (Microsoft Corporation) MD5=1D76624A09A054F682D746B924E2DBC3 -- C:\Windows\System32\drivers\SISAGP.SYS
[2008/01/20 21:23:50 | 00,041,016 | ---- | M] (Microsoft Corporation) MD5=43CB7AA756C7DB280D01DA9B676CFDE2 -- C:\Windows\System32\drivers\sisraid2.sys
[2008/01/20 21:23:51 | 00,074,808 | ---- | M] (Silicon Integrated Systems) MD5=A99C6C8B0BAA970D8AA59DDC50B57F94 -- C:\Windows\System32\drivers\sisraid4.sys
[2009/04/10 23:45:22 | 00,066,560 | ---- | M] (Microsoft Corporation) MD5=7B75299A4D201D6A6533603D6914AB04 -- C:\Windows\System32\drivers\smb.sys
[2008/01/20 21:25:21 | 00,017,408 | ---- | M] (Microsoft Corporation) MD5=A7D7EA1771D2ED6F39A8063E79B6C3E8 -- C:\Windows\System32\drivers\smclib.sys
[2008/01/20 21:24:38 | 00,021,048 | ---- | M] (Microsoft Corporation) MD5=7AEBDEEF071FE28B0EEF2CDD69102BFF -- C:\Windows\System32\drivers\spldr.sys
[2009/04/10 21:52:40 | 00,684,032 | ---- | M] (Microsoft Corporation) MD5=A7F8BAD9590ADDC425B4003E94780DFA -- C:\Windows\System32\drivers\spsys.sys
[2009/04/10 23:15:20 | 00,288,768 | ---- | M] (Microsoft Corporation) MD5=BAA6018A27857B5FF0C03CE756B4A7A2 -- C:\Windows\System32\drivers\srv.sys
[2009/09/14 04:29:50 | 00,144,896 | ---- | M] (Microsoft Corporation) MD5=6B6F3658E0A58C6C50C5F7FBDF3DF633 -- C:\Windows\System32\drivers\srv2.sys
[2009/04/10 23:15:02 | 00,098,816 | ---- | M] (Microsoft Corporation) MD5=2D10DE9022822772ADAA120B15A9BD03 -- C:\Windows\System32\drivers\srvnet.sys
[2009/04/11 01:32:54 | 00,122,344 | ---- | M] (Microsoft Corporation) MD5=47E55AFE1ED1D5AFF09690DB226F4A7A -- C:\Windows\System32\drivers\Storport.sys
[2009/04/10 23:42:47 | 00,052,992 | ---- | M] (Microsoft Corporation) MD5=70A92E46A2F459CDEDE3CA558CB26B6A -- C:\Windows\System32\drivers\stream.sys
[2008/01/20 21:23:26 | 00,015,288 | ---- | M] (Microsoft Corporation) MD5=7BA58ECF0C0A9A69D44B3DCA62BECF56 -- C:\Windows\System32\drivers\swenum.sys
[2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) MD5=192AA3AC01DF071B541094F251DEED10 -- C:\Windows\System32\drivers\symc8xx.sys
[2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) MD5=8C8EB8C76736EBAF3B13B633B2E64125 -- C:\Windows\System32\drivers\sym_hi.sys
[2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) MD5=8072AF52B5FD103BBBA387A1E49F62CB -- C:\Windows\System32\drivers\sym_u3.sys
[2008/01/20 21:25:08 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=1239FD18895040D97B7CDBC19BC2075E -- C:\Windows\System32\drivers\tape.sys
[2009/08/14 11:27:34 | 00,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\System32\drivers\tcpip.sys
[2009/08/14 08:48:21 | 00,030,720 | ---- | M] (Microsoft Corporation) MD5=4B8F496292D40192ACB052E030C023A7 -- C:\Windows\System32\drivers\tcpipreg.sys
[2008/01/20 21:24:30 | 00,020,992 | ---- | M] (Microsoft Corporation) MD5=77937EFF009AC696B90E09F671F9D0A4 -- C:\Windows\System32\drivers\tdi.sys
[2008/01/20 21:24:34 | 00,017,920 | ---- | M] (Microsoft Corporation) MD5=5DCF5E267BE67A1AE926F2DF77FBCC56 -- C:\Windows\System32\drivers\tdpipe.sys
[2008/01/20 21:24:34 | 00,029,184 | ---- | M] (Microsoft Corporation) MD5=389C63E32B3CEFED425B61ED92D3F021 -- C:\Windows\System32\drivers\tdtcp.sys
[2009/04/10 23:45:56 | 00,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2009/04/11 01:32:52 | 00,053,224 | ---- | M] (Microsoft Corporation) MD5=3CAD38910468EAB9A6479E2F01DB43C7 -- C:\Windows\System32\drivers\termdd.sys
[2008/01/20 21:25:25 | 00,023,552 | ---- | M] (Microsoft Corporation) MD5=DCF0F056A2E4F52287264F5AB29CF206 -- C:\Windows\System32\drivers\tssecsrv.sys
[2008/01/20 21:24:51 | 00,015,360 | ---- | M] (Microsoft Corporation) MD5=CAECC0120AC49E3D2F758B9169872D38 -- C:\Windows\System32\drivers\TUNMP.SYS
[2008/01/20 21:24:51 | 00,023,040 | ---- | M] (Microsoft Corporation) MD5=119B8184E106BAEDC83FCE5DDF3950DA -- C:\Windows\System32\drivers\tunnel.sys
[2008/01/20 21:23:46 | 00,059,448 | ---- | M] (Microsoft Corporation) MD5=7D33C4DB2CE363C8518D2DFCF533941F -- C:\Windows\System32\drivers\UAGP35.SYS
[2005/07/27 16:25:28 | 00,086,784 | ---- | M] (Unibrain S.A.) MD5=EB3EC2A8895E1B642DDA1EF2AD39A45D -- C:\Windows\System32\drivers\UB1394.sys
[2005/07/27 16:25:28 | 00,077,056 | ---- | M] (Unibrain S.A.) MD5=9DD333FA5746C222BBB58AB704C78BA5 -- C:\Windows\System32\drivers\ubohci.sys
[2005/07/27 16:25:28 | 00,014,080 | ---- | M] (Unibrain S.A.) MD5=1BD61B9AC6756C58FD88FC74DCF1BD85 -- C:\Windows\System32\drivers\UBSBM.sys
[2005/07/27 16:25:28 | 00,036,352 | ---- | M] (Unibrain S.A.) MD5=64461004A7E6A59F222B45D74A164556 -- C:\Windows\System32\drivers\UBUMAPI.sys
[2009/04/10 23:13:59 | 00,226,816 | ---- | M] (Microsoft Corporation) MD5=D9728AF68C4C7693CB100B8441CBDEC6 -- C:\Windows\System32\drivers\udfs.sys
[2008/01/20 21:23:26 | 00,060,984 | ---- | M] (Microsoft Corporation) MD5=B0ACFDC9E4AF279E9116C03E014B2B27 -- C:\Windows\System32\drivers\ULIAGPKX.SYS
[2008/01/20 21:23:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) MD5=9224BB254F591DE4CA8D572A5F0D635C -- C:\Windows\System32\drivers\uliahci.sys
[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) MD5=8514D0E5CD0534467C5FC61BE94A569F -- C:\Windows\System32\drivers\ulsata.sys
[2008/01/20 21:23:47 | 00,115,816 | ---- | M] (Promise Technology, Inc.) MD5=38C3C6E62B157A6BC46594FADA45C62B -- C:\Windows\System32\drivers\ulsata2.sys
[2008/01/20 21:23:47 | 00,034,816 | ---- | M] (Microsoft Corporation) MD5=32CFF9F809AE9AED85464492BF3E32D2 -- C:\Windows\System32\drivers\umbus.sys
[2008/01/20 21:24:14 | 00,007,680 | ---- | M] (Microsoft Corporation) MD5=88BD96A1BAEED33EE8BDF9499C07A841 -- C:\Windows\System32\drivers\umpass.sys
[2009/04/10 23:46:08 | 00,015,872 | ---- | M] (Microsoft Corporation) MD5=830D5D8456B822C1247C1E59B4C464FA -- C:\Windows\System32\drivers\usb8023.sys
[2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) MD5=1DF89C499BF45D878B87EBD4421D462D -- C:\Windows\System32\drivers\usbaapl.sys
[2009/04/10 23:42:56 | 00,025,856 | ---- | M] (Microsoft Corporation) MD5=D06F193F3E9CC3B356DF97F6A43C054A -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/04/10 23:42:56 | 00,025,856 | ---- | M] (Microsoft Corporation) MD5=EAE017D3AA298374A1967B96C379C5AB -- C:\Windows\System32\drivers\USBCAMD2.sys
[2008/01/20 21:23:44 | 00,073,216 | ---- | M] (Microsoft Corporation) MD5=CAF811AE4C147FFCD5B51750C7F09142 -- C:\Windows\System32\drivers\usbccgp.sys
[2006/11/02 03:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) MD5=E9476E6C486E76BC4898074768FB7131 -- C:\Windows\System32\drivers\usbcir.sys
[2008/01/20 21:23:28 | 00,005,888 | ---- | M] (Microsoft Corporation) MD5=790FDAC6D0C762DF9047C3C625A6FF6C -- C:\Windows\System32\drivers\usbd.sys
[2009/04/10 23:42:52 | 00,039,936 | ---- | M] (Microsoft Corporation) MD5=79E96C23A97CE7B8F14D310DA2DB0C9B -- C:\Windows\System32\drivers\usbehci.sys
[2009/04/10 23:43:16 | 00,196,096 | ---- | M] (Microsoft Corporation) MD5=4673BBCB006AF60E7ABDDBE7A130BA42 -- C:\Windows\System32\drivers\usbhub.sys
[2006/11/02 03:55:05 | 00,019,456 | ---- | M] (Microsoft Corporation) MD5=38DBC7DD6CC5A72011F187425384388B -- C:\Windows\System32\drivers\usbohci.sys
[2009/04/10 23:42:57 | 00,226,304 | ---- | M] (Microsoft Corporation) MD5=A1C100A87D981AD0774FBC0B4B82E913 -- C:\Windows\System32\drivers\usbport.sys
[2008/01/20 21:23:47 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\System32\drivers\usbprint.sys
[2008/01/20 21:23:52 | 00,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\drivers\usbscan.sys
[2009/04/10 23:42:55 | 00,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/20 21:23:28 | 00,023,552 | ---- | M] (Microsoft Corporation) MD5=814D653EFC4D48BE3B04A307ECEFF56F -- C:\Windows\System32\drivers\usbuhci.sys
[2008/01/20 21:25:18 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=2E93AC0A1D8C79D019DB6C51F036636C -- C:\Windows\System32\drivers\vga.sys
[2008/01/20 21:23:28 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=87B06E1F30B749A114F74622D013F8D4 -- C:\Windows\System32\drivers\vgapnp.sys
[2008/01/20 21:23:26 | 00,056,888 | ---- | M] (Microsoft Corporation) MD5=5D7159DEF58A800D5781BA3A879627BC -- C:\Windows\System32\drivers\VIAAGP.SYS
[2008/01/20 21:23:26 | 00,041,472 | ---- | M] (Microsoft Corporation) MD5=C4F3A691B5BAD343E6249BD8C2D45DEE -- C:\Windows\System32\drivers\viac7.sys
[2008/01/20 21:23:26 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) MD5=AADF5587A4063F52C2C3FED7887426FC -- C:\Windows\System32\drivers\viaide.sys
[2008/01/20 21:24:09 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=C048D2C33D27441A0CDCAAE2651EB03D -- C:\Windows\System32\drivers\videoprt.sys
[2008/01/20 21:23:26 | 00,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\System32\drivers\volmgr.sys
[2009/04/11 01:33:03 | 00,292,840 | ---- | M] (Microsoft Corporation) MD5=23E41B834759917BFD6B9A0D625D0C28 -- C:\Windows\System32\drivers\volmgrx.sys
[2009/04/11 01:32:55 | 00,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2008/01/20 21:23:48 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=587253E09325E6BF226B299774B728A9 -- C:\Windows\System32\drivers\vsmraid.sys
[2006/11/02 03:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) MD5=48DFEE8F1AF7C8235D4E626F0C4FE031 -- C:\Windows\System32\drivers\wacompen.sys
[2008/01/20 21:24:50 | 00,062,464 | ---- | M] (Microsoft Corporation) MD5=55201897378CCA7AF8B5EFD874374A26 -- C:\Windows\System32\drivers\wanarp.sys
[2009/04/10 23:22:46 | 00,033,280 | ---- | M] (Microsoft Corporation) MD5=4A5C31E2C1646034E6A60EBA4C747FF6 -- C:\Windows\System32\drivers\watchdog.sys
[2008/01/20 21:23:49 | 00,022,072 | ---- | M] (Microsoft Corporation) MD5=78FE9542363F297B18C027B2D7E7C07F -- C:\Windows\System32\drivers\wd.sys
[2008/01/20 21:24:15 | 00,503,864 | ---- | M] (Microsoft Corporation) MD5=B6F0A7AD6D4BD325FBCD8BAC96CD8D96 -- C:\Windows\System32\drivers\Wdf01000.sys
[2008/01/20 21:24:15 | 00,035,896 | ---- | M] (Microsoft Corporation) MD5=B4FC6DD9167B058E6DBE6CB14ACFA2CB -- C:\Windows\System32\drivers\WdfLdr.sys
[2008/01/20 21:23:26 | 00,011,264 | ---- | M] (Microsoft Corporation) MD5=2E7255D172DF0B8283CDFB7B433B864E -- C:\Windows\System32\drivers\wmiacpi.sys
[2008/01/20 21:24:09 | 00,017,976 | ---- | M] (Microsoft Corporation) MD5=C546864EED786304762D030FEBF6B411 -- C:\Windows\System32\drivers\wmilib.sys
[2006/10/18 19:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) MD5=CF4DEF1BF66F06964DC0D91844239104 -- C:\Windows\System32\drivers\wpdusb.sys
[2008/01/20 21:25:11 | 00,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/20 21:25:25 | 00,051,200 | ---- | M] (Microsoft Corporation) MD5=13B5F255E90624A5BA0441D39CFB6BE2 -- C:\Windows\System32\drivers\WUDFPf.sys
[2008/01/20 21:25:25 | 00,083,328 | ---- | M] (Microsoft Corporation) MD5=AC13CB789D93412106B0FB6C7EB2BCB6 -- C:\Windows\System32\drivers\WUDFRd.sys
[2006/11/02 02:30:56 | 00,194,048 | ---- | M] (Marvell) MD5=7D1F3B131D503EF43EE594B5A2B9B427 -- C:\Windows\System32\drivers\yk60x86.sys
< End of report >

#113 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 02 November 2009 - 08:30 PM

OTL did not provide an Extras.Txt...

#114 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 03 November 2009 - 06:10 PM

Hi,

Here's the issue. The fact that ComboFix still will not run leads me to believe there is still an underlying infection, however, nothing is showing up in the logs.



What issues are remaining? Are you still getting redirected.

Can you please describe in detail how your computer is behaving.


sorry to keep asking for scans, but I want to be as thorough as I can be, to see if we can turn up the culprit.

Please do the following:


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.


Make sure you reboot before continuing:


NEXT

I'd like you to run another custom scan with OTL

  • Close all windows and open it by double clicking on the icon
  • we are targetting a selective output, hence:
    • on the left hand side, in the box titled "Processes" select none
    • on the left hand side, in the box titled "Drivers" select none
    • on the left hand side, in the box titled "Extra Registry" select none
    • on the right hand side, in the box titled "Files created within" select none
    • on the right hand side, in the box titled "Files modified within" select none
    • Under Custom Scan paste this in"
      %SYSTEMDRIVE%\dump_iaStorV.sys /s /md5
      %TEMP%\*.*
  • Click Run Scan and let the program run uninterrupted
  • It will produce one log for you called OTL.txt.  Please post both that log here in reply.
  • You may need to use two posts to get it all on the forum



NEXT

Please update your ESET antivirus and run a scan...post the results

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#115 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 03 November 2009 - 06:46 PM

Cat,
My computer seems to be running just fine.. There are no redirecting of any sort... TFC ran just fine and I had to reboot it my self.. Here is OTL.. If you feel all is well, then, I guess it will be time to start backing up files to load my Win7.. I am just afraid that if backing up any files that might have an infection and later installing them in Win7 will do more harm than good.. Eset updates it self every time I start up my PC...

OTL logfile created on: 11/3/2009 7:34:41 PM - Run 3
OTL by OldTimer - Version 3.1.3.2 Folder = C:\Users\Viper1\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.48 Gb Total Space | 65.98 Gb Free Space | 47.65% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 335.25 Gb Free Space | 89.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOSE-7166B2798B
Current User Name: Viper1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Modules (SafeList) ==========

MOD - C:\Users\Viper1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Windows\System32\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (PD91Engine) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
SRV - (PD91Agent) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP)
SRV - (HP Port Resolver) -- C:\Windows\System32\spool\drivers\w32x86\3\HPBPRO.EXE (Hewlett-Packard Company)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (HP Status Server) -- C:\Windows\System32\spool\drivers\w32x86\3\HPBOID.EXE (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.3.4
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/12 12:07:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/12 16:57:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/31 09:27:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/31 09:27:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/07/13 18:20:09 | 00,000,000 | ---D | M]

[2009/07/12 12:17:54 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Extensions
[2008/07/23 11:31:08 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/02 20:55:02 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions
[2009/07/13 17:21:25 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/15 17:14:30 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/09/15 15:33:41 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2009/09/15 15:14:05 | 00,000,000 | ---D | M] -- C:\Users\Viper1\AppData\Roaming\Mozilla\Firefox\Profiles\4vcqsnl6.default\extensions\nasanightlaunch@example.com
[2009/11/02 20:55:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/31 09:27:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/12 12:07:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/07/12 12:07:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/07/12 12:07:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/31 09:27:32 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/31 09:27:32 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/03/09 04:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/10/31 09:27:32 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/02 20:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/12 19:25:20 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/12 19:25:20 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/12 19:25:20 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/12 19:25:20 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/12 19:25:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/12 19:25:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/12 19:25:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/05 19:04:15 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/05 19:04:15 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/05 19:04:15 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/05 19:04:15 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/05 19:04:15 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/05 19:04:15 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/05 19:04:15 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cmaudio8788] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1214964226984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Custom Scans ==========


< %SYSTEMDRIVE%\dump_iaStorV.sys /s /md5 >

< %TEMP%\*.* >
[2009/11/03 19:22:28 | 00,000,950 | ---- | M] () -- C:\Users\Viper1\AppData\Local\Temp\AdobeARM.log
[2009/11/03 19:19:03 | 00,000,000 | ---- | M] () -- C:\Users\Viper1\AppData\Local\Temp\FXSAPIDebugLogFile.txt
[2009/11/03 19:22:28 | 00,000,273 | ---- | M] () -- C:\Users\Viper1\AppData\Local\Temp\libFNP_events.log
[2009/11/03 19:22:29 | 00,031,832 | ---- | M] () -- C:\Users\Viper1\AppData\Local\Temp\Viper1.bmp
[2009/11/03 19:33:00 | 00,001,020 | ---- | M] () -- C:\Users\Viper1\AppData\Local\Temp\~ROMFN_00000C30
[1 C:\Users\Viper1\AppData\Local\Temp\*.tmp files -> C:\Users\Viper1\AppData\Local\Temp\*.tmp -> ]
< End of report >

    Advertisements

Register to Remove

#116 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 03 November 2009 - 07:38 PM

Hi, Well nothing there either, I think at this point you are safe to back up your important documents, pictures, music etc. As appleoddity advised you will have to do a clean install if you are changing from 32bit to 64bit OS and all of the third party programs will need to be reinstalled. If you need specific assistance, post back in your thread in the windows forum and appleoddity will be able to assist you. Good luck

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#117 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 03 November 2009 - 07:43 PM

Thank You Very Much Cat for your Help!! \JoeCaste

#118 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 03 November 2009 - 07:45 PM

You are welcome good luck with the Win7 transition

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#119 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 07 November 2009 - 05:03 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·