bankerfoxa removal

**ganjiry** · **ganjiry** on 10th May 2010, 9:07 am

can someone help plz. as of yesterday my partners comp started gettin the popups 4 false spyware remover.... bankerfox is on this comp. ive tried using spyware terminater, and a couple of other progs. i am now stumped. op system is win 7 pro.....PLZ HELP. i hav also tried to download hijack this but as soon as i try 2 install it it just stops. task manager also stops as soon as i start it. I hav a healthy laptop aswell. i hav tried downloading mcaffee stinger on my healthy pc and transfering it on a flash drive to this infected laptop but it wont let me install anythin

**Dr Jay** · **Dr Jay** on 10th May 2010, 5:36 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:

Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

Reply to this topic with the word BUMP, or
see this topic.
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

**ganjiry** · **ganjiry** on 10th May 2010, 8:49 pm

Thanx 4 takin time 2 reply. i think i hav got rid of most of the prob as the false alerts hav now stopped after updatin and runnin stopzilla... but here is the log file from combofix........ ComboFix 10-05-10.02 - Parent 10/05/2010 21:09:48.1.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.953.241 [GMT 1:00]
Running from: c:\users\Parent\Downloads\ComboFix.exe
SP: Spyware Terminator *disabled* (Outdated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Parent\AppData\Local\cxvwpyhdk
c:\users\Parent\AppData\Local\cxvwpyhdk\qkdtufotssd.exe
c:\windows\system32\Temp

.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-10 20:19 . 2010-05-10 20:20 -------- d-----w- c:\users\Parent\AppData\Local\temp
2010-05-10 20:19 . 2010-05-10 20:19 -------- d-----w- c:\users\Learner\AppData\Local\temp
2010-05-10 20:19 . 2010-05-10 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-10 20:06 . 2010-05-10 20:06 -------- d-----w- C:\32788R22FWJFW
2010-05-10 20:04 . 2010-05-10 20:04 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-05-10 08:33 . 2010-05-10 08:33 -------- d-----w- c:\users\Parent\AppData\Local\Downloaded Installations
2010-05-09 22:24 . 2010-05-09 22:24 -------- d-----w- c:\program files\Crawler
2010-05-09 22:23 . 2010-05-09 22:23 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-05-09 22:23 . 2010-05-09 22:23 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-05-09 22:23 . 2010-05-09 22:23 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-05-09 22:23 . 2010-05-10 20:01 -------- d-----w- c:\users\Parent\AppData\Roaming\Spyware Terminator
2010-05-09 22:23 . 2010-05-10 20:01 -------- d-----w- c:\programdata\Spyware Terminator
2010-05-09 22:23 . 2010-05-10 17:03 -------- d-----w- c:\program files\Spyware Terminator
2010-05-09 21:47 . 2010-05-09 21:47 270080 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{3FCBDA7F-983F-3697-E169-609C7AC3DB0B}-qkdtufotssd.exe
2010-05-09 21:16 . 2010-05-10 14:35 -------- d-----w- c:\programdata\SITEguard
2010-05-09 21:16 . 2010-05-09 21:16 -------- d-----w- c:\program files\STOPzilla!
2010-05-09 21:16 . 2010-05-09 21:16 -------- d-----w- c:\program files\Common Files\iS3
2010-05-09 21:16 . 2010-05-10 20:20 -------- d-----w- c:\programdata\STOPzilla!
2010-05-09 17:46 . 2010-05-09 17:46 -------- d-----w- c:\program files\Ask.com
2010-05-09 17:46 . 2010-05-09 17:46 -------- d-----w- c:\program files\uTorrent
2010-05-09 17:46 . 2010-05-09 19:28 -------- d-----w- c:\users\Parent\AppData\Roaming\uTorrent
2010-05-09 17:06 . 2010-05-09 17:06 -------- d-----w- c:\users\Parent\AppData\Roaming\Arkadium
2010-05-07 23:48 . 2010-05-08 02:43 -------- d-----w- c:\users\Parent\AppData\Roaming\Righteous Kill
2010-05-05 16:05 . 2002-12-27 19:33 20569 ----a-w- c:\windows\system32\PXC25pm.dll
2010-05-05 16:05 . 2010-05-05 16:27 -------- d-----w- c:\program files\TTMessenger
2010-05-04 16:22 . 2010-05-04 16:24 -------- d-----w- c:\users\Learner\AppData\Local\Temporary Projects
2010-05-04 16:17 . 2010-05-04 16:18 -------- d-----w- c:\users\Learner\AppData\Local\Adobe
2010-05-04 15:49 . 2010-05-04 15:49 -------- d-----w- c:\users\Learner\AppData\Roaming\Texthelp Systems
2010-05-02 17:14 . 2010-05-02 17:14 -------- d-----w- c:\programdata\Trymedia
2010-05-02 13:33 . 2010-05-02 13:33 -------- d-----w- c:\programdata\Dekovir
2010-04-29 18:21 . 2010-04-29 18:21 -------- d-----w- c:\users\Parent\AppData\Roaming\Exent Technologies
2010-04-29 15:52 . 2010-04-29 15:52 -------- d-----w- c:\users\Learner\AppData\Roaming\Exent Technologies
2010-04-29 15:48 . 2010-04-29 15:48 64 ----a-w- c:\windows\GPlrLanc.dat
2010-04-29 15:48 . 2001-09-05 04:23 56320 ----a-w- c:\programdata\Free Ride Games\Setup.exe
2010-04-29 15:48 . 2010-05-07 23:22 -------- d-----w- C:\Remote Programs
2010-04-29 15:47 . 2010-04-29 15:48 -------- d-----w- c:\programdata\Free Ride Games
2010-04-29 15:47 . 2010-04-11 20:15 53314 ------w- c:\windows\ExentInfo.exe
2010-04-29 15:46 . 2010-04-29 15:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-29 15:13 . 2010-04-29 15:13 -------- d-----w- c:\users\Learner\AppData\Roaming\Sahmon Games
2010-04-28 21:01 . 2010-04-28 21:01 -------- d-----w- c:\users\Parent\AppData\Roaming\Sahmon Games
2010-04-28 20:22 . 2010-04-28 20:54 -------- d-----w- c:\program files\PuzzleInlay_at
2010-04-28 07:41 . 2010-04-28 07:41 -------- d-----w- c:\windows\system32\x64
2010-04-28 07:39 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-28 07:21 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 07:21 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-28 07:21 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 00:01 . 2010-04-28 07:21 -------- d-----w- c:\users\Learner\AppData\Local\Google
2010-04-27 20:27 . 2010-04-27 20:27 -------- d-----w- c:\programdata\n7-89-o9-3r-4t-r9
2010-04-27 20:27 . 2010-04-27 20:27 -------- d-----w- c:\users\Parent\AppData\Local\Google
2010-04-27 20:27 . 2010-04-27 20:27 -------- d-----w- c:\program files\Google
2010-04-27 20:26 . 2010-04-27 20:26 -------- d-----w- c:\users\Parent\AppData\Roaming\GameHouse
2010-04-27 09:31 . 2010-04-27 09:31 -------- d-----w- c:\programdata\PopCap Games
2010-04-26 23:27 . 2010-04-26 23:27 -------- d-----w- c:\users\Learner\AppData\Local\Microsoft Help
2010-04-26 23:26 . 2010-04-26 23:26 -------- d-----w- c:\users\Learner\AppData\Local\assembly
2010-04-26 23:09 . 2010-04-26 23:09 -------- d-----w- c:\programdata\IObit
2010-04-26 16:31 . 2010-04-26 16:31 -------- d-----w- c:\windows\Sun
2010-04-26 16:31 . 2010-04-26 16:31 -------- d-----w- c:\program files\Common Files\Java
2010-04-26 16:30 . 2010-04-26 16:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-26 16:30 . 2010-04-26 16:30 -------- d-----w- c:\program files\Java
2010-04-25 12:37 . 2010-04-25 12:37 -------- d-----w- c:\programdata\SpinTop Games
2010-04-25 12:36 . 2010-04-25 12:36 -------- d-----w- c:\users\Parent\AppData\Roaming\SpinTop
2010-04-25 10:15 . 2010-04-25 10:15 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-24 20:03 . 2010-05-09 20:55 -------- d-----w- c:\users\Parent\AppData\Roaming\IObit
2010-04-24 20:03 . 2010-04-24 20:03 -------- d-----w- c:\program files\IObit
2010-04-24 19:52 . 2010-04-24 19:52 -------- d-----w- c:\users\Parent\AppData\Local\BuildAGadget Content
2010-04-24 19:36 . 2010-04-24 19:36 -------- d-----w- c:\users\Parent\AppData\Local\Mozilla
2010-04-24 18:31 . 2010-04-24 18:31 0 ----a-w- c:\windows\nsreg.dat
2010-04-24 18:31 . 2010-04-24 18:31 -------- d-----w- c:\users\Learner\AppData\Local\Mozilla
2010-04-24 18:04 . 2010-04-24 18:04 -------- d-----w- c:\users\Learner\AppData\Local\BuildAGadget Content
2010-04-24 17:26 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-24 17:26 . 2010-04-24 17:26 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-04-24 16:19 . 2010-04-24 16:19 -------- d-----w- c:\programdata\Kristanix Games
2010-04-24 14:50 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-04-24 14:50 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-04-24 14:50 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-04-24 14:50 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-04-24 14:50 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-04-24 14:50 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-04-24 14:50 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-04-24 14:50 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-04-24 14:50 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-24 14:50 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-24 14:50 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-04-24 14:50 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-04-24 14:50 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-04-23 14:48 . 2010-05-09 19:19 -------- d-----w- c:\users\Learner\Tracing
2010-04-23 14:38 . 2010-04-23 14:38 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-04-23 14:37 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-04-23 13:51 . 2010-04-23 13:51 1923864 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-04-23 13:50 . 2010-04-23 13:50 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 13:21 . 2010-05-01 14:37 -------- d-----w- c:\program files\MyRealGames.com
2010-04-23 13:02 . 2010-04-23 13:02 -------- d-----w- c:\users\Public\OEM
2010-04-23 12:41 . 2010-04-23 12:41 -------- d-----w- c:\users\Parent\AppData\Roaming\Texthelp Systems
2010-04-23 12:32 . 2010-04-23 12:34 -------- d-----w- c:\users\Parent\AppData\Local\Paint.NET
2010-04-23 12:26 . 2010-05-10 19:00 -------- d-----w- c:\users\Parent\Tracing
2010-04-23 12:24 . 2010-04-23 12:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-23 12:24 . 2010-05-09 17:44 -------- d-----w- c:\users\Parent\AppData\Local\Adobe
2010-04-23 12:20 . 2009-11-17 09:55 1139200 ----a-w- c:\windows\system32\NIHLSPH.dll
2010-04-23 12:20 . 2008-12-08 20:01 69632 ----a-w- c:\windows\system32\nihlsp.dll
2010-04-23 11:42 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-23 11:42 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-23 11:40 . 2010-04-23 11:40 -------- d-----w- C:\Recovery

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 20:09 . 2010-05-10 16:41 3824 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-10 20:03 . 2009-12-05 03:33 -------- d-----w- c:\program files\Netintelligence Home
2010-05-06 09:36 . 2009-12-05 03:45 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 15:47 . 2009-12-05 01:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-24 18:21 . 2009-12-05 03:33 -------- d-----w- c:\programdata\Microsoft Help
2010-04-24 17:30 . 2009-12-05 03:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-23 14:48 . 2009-12-05 04:20 64336 ----a-w- c:\users\Learner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-23 14:38 . 2009-12-05 03:14 -------- d-----w- c:\program files\Microsoft
2010-04-23 14:37 . 2009-12-05 03:14 -------- d-----w- c:\program files\Windows Live
2010-04-23 12:33 . 2009-12-05 03:38 -------- d-----w- c:\program files\Paint.NET
2010-04-23 12:21 . 2009-12-05 03:32 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-23 11:43 . 2009-12-05 04:23 64336 ----a-w- c:\users\Parent\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-08 21:33 . 2010-04-24 14:49 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 17:16 . 2010-03-05 17:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2010-03-05 17:14 . 2010-03-05 17:14 442368 ----a-r- c:\windows\system32\SZBase5.dll
2010-03-05 17:13 . 2010-03-05 17:13 540672 ----a-r- c:\windows\system32\SZComp5.dll
2010-02-27 07:32 . 2010-04-24 14:49 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-24 14:49 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-24 14:49 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 14:06 . 2010-02-24 14:06 173328 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2010-02-23 07:56 . 2010-04-24 14:51 977920 ----a-w- c:\windows\system32\wininet.dll
2010-04-27 20:27 . 2010-04-27 20:27 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D2C5924-573B-44A7-4E8F-39BC043F3EBC}]
2009-07-14 01:15 180224 ----a-w- c:\windows\System32\EELSCore.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-05-09 3037696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-20 484920]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-09-24 825864]
"NIHomeAM"="c:\program files\Netintelligence Home\LiteClientAM.exe" [2009-10-28 1196544]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 703008]
"PLD_FrameworkRun"="c:\windows\system32\oem\_NowIntoDT.vbs" [2009-10-11 490]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 144384]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-05-09 2176512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PLD_FrameworkRunOnce"="c:\windows\System32\oem\_waitAndLaunch_PLD_Framework_NoWait.vbs" [2009-09-01 522]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-07 61328]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-04-27 30192]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2009-12-07 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2010-02-24 173328]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-05-09 142592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 727584]
S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NILiteClient;Netintelligence Home Edition Client;c:\program files\Netintelligence Home\LiteClient.exe [2009-10-05 2359296]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 ServiceMonitor;Service Monitor;c:\windows\system32\srvmon.exe [2009-08-25 712704]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]

.
Contents of the 'Scheduled Tasks' folder

2010-05-10 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-04-24 13:11]

2010-05-10 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-04-24 13:54]

2010-05-10 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-04-24 12:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.nextgenerationlearning.org.uk/ourhomeaccess
uInternet Settings,ProxyOverride =
IE: Crawler Search - tbr:iemenu
LSP: c:\windows\system32\NIHLSP.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\pkaa45zg.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-adwfrkoq - c:\users\Parent\AppData\Local\cxvwpyhdk\qkdtufotssd.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-10 21:25:02
ComboFix-quarantined-files.txt 2010-05-10 20:25

Pre-Run: 106,090,360,832 bytes free
Post-Run: 106,227,490,816 bytes free

- - End Of File - - 365D2BA80410593BC54224AAB05D4FD1

**Dr Jay** · **Dr Jay** on 11th May 2010, 1:49 am

Please download OTS by OldTimer and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS to start the program (if you are running on Vista then right-click the program and
choose Run as Administrator).
At the top, tick on Scan All Users section and Include MD5.
At File Age set it to 90 Days
In the Processes, Modules, Services, Drivers, and Registry
section, please set on Safe List.
In the Files Created Within and Files Modified Within section, set it to File Age
At the bottom, tick on all Safe List and Use Company Name WhiteList option
Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
Do NOT change any other settings.
Then, in the Custom Scans box, place this in:

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\System32\*.sys
%systemroot%\System32\drivers\*.dll
%systemroot%\System32\drivers\*.ini
%systemroot%\System32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

**ganjiry** · **ganjiry** on 11th May 2010, 9:19 am

thank very much 4 all ur help. everything seems fine now. i have a question tho. as i used my flash drive to trans some stuff from my ok pc to the ill one. is it safe to use it again or would it cause the pc's 2 get infected again?

**ganjiry** · **ganjiry** on 11th May 2010, 11:36 am

i am also puttin a report from my heaalthy laptop just 4 u to run over if u dont mind. i dont mean 2 waist ur time but i just want 2 check its fine as its slowed a bit and was on a network with the other 1. sorry again if waistin ur time and thank u again 4 all ur help OTL logfile created on: 10/05/2010 19:37:04 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\ryan\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.27 Gb Total Space | 178.17 Gb Free Space | 62.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN-PC
Current User Name: ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/10 19:36:45 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\ryan\Downloads\OTL.exe
PRC - [2010/04/20 12:59:42 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\TTMessenger\ttmessenger2.exe
PRC - [2010/04/16 21:55:04 | 002,176,512 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2010/04/16 21:55:04 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
PRC - [2010/04/14 17:51:18 | 001,648,480 | ---- | M] (ClanServers Hosting LLC) -- C:\Program Files (x86)\GameTracker\GSInGameService.exe
PRC - [2010/04/08 19:58:21 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/04/02 23:00:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/29 14:54:52 | 002,343,120 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/03/20 13:46:00 | 000,177,600 | R--- | M] (iS3, Inc.) -- c:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2010/03/18 16:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) -- c:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccsvchst.exe
PRC - [2009/08/22 07:20:29 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/21 01:26:02 | 000,262,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009/08/21 01:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/04 14:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files (x86)\Kontiki\KService.exe
PRC - [2008/12/10 20:21:04 | 000,630,784 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2008/12/10 20:20:34 | 002,913,792 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
PRC - [2008/12/08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2007/06/27 20:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 20:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

========== Modules (SafeList) ==========

MOD - [2010/05/10 19:36:45 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\ryan\Downloads\OTL.exe
MOD - [2009/07/14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/05 22:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/14 02:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 02:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 02:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 02:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 02:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 02:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 02:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 02:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 02:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 02:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 02:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 02:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 02:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 02:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 02:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/05/09 01:28:28 | 000,390,952 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/16 21:55:04 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010/04/14 17:51:18 | 001,648,480 | ---- | M] (ClanServers Hosting LLC) [Auto | Running] -- C:\Program Files (x86)\GameTracker\GSInGameService.exe -- (GS In-Game Service)
SRV - [2010/04/08 19:58:21 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 16:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe -- (N360)
SRV - [2010/02/10 18:07:00 | 003,458,548 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/11/05 03:17:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/21 01:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/14 04:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 04:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/06/04 14:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files (x86)\Kontiki\KService.exe -- (KService)
SRV - [2008/12/08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/26 22:15:00 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/17 19:26:51 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/02/27 03:23:54 | 000,149,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/02/27 03:23:21 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/02/27 03:23:21 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/26 00:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009/12/22 17:05:40 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/12/11 11:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/11/26 07:41:48 | 000,221,232 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2009/11/22 01:43:47 | 000,451,120 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2009/10/15 04:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2009/09/26 07:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/09/17 21:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/15 21:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/09/11 13:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/09/11 13:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/09/11 13:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/11 13:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009/08/21 21:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/08/11 21:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/14 02:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/14 02:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/14 02:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/14 02:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/14 02:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/14 01:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/14 01:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/14 01:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/14 01:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/14 01:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/14 01:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/14 01:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/14 01:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/14 01:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/14 01:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2009/07/14 01:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/14 01:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/14 01:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/14 01:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/14 01:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/14 01:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/14 00:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/14 00:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/14 00:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/14 00:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/14 00:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/14 00:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/14 00:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/20 12:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/05 01:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/25 04:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/02/03 16:46:14 | 000,077,952 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV:64bit: - [2009/02/03 16:40:13 | 000,077,432 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV:64bit: - [2008/07/04 15:33:32 | 000,115,072 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008/06/16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/06/14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2010/04/29 18:44:04 | 000,678,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/03/16 02:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100510.002\EX64.SYS -- (NAVEX15)
DRV - [2010/03/16 02:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100510.002\ENG64.SYS -- (NAVENG)
DRV - [2010/01/17 03:44:12 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/01/15 17:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)
DRV - [2010/01/15 17:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)
DRV - [2009/12/22 03:45:50 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/11/17 01:51:14 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100505.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/14 02:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 22:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 22:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2005/01/03 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27361209q4c6l0320z145f4891u26n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27361209q4c6l0320z145f4891u26n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27361209q4c6l0320z145f4891u26n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27361209q4c6l0320z145f4891u26n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Program Files (x86)\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

**ganjiry** · **ganjiry** on 11th May 2010, 11:43 am

the other half of the report.... ========== FireFox ==========

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:0.6.0.8
FF - prefs.js..extensions.enabledItems: {94000a61-af9a-4247-8db6-a949fadb0354}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: zigboom@hotmail.com:1.1.6
FF - prefs.js..extensions.enabledItems: {3ffb7be0-8bde-11de-8a39-0800200c9a66}:3.6.2.26.03.10
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files (x86)\Stopzilla!\Toolbar\Extension [2009/12/22 17:21:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/04/27 09:00:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/03/17 22:10:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/29 11:04:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/29 11:04:10 | 000,000,000 | ---D | M]

[2010/03/04 15:11:30 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\Mozilla\Extensions
[2010/05/10 15:03:35 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions
[2010/04/04 12:51:14 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/04/04 13:06:10 | 000,000,000 | ---D | M] (Purple Fox) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}
[2010/03/27 23:09:35 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010/03/14 20:41:18 | 000,000,000 | ---D | M] (Evony Toolbar) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\{94000a61-af9a-4247-8db6-a949fadb0354}
[2010/03/04 15:30:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/03/05 17:23:49 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2010/04/04 12:59:24 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010/04/13 21:24:50 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\personas@christopher.beard
[2010/04/16 19:47:48 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\zigboom@hotmail.com
[2010/04/26 23:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010/04/26 23:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/04/25 23:57:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010/03/27 23:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ya1uqscn.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/04/17 09:33:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/17 09:33:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/17 09:32:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/08 00:38:57 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2009/12/22 17:22:06 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files (x86)\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\Program Files (x86)\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files (x86)\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIFDE.EXE File not found
O4 - HKCU..\Run: [GameTracker] C:\Program Files (x86)\GameTracker\GTLite.exe (ClanServers Hosting LLC)
O4 - HKCU..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://launcher.station.sony.com/weblauncher/plugin/1.0.3.93/SOEWebInstaller.cab (SonyOnlineInstallerX)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1267443665975 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/gom/receiver/tc/FMSI.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{32f7e015-ef4c-11de-9a5c-0026c6258be0}\Shell - "" = AutoRun
O33 - MountPoints2\{32f7e015-ef4c-11de-9a5c-0026c6258be0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{32f7e018-ef4c-11de-9a5c-0026c6258be0}\Shell - "" = AutoRun
O33 - MountPoints2\{32f7e018-ef4c-11de-9a5c-0026c6258be0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{d1c738af-ef2b-11de-afc9-0026c6258be0}\Shell - "" = AutoRun
O33 - MountPoints2\{d1c738af-ef2b-11de-afc9-0026c6258be0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{d1c738de-ef2b-11de-afc9-0026c6258be0}\Shell - "" = AutoRun
O33 - MountPoints2\{d1c738de-ef2b-11de-afc9-0026c6258be0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/09 20:19:35 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\Blizzard Entertainment
[2010/05/09 20:14:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010/05/08 22:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameTracker
[2010/05/08 22:46:15 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Roaming\GameTracker
[2010/05/08 18:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2010/05/07 17:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\America's Army Server Manager
[2010/05/07 17:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\America's Army
[2010/05/06 22:17:50 | 000,000,000 | ---D | C] -- C:\Users\ryan\Documents\AA283FullInstall_Generic
[2010/05/06 19:17:36 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\DFH
[2010/05/06 19:17:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2010/05/06 19:17:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2010/05/06 19:17:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2010/05/06 18:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2010/05/06 18:30:36 | 000,000,000 | ---D | C] -- C:\Users\ryan\Documents\thq_fsw_free
[2010/05/06 16:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2010/05/02 19:12:15 | 000,000,000 | ---D | C] -- C:\Users\ryan\Documents\TTMessenger2
[2010/05/02 19:09:50 | 000,390,656 | ---- | C] (Tracker Software Products) -- C:\Windows\SysWow64\pdfxclib.dll
[2010/05/02 19:09:50 | 000,185,344 | ---- | C] (Tracker Software Products) -- C:\Windows\SysWow64\Img_cdx.dll
[2010/05/02 19:09:50 | 000,157,184 | ---- | C] (Tracker Software Products) -- C:\Windows\SysWow64\img_xchg.dll
[2010/05/02 19:09:50 | 000,144,896 | ---- | C] (Tracker Software Products) -- C:\Windows\SysWow64\xc_parse.dll
[2010/05/02 19:09:50 | 000,118,872 | ---- | C] (Tracker Software) -- C:\Windows\SysWow64\PXC25uis.dll
[2010/05/02 19:09:50 | 000,109,568 | ---- | C] (Tracker Software Products) -- C:\Windows\SysWow64\pdfxcpro.dll
[2010/05/02 19:09:50 | 000,045,142 | ---- | C] (Tracker Software) -- C:\Windows\SysWow64\PXC25s.dll
[2010/05/02 19:09:50 | 000,020,569 | ---- | C] (Tracker Software) -- C:\Windows\SysWow64\PXC25pm.dll
[2010/05/02 19:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TTMessenger
[2010/05/02 19:03:02 | 000,000,000 | ---D | C] -- C:\logs
[2010/05/02 19:03:01 | 000,000,000 | ---D | C] -- C:\Users\ryan\ChikkaDefault
[2010/05/02 19:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chikka Messenger
[2010/05/02 18:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SMS Free Sender
[2010/04/29 11:17:03 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Roaming\Apple Computer
[2010/04/29 11:14:18 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\Apple Computer
[2010/04/29 11:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/29 11:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/29 11:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/04/29 11:02:26 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\Apple
[2010/04/29 11:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/04/29 11:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/04/28 14:06:14 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010/04/28 08:22:51 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010/04/28 08:22:49 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/04/28 08:22:49 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/04/27 18:39:05 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/04/27 15:37:31 | 000,000,000 | ---D | C] -- C:\Users\ryan\Documents\Ubisoft
[2010/04/26 22:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/26 09:19:30 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Roaming\SystemRequirementsLab
[2010/04/24 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\BuildAGadget Content
[2010/04/22 18:07:00 | 000,000,000 | ---D | C] -- C:\Users\ryan\Documents\Remote Assistance Logs
[2010/04/22 09:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst
[2010/04/17 09:33:26 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/04/17 09:33:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/17 09:33:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/17 09:33:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/17 09:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/04/16 13:17:19 | 000,000,000 | ---D | C] -- C:\ijji
[2010/04/15 23:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2010/04/15 22:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/04/15 22:02:52 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/04/14 11:29:56 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/14 11:29:55 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/04/14 11:29:55 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/04/14 11:27:43 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/14 11:27:43 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/14 11:26:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/14 11:26:16 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/14 11:21:01 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/14 11:21:01 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/12 13:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/10 19:39:44 | 003,670,016 | -HS- | M] () -- C:\Users\ryan\ntuser.dat
[2010/05/10 19:09:04 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/10 16:06:00 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2010/05/10 13:12:24 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/10 13:12:24 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/10 13:06:11 | 000,000,496 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/05/10 13:05:08 | 000,000,632 | RHS- | M] () -- C:\Users\ryan\ntuser.pol
[2010/05/10 13:05:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/10 13:05:01 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2010/05/10 13:05:01 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/05/10 13:04:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/10 13:04:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/10 13:04:13 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/10 13:03:03 | 002,627,648 | -H-- | M] () -- C:\Users\ryan\AppData\Local\IconCache.db
[2010/05/10 11:05:46 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/10 11:05:46 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/10 11:05:46 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/09 17:34:19 | 000,189,480 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/05/09 17:34:19 | 000,189,480 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/05/08 22:46:41 | 000,001,028 | ---- | M] () -- C:\Users\ryan\Desktop\GameTracker Lite.lnk
[2010/05/08 18:24:51 | 000,002,056 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Demo.lnk
[2010/05/08 18:24:13 | 000,000,336 | ---- | M] () -- C:\Windows\game.ini
[2010/05/07 17:33:40 | 000,002,271 | ---- | M] () -- C:\Users\Public\Desktop\SF A-Team Videos.lnk
[2010/05/07 17:33:39 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\America's Army.lnk
[2010/05/07 17:33:39 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\America's Army Mission Editor.lnk
[2010/05/06 19:36:55 | 000,002,601 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2010/05/06 19:17:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SwSys2.bmp
[2010/05/06 19:17:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SwSys1.bmp
[2010/05/02 19:09:50 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\TTMessenger 4.lnk
[2010/04/29 11:03:51 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/27 18:39:05 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/04/27 15:37:29 | 000,002,438 | ---- | M] () -- C:\Users\Public\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
[2010/04/26 22:15:00 | 000,828,912 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/04/25 23:34:14 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/04/22 11:29:23 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/04/17 09:32:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/17 09:32:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/17 09:32:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/17 09:32:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/04/12 18:15:49 | 000,000,000 | -H-- | M] () -- C:\Users\ryan\Documents\Default.rdp
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/10 13:06:09 | 000,000,496 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/05/08 22:46:41 | 000,001,028 | ---- | C] () -- C:\Users\ryan\Desktop\GameTracker Lite.lnk
[2010/05/08 18:24:51 | 000,002,056 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Demo.lnk
[2010/05/08 18:24:13 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2010/05/07 17:33:40 | 000,002,271 | ---- | C] () -- C:\Users\Public\Desktop\SF A-Team Videos.lnk
[2010/05/07 17:33:39 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\America's Army.lnk
[2010/05/07 17:33:39 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\America's Army Mission Editor.lnk
[2010/05/06 19:17:27 | 000,002,601 | ---- | C] () -- C:\Users\Public\Documents\Global.sw2
[2010/05/06 19:17:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SwSys2.bmp
[2010/05/06 19:17:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SwSys1.bmp
[2010/05/05 23:44:54 | 000,000,000 | ---- | C] () -- C:\Users\ryan\Sti_Trace.log
[2010/05/04 19:26:05 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/05/02 19:09:50 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\pdfxcds.dll
[2010/05/02 19:09:50 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\TTMessenger 4.lnk
[2010/04/29 11:03:50 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/27 15:37:28 | 000,002,438 | ---- | C] () -- C:\Users\Public\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
[2010/04/25 23:34:14 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/04/12 18:15:49 | 000,000,000 | -H-- | C] () -- C:\Users\ryan\Documents\Default.rdp
[2010/03/28 18:54:11 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/03/27 16:59:55 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/02/23 01:09:14 | 000,142,592 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys
[2010/02/16 00:03:51 | 000,000,466 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/08 20:07:41 | 000,000,982 | ---- | C] () -- C:\Windows\SOFPLAT.ini
[2009/12/29 15:28:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/24 21:18:40 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2009/12/24 21:18:40 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/11/05 10:45:39 | 000,001,590 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/11/05 03:23:44 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/08/16 07:27:29 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/08/16 07:27:29 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/08/16 07:27:26 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/08/16 07:27:26 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/08/16 07:27:26 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:26205E86
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1E3397DC
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F84F494D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:C46995DA
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:F3176E45
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:193426B4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:9C5E2795
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1D32EC29
< End of report >

**Dr Jay** · **Dr Jay** on 11th May 2010, 5:59 pm

I needed you to do OTS, not OTL.

Please re-read my last post, and take action accordingly.

**ganjiry** · **ganjiry** on 11th May 2010, 10:54 pm

sorry posted wrong rep......................first part.......................[code]
OTS logfile created on: 11/05/2010 08:36:18 - Run 1
OTS by OldTimer - Version 3.1.31.0 Folder = C:\Users\Parent\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

953.00 Mb Total Physical Memory | 164.00 Mb Available Physical Memory | 17.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 40.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.95 Gb Total Space | 99.59 Gb Free Space | 72.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ELISE
Current User Name: Parent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Parent\Downloads\OTS.exe -> [2010/05/11 08:30:56 | 000,640,000 | ---- | M] (OldTimer Tools)
spywareterminatorupdate.exe -> C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe -> [2010/05/09 23:23:54 | 003,037,696 | ---- | M] (Crawler.com)
sp_rsser.exe -> C:\Program Files\Spyware Terminator\sp_rsser.exe -> [2010/05/09 23:23:52 | 000,488,960 | ---- | M] (Crawler.com)
spywareterminatorshield.exe -> C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe -> [2010/05/09 23:23:50 | 002,176,512 | ---- | M] (Crawler.com)
stopzilla.exe -> C:\Program Files\STOPzilla!\STOPzilla.exe -> [2010/05/07 20:33:06 | 000,177,600 | R--- | M] (iS3, Inc.)
ctoolbar.exe -> C:\Program Files\Crawler\Toolbar\CToolbar.exe -> [2010/04/30 05:47:48 | 002,374,096 | ---- | M] (Crawler.com)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)
awc.exe -> C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe -> [2010/03/29 14:54:52 | 002,343,120 | ---- | M] (IObit)
szserver.exe -> C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -> [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.)
msmpeng.exe -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
liteclientam.exe -> C:\Program Files\Netintelligence Home\LiteClientAM.exe -> [2009/10/28 01:19:04 | 001,196,544 | ---- | M] (Netintelligence Ltd)
liteclient.exe -> C:\Program Files\Netintelligence Home\LiteClient.exe -> [2009/10/05 23:18:16 | 002,359,296 | ---- | M] (Netintelligence Ltd)
epowertray.exe -> C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe -> [2009/09/30 23:47:36 | 000,703,008 | ---- | M] (Acer Incorporated)
epowersvc.exe -> C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -> [2009/09/30 23:47:14 | 000,727,584 | ---- | M] (Acer Incorporated)
epowerevent.exe -> C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe -> [2009/09/30 23:46:28 | 000,469,536 | ---- | M] (Acer Incorporated)
lmanager.exe -> C:\Program Files\Launch Manager\LManager.EXE -> [2009/09/24 13:14:56 | 000,825,864 | ---- | M] (Dritek System Inc.)
igfxext.exe -> C:\Windows\System32\igfxext.exe -> [2009/09/02 18:18:22 | 000,166,400 | ---- | M] (Intel Corporation)
greghsrw.exe -> C:\Program Files\Acer\Registration\GregHSRW.exe -> [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated)
srvmon.exe -> C:\Windows\System32\srvmon.exe -> [2009/08/25 11:45:24 | 000,712,704 | ---- | M] ()
caudiofilteragent.exe -> C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe -> [2009/07/20 07:29:00 | 000,484,920 | ---- | M] (Conexant Systems, Inc.)
taskhost.exe -> C:\Windows\System32\taskhost.exe -> [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation)
updaterservice.exe -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer)
schedulersvc.exe -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2009/06/18 02:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.)
iaanotif.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 20:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation)
ammon.exe -> C:\Program Files\Netintelligence Home\AMMon.exe -> [2008/12/04 07:20:46 | 000,657,408 | ---- | M] ()
sqlservr.exe -> C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -> [2008/07/11 02:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation)
sqlwriter.exe -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/07/10 11:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation)
psiservice_2.exe -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.)
iviregmgr.exe -> C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo)

[Modules - Safe List]
ots.exe -> C:\Users\Parent\Downloads\OTS.exe -> [2010/05/11 08:30:56 | 000,640,000 | ---- | M] (OldTimer Tools)
syshook.dll -> C:\Program Files\Acer\Acer ePower Management\SysHook.dll -> [2009/09/30 23:52:10 | 000,215,584 | ---- | M] (Acer Incorporated)
sspicli.dll -> C:\Windows\System32\sspicli.dll -> [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation)
sechost.dll -> C:\Windows\System32\sechost.dll -> [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation)
profapi.dll -> C:\Windows\System32\profapi.dll -> [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation)
kernelbase.dll -> C:\Windows\System32\KernelBase.dll -> [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation)
dwmapi.dll -> C:\Windows\System32\dwmapi.dll -> [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation)
devobj.dll -> C:\Windows\System32\devobj.dll -> [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation)
cryptbase.dll -> C:\Windows\System32\cryptbase.dll -> [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation)
cfgmgr32.dll -> C:\Windows\System32\cfgmgr32.dll -> [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\Windows\System32\msscript.ocx -> [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(sp_rssrv) Spyware Terminator Realtime Shield Service [Auto | Running] -> C:\Program Files\Spyware Terminator\sp_rsser.exe -> [2010/05/09 23:23:52 | 000,488,960 | ---- | M] (Crawler.com)
(GoogleDesktopManager-110309-193829) Google Desktop Manager 5.9.911.3589 [On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2010/04/27 21:27:48 | 000,030,192 | ---- | M] (Google)
(szserver) STOPzilla Service [Auto | Running] -> C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -> [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.)
(MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation)
(NILiteClient) Netintelligence Home Edition Client [Auto | Running] -> C:\Program Files\Netintelligence Home\LiteClient.exe -> [2009/10/05 23:18:16 | 002,359,296 | ---- | M] (Netintelligence Ltd)
(ePowerSvc) Acer ePower Service [Auto | Running] -> C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -> [2009/09/30 23:47:14 | 000,727,584 | ---- | M] (Acer Incorporated)
(Greg_Service) GRegService [Auto | Running] -> C:\Program Files\Acer\Registration\GregHSRW.exe -> [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated)
(ServiceMonitor) Service Monitor [Auto | Running] -> C:\Windows\System32\srvmon.exe -> [2009/08/25 11:45:24 | 000,712,704 | ---- | M] ()
(fsssvc) Windows Live Family Safety Service [On_Demand | Stopped] -> C:\Program Files\Windows Live\Family Safety\fsssvc.exe -> [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation)
(WwanSvc) WWAN AutoConfig [On_Demand | Stopped] -> C:\Windows\System32\wwansvc.dll -> [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation)
(WbioSrvc) Windows Biometric Service [On_Demand | Stopped] -> C:\Windows\System32\wbiosrvc.dll -> [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
(Power) Power [Auto | Running] -> C:\Windows\System32\umpo.dll -> [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation)
(Themes) Themes [Auto | Running] -> C:\Windows\System32\themeservice.dll -> [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation)
(sppuinotify) SPP Notification Service [On_Demand | Stopped] -> C:\Windows\System32\sppuinotify.dll -> [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation)
(StorSvc) Storage Service [On_Demand | Stopped] -> C:\Windows\System32\StorSvc.dll -> [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation)
(RpcEptMapper) RPC Endpoint Mapper [Unknown | Running] -> C:\Windows\System32\RpcEpMap.dll -> [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation)
(SensrSvc) Adaptive Brightness [On_Demand | Stopped] -> C:\Windows\System32\sensrsvc.dll -> [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation)
(PeerDistSvc) BranchCache [On_Demand | Stopped] -> C:\Windows\System32\PeerDistSvc.dll -> [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation)
(PNRPsvc) Peer Name Resolution Protocol [On_Demand | Stopped] -> C:\Windows\System32\pnrpsvc.dll -> [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation)
(p2pimsvc) Peer Networking Identity Manager [On_Demand | Stopped] -> C:\Windows\System32\pnrpsvc.dll -> [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation)
(HomeGroupProvider) HomeGroup Provider [On_Demand | Running] -> C:\Windows\System32\provsvc.dll -> [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation)
(PNRPAutoReg) PNRP Machine Name Publication Service [On_Demand | Stopped] -> C:\Windows\System32\pnrpauto.dll -> [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation)
(HomeGroupListener) HomeGroup Listener [On_Demand | Stopped] -> C:\Windows\System32\ListSvc.dll -> [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation)
(FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation)
(Dhcp) DHCP Client [Auto | Running] -> C:\Windows\System32\dhcpcore.dll -> [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)
(defragsvc) Disk Defragmenter [On_Demand | Stopped] -> C:\Windows\System32\defragsvc.dll -> [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
(BDESVC) BitLocker Drive Encryption Service [Unknown | Stopped] -> C:\Windows\System32\bdesvc.dll -> [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation)
(AxInstSV) ActiveX Installer (AxInstSV) [On_Demand | Stopped] -> C:\Windows\System32\AxInstSv.dll -> [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation)
(AppIDSvc) Application Identity [On_Demand | Stopped] -> C:\Windows\System32\appidsvc.dll -> [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation)
(sppsvc) Software Protection [Auto | Stopped] -> C:\Windows\System32\sppsvc.exe -> [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation)
(Updater Service) Updater Service [Auto | Running] -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer)
(NTISchedulerSvc) NTI Backup Now 5 Scheduler Service [Auto | Running] -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2009/06/18 02:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.)
(NTIBackupSvc) NTI Backup Now 5 Backup Service [On_Demand | Stopped] -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -> [2009/06/18 02:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.)
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 20:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
(MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) [Auto | Running] -> C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -> [2008/07/11 02:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation)
(SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) [Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -> [2008/07/11 02:28:06 | 000,369,688 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper100) SQL Active Directory Helper Service [Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -> [2008/07/11 02:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation)
(SQLWriter) SQL Server VSS Writer [Auto | Running] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/07/10 11:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation)
(SQLBrowser) SQL Server Browser [Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008/07/10 11:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation)
(PSI_SVC_2) Protexis Licensing V2 [Auto | Running] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.)
(IviRegMgr) IviRegMgr [Auto | Running] -> C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo)

[Driver Services - Safe List]
(sp_rsdrv2) Spyware Terminator Driver 2 [Kernel | System | Running] -> C:\Windows\System32\drivers\sp_rsdrv2.sys -> [2010/05/09 23:23:50 | 000,142,592 | ---- | M] ()
(szkgfs) szkgfs [Kernel | Boot | Running] -> C:\Windows\system32\drivers\szkgfs.sys -> [2010/02/24 15:06:36 | 000,173,328 | R--- | M] (iS3, Inc.)
(KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\ksecpkg.sys -> [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation)
(szkg5) szkg5 [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\szkg.sys -> [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.)
(is3srv) is3srv [Kernel | Boot | Stopped] -> C:\Windows\system32\drivers\is3srv.sys -> [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.)
(MpFilter) Microsoft Malware Protection Driver [File_System | System | Running] -> C:\Windows\System32\drivers\MpFilter.sys -> [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation)
(MpNWMon) Microsoft Malware Protection Network Driver [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\MpNWMon.sys -> [2009/12/02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation)
(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\athr.sys -> [2009/10/05 02:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.)
(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2009/09/02 04:48:08 | 005,946,368 | ---- | M] (Intel Corporation)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\system32\DRIVERS\SynTP.sys -> [2009/08/14 15:54:54 | 000,223,792 | ---- | M] (Synaptics Incorporated)
(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CHDRT32.sys -> [2009/08/11 05:58:30 | 000,488,448 | ---- | M] (Conexant Systems Inc.)
(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\fssfltr.sys -> [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation)
(L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\L1C62x86.sys -> [2009/07/27 08:06:44 | 000,051,712 | ---- | M] (Atheros Communications, Inc.)
(cmdide) cmdide [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\cmdide.sys -> [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.)
(adpahci) adpahci [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\adpahci.sys -> [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.)
(adp94xx) adp94xx [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\adp94xx.sys -> [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.)
(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdsbs.sys -> [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.)
(adpu320) adpu320 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\adpu320.sys -> [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\arcsas.sys -> [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.)
(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdsata.sys -> [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices)
(arc) arc [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\arc.sys -> [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.)
(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\amdxata.sys -> [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices)
(aliide) aliide [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\aliide.sys -> [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.)
(nvstor) nvstor [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\nvstor.sys -> [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation)
(nvraid) nvraid [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\nvraid.sys -> [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\nfrd960.sys -> [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation)
(LSI_SAS) LSI_SAS [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_sas.sys -> [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation)
(iaStorV) iaStorV [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\iaStorV.sys -> [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation)
(MegaSR) MegaSR [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\MegaSR.sys -> [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_scsi.sys -> [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation)
(LSI_FC) LSI_FC [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_fc.sys -> [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation)
(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_sas2.sys -> [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation)
(iirsp) iirsp [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\iirsp.sys -> [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH)
(megasas) megasas [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\megasas.sys -> [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation)
(hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\hwpolicy.sys -> [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation)
(elxstor) elxstor [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\elxstor.sys -> [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex)
(aic78xx) aic78xx [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\djsvs.sys -> [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.)
(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\HpSAMD.sys -> [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company)
(FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\fsdepends.sys -> [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation)
(vsmraid) vsmraid [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vsmraid.sys -> [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd)
(vmbus) Virtual Machine Bus [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vmbus.sys -> [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation)
(vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vhdmp.sys -> [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation)
(storflt) Disk Virtual Machine Bus Acceleration Filter Driver [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\vmstorfl.sys -> [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation)
(vdrvroot) Microsoft Virtual Drive Enumerator Driver [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\vdrvroot.sys -> [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation)
(storvsc) storvsc [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\storvsc.sys -> [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\wimmount.sys -> [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
(viaide) viaide [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\viaide.sys -> [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.)
(ql2300) ql2300 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\ql2300.sys -> [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation)
(rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\System32\drivers\rdyboost.sys -> [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation)
(ql40xx) ql40xx [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\ql40xx.sys -> [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation)
(SiSRaid4) SiSRaid4 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\sisraid4.sys -> [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems)
(pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\pcw.sys -> [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation)
(SiSRaid2) SiSRaid2 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\SiSRaid2.sys -> [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.)
(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\stexstor.sys -> [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology)
(CNG) CNG [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\cng.sys -> [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\Brserid.sys -> [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.)
(rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\system32\DRIVERS\rdpbus.sys -> [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation)
(RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running] -> C:\Windows\System32\drivers\RDPREFMP.sys -> [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation)
(RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\agilevpn.sys -> [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation)
(WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\System32\drivers\wfplwf.sys -> [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation)
(NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ndiscap.sys -> [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation)
(vwififlt) Virtual WiFi Filter Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\vwififlt.sys -> [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation)
(vwifibus) Virtual WiFi Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\vwifibus.sys -> [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation)
(1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\1394ohci.sys -> [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation)
(UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\umpass.sys -> [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation)
(mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mshidkmdf.sys -> [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation)
(MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\MTConfig.sys -> [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation)
(CompositeBus) Composite Bus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\system32\DRIVERS\CompositeBus.sys -> [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation)
(AppID) AppID Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\appid.sys -> [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation)
(scfilter) Smart card PnP Class Filter Driver [Kernel | Unknown | Stopped] -> C:\Windows\System32\drivers\scfilter.sys -> [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation)
(s3cap) s3cap [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vms3cap.sys -> [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation)
(VMBusHID) VMBusHID [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\VMBusHID.sys -> [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation)
(discache) System Attribute Cache [Kernel | System | Running] -> C:\Windows\System32\drivers\discache.sys -> [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation)
(HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\HidBatt.sys -> [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation)
(AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\acpipmi.sys -> [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation)
(AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdppm.sys -> [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation)
(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\hcw85cir.sys -> [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\BrUsbMdm.sys -> [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\BrUsbSer.sys -> [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\BrSerWdm.sys -> [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\BrFiltLo.sys -> [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\BrFiltUp.sys -> [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
(b57nd60x) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\b57nd60x.sys -> [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation)
(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\evbdx.sys -> [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation)
(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\bxvbdx.sys -> [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation)
(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\RtsUStor.sys -> [2009/06/24 03:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.)
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\iaStor.sys -> [2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation)
(NTIDrvr) NTIDrvr [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\NTIDrvr.sys -> [2009/05/05 09:46:08 | 000,015,360 | ---- | M] (NewTech Infosystems, Inc.)
(UBHelper) UBHelper [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\UBHelper.sys -> [2009/05/05 09:46:08 | 000,014,336 | ---- | M] (NewTech Infosystems Corporation)
(DKbFltr) Dritek Keyboard Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\system32\DRIVERS\DKbFltr.sys -> [2009/03/26 04:14:34 | 000,021,000 | ---- | M] (Dritek System Inc.)
(RsFx0102) RsFx0102 Driver [File_System | Disabled | Stopped] -> C:\Windows\System32\drivers\RsFx0102.sys -> [2008/07/10 11:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation)
(regi) regi [Kernel | Auto | Running] -> C:\Windows\System32\drivers\regi.sys -> [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo)
(int15.sys) int15.sys [Kernel | On_Demand | Stopped] -> C:\Windows\System32\OEM\factory\int15.sys -> [2003/10/01 15:29:50 | 000,069,632 | ---- | M] ()

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.nextgenerationlearning.org.uk/ourhomeaccess ->
HKEY_LOCAL_MACHINE\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{00000000-6E41-4FD3-8538-502F5495E5FC}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [UrlSearchHook Class] -> [2010/02/04 16:50:26 | 001,197,448 | ---- | M] (Ask.com)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> ->
< FireFox Settings [Prefs.js] > -> C:\Users\Parent\AppData\Roaming\Mozilla\FireFox\Profiles\pkaa45zg.default\prefs.js ->
browser.search.defaultengine -> "Ask.com" ->
browser.search.defaultenginename -> "Ask.com" ->
browser.search.order.1 -> "Ask.com" ->
browser.search.selectedEngine -> "Ask.com" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com/webhp?rls=ig" ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 ->
extensions.enabledItems -> custombuttons@xsms.org:0.0.4.8 ->
extensions.enabledItems -> {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3 ->
extensions.enabledItems -> pink-bee@loic.com:2.5.7 ->
extensions.enabledItems -> {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3 ->
extensions.enabledItems -> glowygreen-ff3-30@glowplug.bitasylum.net:3.6.1 ->
< FireFox Settings [User.js] > -> C:\Users\Parent\AppData\Roaming\Mozilla\FireFox\Profiles\pkaa45zg.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} -> C:\PROGRAM FILES\CRAWLER\TOOLBAR\FIREFOX\ [C:\PROGRAM FILES\CRAWLER\TOOLBAR\FIREFOX\] -> [2010/05/09 23:24:41 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/28 08:16:41 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/04/26 17:30:56 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Parent\AppData\Roaming\Mozilla\Extensions -> [2010/04/24 20:36:40 | 000,000,000 | ---D | M]
-> C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\pkaa45zg.default\extensions -> [2010/05/10 18:00:56 | 000,000,000 | ---D | M]
Aero Fox -> C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\pkaa45zg.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} -> [2010/04/24 20:57:57 | 000,000,000 | ---D | M]
WOT -> C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\pkaa45zg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2010/04/29 22:31:43 | 000,000,000 | ---D | M]
-> C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\pkaa45zg.default\extensions\custombuttons@xsms.org -> [2010/05/06 22:56:48 | 000,000,000 | ---D | M]
-> C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\pkaa45zg.default\extensions\glowygreen-ff3-30@glowplug.bitasylum.net -> [2010/05/06 23:02:00 | 000,000,000 | ---D | M]
-> C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\pkaa45zg.default\extensions\pink-bee@loic.com -> [2010/04/24 20:50:42 | 000,000,000 | ---D | M]
No name found -> C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\pkaa45zg.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions -> [2010/04/24 20:57:57 | 000,000,000 | ---D | M]
No name found -> C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\pkaa45zg.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions -> [2010/04/24 20:57:57 | 000,000,000 | ---D | M]
No name found -> C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\pkaa45zg.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions -> [2010/04/24 20:57:57 | 000,000,000 | ---D | M]
No name found -> C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\pkaa45zg.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions -> [2010/04/24 20:57:57 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
askcom.xml -> C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\pkaa45zg.default\searchplugins\askcom.xml -> [2010/05/09 19:06:51 | 000,002,429 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/04/26 17:31:01 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/05/09 22:17:38 | 000,000,860 | ---- | M] - 23 lines) -> C:\Windows\System32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{060235DC-6D84-47BD-95D7-A4EF5099A59D} [HKLM] -> C:\Program Files\Texthelp Systems\Read and Write 9\texthelpbho.dll [txthlpBHO Class] -> [2005/12/14 20:22:12 | 000,040,960 | ---- | M] ()
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKLM] -> C:\Program Files\Crawler\Toolbar\ctbr.dll [] -> [2010/04/30 05:47:58 | 001,243,600 | ---- | M] (Crawler.com)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{5D2C5924-573B-44A7-4E8F-39BC043F3EBC} [HKLM] -> C:\Windows\System32\EELSCore.dll [Groove Folder Synchronization] -> [2009/07/14 02:15:14 | 000,180,224 | ---- | M] ()
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 20:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
{A17B153F-2267-4161-A165-73DCD6C31BEF} [HKLM] -> C:\Program Files\Texthelp Systems\Read and Write 9\ba3bho.dll [ba3HelperObj Class] -> [2005/05/18 23:13:14 | 000,040,960 | ---- | M] ()
{D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/02/04 16:50:26 | 001,197,448 | ---- | M] (Ask.com)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
{E3215F20-3212-11D6-9F8B-00D0B743919D} [HKLM] -> C:\Program Files\STOPzilla!\SZIEBHO.dll [STOPzilla Browser Helper Object] -> [2010/05/07 20:33:12 | 000,247,232 | R--- | M] (iS3, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> C:\Program Files\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar] -> [2010/04/30 05:47:58 | 001,243,600 | ---- | M] (Crawler.com)
"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/02/04 16:50:26 | 001,197,448 | ---- | M] (Ask.com)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> C:\Program Files\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar] -> [2010/04/30 05:47:58 | 001,243,600 | ---- | M] (Crawler.com)
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/02/04 16:50:26 | 001,197,448 | ---- | M] (Ask.com)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Acer ePower Management" -> C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe] -> [2009/09/30 23:47:36 | 000,703,008 | ---- | M] (Acer Incorporated)
"cAudioFilterAgent" -> C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe [C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe] -> [2009/07/20 07:29:00 | 000,484,920 | ---- | M] (Conexant Systems, Inc.)
"IAAnotif" -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
"LManager" -> C:\Program Files\Launch Manager\LManager.EXE [C:\Program Files\Launch Manager\LManager.exe] -> [2009/09/24 13:14:56 | 000,825,864 | ---- | M] (Dritek System Inc.)
"NIHomeAM" -> C:\Program Files\Netintelligence Home\LiteClientAM.exe ["C:\Program Files\Netintelligence Home\LiteClientAM.exe"] -> [2009/10/28 01:19:04 | 001,196,544 | ---- | M] (Netintelligence Ltd)
"PLD_FrameworkRun" -> C:\Windows\System32\OEM\_NowIntoDT.vbs [c:\windows\system32\oem\_NowIntoDT.vbs] -> [2009/10/11 17:49:06 | 000,000,490 | ---- | M] ()
"SpywareTerminator" -> C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe ["C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"] -> [2010/05/09 23:23:50 | 002,176,512 | ---- | M] (Crawler.com)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"PLD_FrameworkRunOnce" -> C:\Windows\System32\OEM\_waitAndLaunch_PLD_Framework_NoWait.vbs [c:\Windows\System32\oem\_waitAndLaunch_PLD_Framework_NoWait.vbs] -> [2009/09/01 09:30:36 | 000,000,522 | ---- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SpywareTerminatorUpdate" -> C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe ["C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"] -> [2010/05/09 23:23:54 | 003,037,696 | ---- | M] (Crawler.com)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [5] -> File not found
\\"ConsentPromptBehaviorUser" -> [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Crawler Search -> [tbr:iemenu] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/07/26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/07/26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 13:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

**ganjiry** · **ganjiry** on 11th May 2010, 10:55 pm

second part................." -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4810 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
GD [:Range = 127.0.0.1] -> http = Local intranet | ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{149E45D8-163E-4189-86FC-45022AB2B6C9} [HKLM] -> file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx [SpinTop DRM Control] ->
{6A060448-60F9-11D5-A6CD-0002B31F7455} [HKLM] -> [ExentInf Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{BE98FA1F-0EF3-46B5-99A3-8100C099DBD0}\\DhcpNameServer -> 192.168.0.1 (Atheros AR5B93 Wireless Network Adapter) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2010/04/27 21:27:49 | 000,123,392 | ---- | M] (Google)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> explorer.exe -> [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\System32\SystemPropertiesPerformance.exe -> [2009/07/14 02:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2009/09/02 04:17:48 | 000,217,088 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
pku2u -> C:\Windows\System32\pku2u.dll -> [2009/07/14 02:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009/06/10 22:42:20 | 000,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\\ ->
.exe [@ = exefile] -> Reg Error: Key error. -> File not found

[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.l3acm" -> C:\Windows\System32\l3codeca.acm [C:\Windows\System32\l3codeca.acm] -> [2009/07/14 02:14:10 | 000,064,000 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.siren" -> C:\Windows\System32\sirenacm.dll [sirenacm.dll] -> [2009/07/26 16:44:56 | 000,048,448 | ---- | M] (Microsoft Corporation)
"MSVideo8" -> C:\Windows\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2009/07/14 02:16:17 | 000,056,832 | ---- | M] (Microsoft Corporation)
"vidc.cvid" -> C:\Windows\System32\iccvid.dll [iccvid.dll] -> [2009/07/14 02:15:26 | 000,082,944 | ---- | M] (Radius Inc.)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Program Files\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2008/10/25 15:18:50 | 000,172,880 | ---- | M] ()
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/27 04:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\Windows\System32\Adobe\Director\SwDir.dll [Shockwave ActiveX Control] -> [2009/10/29 06:44:46 | 000,210,360 | ---- | M] (Adobe Systems, Inc.)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\Windows\System32\Adobe\Director\SwDir.dll [Shockwave ActiveX Control] -> [2009/10/29 06:44:46 | 000,210,360 | ---- | M] (Adobe Systems, Inc.)
{3E4D4F1C-2AEE-11D1-9D3D-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [oleprn Class] -> [2009/07/14 02:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation)
{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2009/03/06 13:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{435899C9-44AB-11D1-AF00-080036234103} [HKLM] -> C:\Windows\System32\oleprn.dll [DSPrintQueue Class] -> [2009/07/14 02:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation)
{4F07F79F-087F-42cf-8B36-7A88D06088E9} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)
{4F664F91-FF01-11D0-8AED-00C04FD7B597} [HKLM] -> C:\Windows\System32\oleprn.dll [OleSNMP Class] -> [2009/07/14 02:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/04/26 17:30:38 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)
{62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2009/03/06 13:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{65303443-AD66-11D1-9D65-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [OleCvt Class] -> [2009/07/14 02:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation)
{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2009/03/06 12:01:06 | 002,335,648 | ---- | M] (Microsoft Corporation)
{6A060448-60F9-11D5-A6CD-0002B31F7455} [HKLM] -> C:\Windows\Downloaded Program Files\ExentCtl.ocx [ExentInf Class] -> [2010/03/18 13:18:36 | 000,509,304 | ---- | M] (Exent Technologies Ltd.)
{760C4B83-E211-11D2-BF3E-00805FBE84A6} [HKLM] -> C:\Windows\System32\msnetobj.dll [Windows Media Services DRM Storage object] -> [2009/07/14 02:15:46 | 000,265,216 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{884e2049-217d-11da-b2a4-000e7bbb2b09} [HKLM] -> C:\Windows\System32\CertEnrollCtrl.exe [X509 Enrollment WebClassFactory] -> [2009/07/14 02:14:13 | 000,067,072 | ---- | M] (Microsoft Corporation)
{884e2051-217d-11da-b2a4-000e7bbb2b09} [HKLM] -> C:\Windows\System32\CertEnroll.dll [X509 Machine Enrollment Factory] -> [2009/09/03 08:04:15 | 001,320,960 | ---- | M] (Microsoft Corporation)
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2010/04/26 17:30:34 | 000,108,320 | ---- | M] ()
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKCU] -> C:\Program Files\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2010/04/26 17:30:34 | 000,108,320 | ---- | M] ()
{8E4062D9-FE1B-4b9e-AA16-5E8EEF68F48E} [HKLM] -> C:\Windows\System32\RegCtrl.dll [Registration Control] -> [2009/07/14 02:16:13 | 000,041,472 | ---- | M] (Microsoft Corporation)
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 13:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{92337A8C-E11D-11D0-BE48-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [prturl Class] -> [2009/07/14 02:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation)
{9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [HKLM] -> C:\Windows\System32\msnetobj.dll [RMGetLicense Class] -> [2009/07/14 02:15:46 | 000,265,216 | ---- | M] (Microsoft Corporation)
{BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2008/11/21 11:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found
{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2009/03/06 13:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{C2828995-4A83-4100-A212-3024BA117356} [HKLM] -> C:\Program Files\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll [Windows Live Upload Tool] -> [2008/10/29 20:46:56 | 000,245,112 | ---- | M] (Microsoft Corporation)
{C3701884-B39B-11D1-9D68-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [OleInstall Class] -> [2009/07/14 02:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation)
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 15:18:46 | 000,054,152 | ---- | M] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2010/04/04 00:22:06 | 000,660,912 | ---- | M] (Adobe Systems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2010/04/26 17:30:34 | 000,108,320 | ---- | M] ()
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKCU] -> C:\Program Files\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2010/04/26 17:30:34 | 000,108,320 | ---- | M] ()
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2010/04/26 17:30:34 | 000,108,320 | ---- | M] ()
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} [HKCU] -> C:\Program Files\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2010/04/26 17:30:34 | 000,108,320 | ---- | M] ()
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2010/04/26 17:30:34 | 000,108,320 | ---- | M] ()
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} [HKCU] -> C:\Program Files\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2010/04/26 17:30:34 | 000,108,320 | ---- | M] ()
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\Windows\System32\deploytk.dll [Deployment Toolkit] -> [2010/04/26 17:30:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/27 04:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation)
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\Windows\System32\Macromed\Flash\Flash10c.ocx [Shockwave Flash Object] -> [2009/07/18 04:12:12 | 003,979,680 | R--- | M] (Adobe Systems, Inc.)
{DFEAF541-F3E1-4c24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 00:33:56 | 000,876,872 | ---- | M] ( Microsoft Corporation)
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)
{E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2009/03/06 13:23:50 | 000,022,432 | ---- | M] (Microsoft Corporation)
{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Program Files\Common Files\microsoft shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2008/10/26 14:42:16 | 000,482,656 | ---- | M] ()
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{060235DC-6D84-47BD-95D7-A4EF5099A59D} [HKLM] -> C:\Program Files\Texthelp Systems\Read and Write 9\texthelpbho.dll [txthlpBHO Class] -> [2005/12/14 20:22:12 | 000,040,960 | ---- | M] ()
{149E45D8-163E-4189-86FC-45022AB2B6C9} [HKLM] -> C:\Windows\Downloaded Program Files\stg_drm.ocx [SpinTop DRM Control] -> [2008/03/05 07:03:40 | 000,111,952 | ---- | M] (SpinTop Media Inc.)
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKLM] -> C:\Program Files\Crawler\Toolbar\ctbr.dll [] -> [2010/04/30 05:47:58 | 001,243,600 | ---- | M] (Crawler.com)
{21FA44EF-376D-4D53-9B0F-8A89D3229068} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKLM] -> C:\Program Files\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar] -> [2010/04/30 05:47:58 | 001,243,600 | ---- | M] (Crawler.com)
{6A060448-60F9-11D5-A6CD-0002B31F7455} [HKLM] -> C:\Windows\Downloaded Program Files\ExentCtl.ocx [ExentInf Class] -> [2010/03/18 13:18:36 | 000,509,304 | ---- | M] (Exent Technologies Ltd.)
{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 20:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
{A17B153F-2267-4161-A165-73DCD6C31BEF} [HKLM] -> C:\Program Files\Texthelp Systems\Read and Write 9\ba3bho.dll [ba3HelperObj Class] -> [2005/05/18 23:13:14 | 000,040,960 | ---- | M] ()
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\Windows\System32\Macromed\Flash\Flash10c.ocx [Shockwave Flash Object] -> [2009/07/18 04:12:12 | 003,979,680 | R--- | M] (Adobe Systems, Inc.)
{D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/02/04 16:50:26 | 001,197,448 | ---- | M] (Ask.com)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{060235DC-6D84-47BD-95D7-A4EF5099A59D} [HKLM] -> C:\Program Files\Texthelp Systems\Read and Write 9\texthelpbho.dll [txthlpBHO Class] -> [2005/12/14 20:22:12 | 000,040,960 | ---- | M] ()
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKLM] -> C:\Program Files\Crawler\Toolbar\ctbr.dll [] -> [2010/04/30 05:47:58 | 001,243,600 | ---- | M] (Crawler.com)
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{21FA44EF-376D-4D53-9B0F-8A89D3229068} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKLM] -> C:\Program Files\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar] -> [2010/04/30 05:47:58 | 001,243,600 | ---- | M] (Crawler.com)
{5C255C8A-E604-49B4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{5D2C5924-573B-44A7-4E8F-39BC043F3EBC} [HKLM] -> C:\Windows\System32\EELSCore.dll [Groove Folder Synchronization] -> [2009/07/14 02:15:14 | 000,180,224 | ---- | M] ()
{6A060448-60F9-11D5-A6CD-0002B31F7455} [HKLM] -> C:\Windows\Downloaded Program Files\ExentCtl.ocx [ExentInf Class] -> [2010/03/18 13:18:36 | 000,509,304 | ---- | M] (Exent Technologies Ltd.)
{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 20:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
{8736C681-37A0-40C6-A0F0-4C083409151C} [HKLM] -> C:\Program Files\Crawler\Toolbar\CToolbar.exe [] -> [2010/04/30 05:47:48 | 002,374,096 | ---- | M] (Crawler.com)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A17B153F-2267-4161-A165-73DCD6C31BEF} [HKLM] -> C:\Program Files\Texthelp Systems\Read and Write 9\ba3bho.dll [ba3HelperObj Class] -> [2005/05/18 23:13:14 | 000,040,960 | ---- | M] ()
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll [MessengerStatsClient Class] -> [2007/02/22 23:41:12 | 000,304,544 | ---- | M] (Microsoft Corporation)
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\Windows\System32\Macromed\Flash\Flash10c.ocx [Shockwave Flash Object] -> [2009/07/18 04:12:12 | 003,979,680 | R--- | M] (Adobe Systems, Inc.)
{D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/02/04 16:50:26 | 001,197,448 | ---- | M] (Ask.com)
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 00:33:56 | 000,876,872 | ---- | M] ( Microsoft Corporation)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)
{E3215F20-3212-11D6-9F8B-00D0B743919D} [HKLM] -> C:\Program Files\STOPzilla!\SZIEBHO.dll [STOPzilla Browser Helper Object] -> [2010/05/07 20:33:12 | 000,247,232 | R--- | M] (iS3, Inc.)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
FastUserSwitchingCompatibility -> -> File not found
Ias -> C:\Windows\System32\ias -> [2009/07/14 03:37:08 | 000,000,000 | ---D | M]
Nla -> -> File not found
Ntmssvc -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
SRService -> -> File not found
Wmi -> C:\Windows\System32\wmi.dll -> [2009/07/14 02:11:09 | 000,005,120 | ---- | M] (Microsoft Corporation)
WmdmPmSp -> -> File not found
LogonHours -> -> File not found
PCAudit -> -> File not found
helpsvc -> -> File not found
uploadmgr -> -> File not found
Themes -> C:\Windows\System32\themeservice.dll -> [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation)
BDESVC -> C:\Windows\System32\bdesvc.dll -> [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
MsMpSvc -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation)
NTDS -> -> File not found
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Power -> C:\Windows\System32\umpo.dll -> [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation)
Primary disk -> Driver Group
RpcEptMapper -> C:\Windows\System32\RpcEpMap.dll -> [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation)
sacsvr -> Service
SCSI Class -> Driver Group
System Bus Extender -> Driver Group
vmms -> Service
WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation)
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{50DD5230-BA8A-11D1-BF5D-0000F805F530} -> Smart card readers
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
Dhcp -> C:\Windows\System32\dhcpcore.dll -> [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
Messenger -> -> File not found
MsMpSvc -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation)
NDIS Wrapper -> Driver Group
ndiscap -> C:\Windows\System32\drivers\ndiscap.sys -> [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation)
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
NTDS -> -> File not found
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Power -> C:\Windows\System32\umpo.dll -> [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation)
Primary disk -> Driver Group
rdsessmgr -> Service
RpcEptMapper -> C:\Windows\System32\RpcEpMap.dll -> [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation)
sacsvr -> Service
SCSI Class -> Driver Group
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vmms -> Service
WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation)
WudfUsbccidDriver -> Driver

[Files/Folders - Created Within 30 Days]
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2010/05/10 21:25:14 | 000,000,000 | -HSD | C]
temp -> C:\Windows\temp -> [2010/05/10 21:25:09 | 000,000,000 | ---D | C]
temp -> C:\Users\Parent\AppData\Local\temp -> [2010/05/10 21:25:08 | 000,000,000 | ---D | C]
SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2010/05/10 21:06:26 | 000,212,480 | ---- | C] (SteelWerX)
32788R22FWJFW -> C:\32788R22FWJFW -> [2010/05/10 21:06:23 | 000,000,000 | ---D | C]
PROCEXP113.SYS -> C:\Windows\System32\drivers\PROCEXP113.SYS -> [2010/05/10 21:04:35 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com)
SWREG.exe -> C:\Windows\SWREG.exe -> [2010/05/10 21:03:11 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\Windows\SWSC.exe -> [2010/05/10 21:03:11 | 000,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2010/05/10 21:03:11 | 000,031,232 | ---- | C] (NirSoft)
ERDNT -> C:\Windows\ERDNT -> [2010/05/10 21:02:55 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/05/10 21:00:00 | 000,000,000 | ---D | C]
Downloaded Installations -> C:\Users\Parent\AppData\Local\Downloaded Installations -> [2010/05/10 09:33:43 | 000,000,000 | ---D | C]
Crawler -> C:\Program Files\Crawler -> [2010/05/09 23:24:01 | 000,000,000 | ---D | C]
Spyware Terminator -> C:\Users\Parent\AppData\Roaming\Spyware Terminator -> [2010/05/09 23:23:45 | 000,000,000 | ---D | C]
Spyware Terminator -> C:\ProgramData\Spyware Terminator -> [2010/05/09 23:23:36 | 000,000,000 | ---D | C]
Spyware Terminator -> C:\Program Files\Spyware Terminator -> [2010/05/09 23:23:28 | 000,000,000 | ---D | C]
SITEguard -> C:\ProgramData\SITEguard -> [2010/05/09 22:16:36 | 000,000,000 | ---D | C]
STOPzilla! -> C:\Program Files\STOPzilla! -> [2010/05/09 22:16:07 | 000,000,000 | ---D | C]
iS3 -> C:\Program Files\Common Files\iS3 -> [2010/05/09 22:16:05 | 000,000,000 | ---D | C]
STOPzilla! -> C:\ProgramData\STOPzilla! -> [2010/05/09 22:16:03 | 000,000,000 | ---D | C]
Ask.com -> C:\Program Files\Ask.com -> [2010/05/09 18:46:38 | 000,000,000 | ---D | C]
uTorrent -> C:\Program Files\uTorrent -> [2010/05/09 18:46:24 | 000,000,000 | ---D | C]
uTorrent -> C:\Users\Parent\AppData\Roaming\uTorrent -> [2010/05/09 18:46:11 | 000,000,000 | ---D | C]
Arkadium -> C:\Users\Parent\AppData\Roaming\Arkadium -> [2010/05/09 18:06:46 | 000,000,000 | ---D | C]
Righteous Kill -> C:\Users\Parent\AppData\Roaming\Righteous Kill -> [2010/05/08 00:48:30 | 000,000,000 | ---D | C]
PXC25pm.dll -> C:\Windows\System32\PXC25pm.dll -> [2010/05/05 17:05:56 | 000,020,569 | ---- | C] (Tracker Software)
TTMessenger -> C:\Program Files\TTMessenger -> [2010/05/05 17:05:50 | 000,000,000 | ---D | C]
Trymedia -> C:\ProgramData\Trymedia -> [2010/05/02 18:14:33 | 000,000,000 | ---D | C]
Dekovir -> C:\ProgramData\Dekovir -> [2010/05/02 14:33:50 | 000,000,000 | ---D | C]
Exent Technologies -> C:\Users\Parent\AppData\Roaming\Exent Technologies -> [2010/04/29 19:21:07 | 000,000,000 | ---D | C]
Remote Programs -> C:\Remote Programs -> [2010/04/29 16:48:02 | 000,000,000 | ---D | C]
Free Ride Games -> C:\ProgramData\Free Ride Games -> [2010/04/29 16:47:58 | 000,000,000 | ---D | C]
ExentInfo.exe -> C:\Windows\ExentInfo.exe -> [2010/04/29 16:47:40 | 000,053,314 | ---- | C] (Exent Technologies Ltd.)
InstallShield -> C:\Program Files\Common Files\InstallShield -> [2010/04/29 16:46:55 | 000,000,000 | ---D | C]
Sahmon Games -> C:\Users\Parent\AppData\Roaming\Sahmon Games -> [2010/04/28 22:01:23 | 000,000,000 | ---D | C]
PuzzleInlay_at -> C:\Program Files\PuzzleInlay_at -> [2010/04/28 21:22:16 | 000,000,000 | ---D | C]
x64 -> C:\Windows\System32\x64 -> [2010/04/28 08:41:13 | 000,000,000 | ---D | C]
lsasrv.dll -> C:\Windows\System32\lsasrv.dll -> [2010/04/28 08:21:35 | 001,037,312 | ---- | C] (Microsoft Corporation)
ksecpkg.sys -> C:\Windows\System32\drivers\ksecpkg.sys -> [2010/04/28 08:21:35 | 000,133,720 | ---- | C] (Microsoft Corporation)
n7-89-o9-3r-4t-r9 -> C:\ProgramData\n7-89-o9-3r-4t-r9 -> [2010/04/27 21:27:54 | 000,000,000 | ---D | C]
My Google Gadgets -> C:\Users\Parent\Documents\My Google Gadgets -> [2010/04/27 21:27:21 | 000,000,000 | ---D | C]
Google -> C:\Users\Parent\AppData\Local\Google -> [2010/04/27 21:27:17 | 000,000,000 | ---D | C]
Google -> C:\Program Files\Google -> [2010/04/27 21:27:10 | 000,000,000 | ---D | C]
GameHouse -> C:\Users\Parent\AppData\Roaming\GameHouse -> [2010/04/27 21:26:38 | 000,000,000 | ---D | C]
PopCap Games -> C:\ProgramData\PopCap Games -> [2010/04/27 10:31:02 | 000,000,000 | ---D | C]
IObit -> C:\ProgramData\IObit -> [2010/04/27 00:09:02 | 000,000,000 | ---D | C]
Sun -> C:\Windows\Sun -> [2010/04/26 17:31:37 | 000,000,000 | ---D | C]
Sun -> C:\ProgramData\Sun -> [2010/04/26 17:31:27 | 000,000,000 | ---D | C]
Java -> C:\Program Files\Common Files\Java -> [2010/04/26 17:31:21 | 000,000,000 | ---D | C]
Java -> C:\Program Files\Java -> [2010/04/26 17:30:21 | 000,000,000 | ---D | C]
SpinTop Games -> C:\ProgramData\SpinTop Games -> [2010/04/25 13:37:33 | 000,000,000 | ---D | C]
TEMP -> C:\ProgramData\TEMP -> [2010/04/25 13:37:13 | 000,000,000 | ---D | C]
SpinTop -> C:\Users\Parent\AppData\Roaming\SpinTop -> [2010/04/25 13:36:51 | 000,000,000 | ---D | C]
Office Genuine Advantage -> C:\ProgramData\Office Genuine Advantage -> [2010/04/25 11:15:34 | 000,000,000 | ---D | C]
IObit -> C:\Users\Parent\AppData\Roaming\IObit -> [2010/04/24 21:03:12 | 000,000,000 | ---D | C]
IObit -> C:\Program Files\IObit -> [2010/04/24 21:03:10 | 000,000,000 | ---D | C]
BuildAGadget Content -> C:\Users\Parent\AppData\Local\BuildAGadget Content -> [2010/04/24 20:52:23 | 000,000,000 | ---D | C]
Mozilla -> C:\Users\Parent\AppData\Roaming\Mozilla -> [2010/04/24 20:36:29 | 000,000,000 | ---D | C]
Mozilla -> C:\Users\Parent\AppData\Local\Mozilla -> [2010/04/24 20:36:29 | 000,000,000 | ---D | C]
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2010/04/24 19:31:41 | 000,000,000 | ---D | C]
browserchoice.exe -> C:\Windows\System32\browserchoice.exe -> [2010/04/24 18:26:59 | 000,293,376 | ---- | C] (Microsoft Corporation)
Kristanix Games -> C:\ProgramData\Kristanix Games -> [2010/04/24 17:19:16 | 000,000,000 | ---D | C]
mstime.dll -> C:\Windows\System32\mstime.dll -> [2010/04/24 15:51:34 | 000,606,208 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2010/04/24 15:51:33 | 000,381,440 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2010/04/24 15:51:33 | 000,064,512 | ---- | C] (Microsoft Corporation)
explorer.exe -> C:\Windows\explorer.exe -> [2010/04/24 15:51:25 | 002,614,272 | ---- | C] (Microsoft Corporation)
jscript.dll -> C:\Windows\System32\jscript.dll -> [2010/04/24 15:51:13 | 000,716,800 | ---- | C] (Microsoft Corporation)
t2embed.dll -> C:\Windows\System32\t2embed.dll -> [2010/04/24 15:51:10 | 000,108,544 | ---- | C] (Microsoft Corporation)
fontsub.dll -> C:\Windows\System32\fontsub.dll -> [2010/04/24 15:51:09 | 000,070,656 | ---- | C] (Microsoft Corporation)
quartz.dll -> C:\Windows\System32\quartz.dll -> [2010/04/24 15:50:35 | 001,328,640 | ---- | C] (Microsoft Corporation)
avifil32.dll -> C:\Windows\System32\avifil32.dll -> [2010/04/24 15:50:34 | 000,091,648 | ---- | C] (Microsoft Corporation)
mciavi32.dll -> C:\Windows\System32\mciavi32.dll -> [2010/04/24 15:50:34 | 000,084,480 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\System32\ntoskrnl.exe -> [2010/04/24 15:50:31 | 003,899,280 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> C:\Windows\System32\ntkrnlpa.exe -> [2010/04/24 15:50:30 | 003,954,568 | ---- | C] (Microsoft Corporation)
CPFilters.dll -> C:\Windows\System32\CPFilters.dll -> [2010/04/24 15:50:24 | 000,641,536 | ---- | C] (Microsoft Corporation)
msdri.dll -> C:\Windows\System32\msdri.dll -> [2010/04/24 15:50:23 | 000,417,792 | ---- | C] (Microsoft Corporation)
MSNP.ax -> C:\Windows\System32\MSNP.ax -> [2010/04/24 15:50:23 | 000,204,288 | ---- | C] (Microsoft Corporation)
psisdecd.dll -> C:\Windows\System32\psisdecd.dll -> [2010/04/24 15:50:22 | 000,465,408 | ---- | C] (Microsoft Corporation)
tzres.dll -> C:\Windows\System32\tzres.dll -> [2010/04/24 15:49:58 | 000,002,048 | ---- | C] (Microsoft Corporation)
vbscript.dll -> C:\Windows\System32\vbscript.dll -> [2010/04/24 15:49:48 | 000,427,520 | ---- | C] (Microsoft Corporation)
secproc.dll -> C:\Windows\System32\secproc.dll -> [2010/04/24 15:49:47 | 000,369,152 | ---- | C] (Microsoft Corporation)
secproc_isv.dll -> C:\Windows\System32\secproc_isv.dll -> [2010/04/24 15:49:47 | 000,365,568 | ---- | C] (Microsoft Corporation)
RMActivate_isv.exe -> C:\Windows\System32\RMActivate_isv.exe -> [2010/04/24 15:49:47 | 000,324,608 | ---- | C] (Microsoft Corporation)
RMActivate.exe -> C:\Windows\System32\RMActivate.exe -> [2010/04/24 15:49:46 | 000,320,512 | ---- | C] (Microsoft Corporation)
RMActivate_ssp.exe -> C:\Windows\System32\RMActivate_ssp.exe -> [2010/04/24 15:49:46 | 000,280,064 | ---- | C] (Microsoft Corporation)
RMActivate_ssp_isv.exe -> C:\Windows\System32\RMActivate_ssp_isv.exe -> [2010/04/24 15:49:46 | 000,277,504 | ---- | C] (Microsoft Corporation)
secproc_ssp_isv.dll -> C:\Windows\System32\secproc_ssp_isv.dll -> [2010/04/24 15:49:46 | 000,085,504 | ---- | C] (Microsoft Corporation)
secproc_ssp.dll -> C:\Windows\System32\secproc_ssp.dll -> [2010/04/24 15:49:46 | 000,085,504 | ---- | C] (Microsoft Corporation)
Microsoft Office Outlook Connector -> C:\Program Files\Microsoft Office Outlook Connector -> [2010/04/23 15:38:00 | 000,000,000 | ---D | C]
fssfltr.sys -> C:\Windows\System32\drivers\fssfltr.sys -> [2010/04/23 15:37:48 | 000,054,632 | ---- | C] (Microsoft Corporation)
MyRealGames.com -> C:\Program Files\MyRealGames.com -> [2010/04/23 14:21:01 | 000,000,000 | ---D | C]
Texthelp Systems -> C:\Users\Parent\AppData\Roaming\Texthelp Systems -> [2010/04/23 13:41:57 | 000,000,000 | ---D | C]
Paint.NET -> C:\Users\Parent\AppData\Local\Paint.NET -> [2010/04/23 13:32:24 | 000,000,000 | ---D | C]
Tracing -> C:\Users\Parent\Tracing -> [2010/04/23 13:26:10 | 000,000,000 | ---D | C]
Adobe -> C:\Program Files\Common Files\Adobe -> [2010/04/23 13:24:31 | 000,000,000 | ---D | C]
Adobe -> C:\Users\Parent\AppData\Local\Adobe -> [2010/04/23 13:24:06 | 000,000,000 | ---D | C]
NIHLSPH.dll -> C:\Windows\System32\NIHLSPH.dll -> [2010/04/23 13:20:01 | 001,139,200 | ---- | C] (Netintelligence Ltd)
nihlsp.dll -> C:\Windows\System32\nihlsp.dll -> [2010/04/23 13:20:01 | 000,069,632 | ---- | C] (iomart Ltd)
Macromedia -> C:\Users\Parent\AppData\Roaming\Macromedia -> [2010/04/23 13:08:39 | 000,000,000 | ---D | C]
Adobe -> C:\Users\Parent\AppData\Roaming\Adobe -> [2010/04/23 12:50:20 | 000,000,000 | ---D | C]
Recovery -> C:\Recovery -> [2010/04/23 12:40:08 | 000,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
NTUSER.DAT -> C:\Users\Parent\NTUSER.DAT -> [2010/05/11 08:38:56 | 002,097,152 | -HS- | M] ()
kgpfr2.cfg -> C:\Windows\System32\drivers\kgpfr2.cfg -> [2010/05/11 08:38:43 | 000,000,080 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/11 08:27:56 | 000,009,712 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/11 08:27:56 | 000,009,712 | -H-- | M] ()
AWC AutoSweep.job -> C:\Windows\tasks\AWC AutoSweep.job -> [2010/05/11 08:22:03 | 000,000,378 | ---- | M] ()
AWC Startup.job -> C:\Windows\tasks\AWC Startup.job -> [2010/05/11 08:20:31 | 000,000,372 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/05/11 08:20:14 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/05/11 08:19:52 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/05/11 08:19:45 | 749,420,544 | -HS- | M] ()
Amazon Adventure.lnk -> C:\Users\Parent\Desktop\Amazon Adventure.lnk -> [2010/05/10 23:17:36 | 000,001,240 | ---- | M] ()
IconCache.db -> C:\Users\Parent\AppData\Local\IconCache.db -> [2010/05/10 23:03:35 | 002,084,315 | -H-- | M] ()
srvmon.startuplog -> C:\Windows\System32\srvmon.startuplog -> [2010/05/10 22:44:36 | 000,012,368 | ---- | M] ()
SZKGFS.dat -> C:\SZKGFS.dat -> [2010/05/10 21:29:01 | 000,086,016 | -H-- | M] ()
system.ini -> C:\Windows\system.ini -> [2010/05/10 21:20:34 | 000,000,215 | ---- | M] ()
PROCEXP113.SYS -> C:\Windows\System32\drivers\PROCEXP113.SYS -> [2010/05/10 21:04:35 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com)
kaspersky log.html -> C:\Users\Parent\Desktop\kaspersky log.html -> [2010/05/10 20:36:01 | 000,003,283 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/05/10 16:25:18 | 000,805,724 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/05/10 16:25:18 | 000,684,954 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/05/10 16:25:18 | 000,132,194 | ---- | M] ()
Spyware Terminator.lnk -> C:\Users\Public\Desktop\Spyware Terminator.lnk -> [2010/05/09 23:27:46 | 000,001,080 | ---- | M] ()
sp_rsdrv2.sys -> C:\Windows\System32\drivers\sp_rsdrv2.sys -> [2010/05/09 23:23:50 | 000,142,592 | ---- | M] ()
µTorrent.lnk -> C:\Users\Public\Desktop\µTorrent.lnk -> [2010/05/09 18:46:25 | 000,000,913 | ---- | M] ()
Play Chameleon Gems.lnk -> C:\Users\Parent\Desktop\Play Chameleon Gems.lnk -> [2010/05/09 16:01:11 | 000,001,986 | ---- | M] ()
MpSigStub.exe -> C:\Windows\System32\MpSigStub.exe -> [2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation)
Space Bubbles.lnk -> C:\Users\Parent\Desktop\Space Bubbles.lnk -> [2010/05/01 15:37:51 | 000,001,204 | ---- | M] ()
GPlrLanc.dat -> C:\Windows\GPlrLanc.dat -> [2010/04/29 16:48:06 | 000,000,064 | ---- | M] ()
More Great Games.lnk -> C:\Users\Parent\Desktop\More Great Games.lnk -> [2010/04/28 21:22:27 | 000,001,889 | ---- | M] ()
More SpinTop Games.url -> C:\Users\Parent\Desktop\More SpinTop Games.url -> [2010/04/27 10:30:36 | 000,000,164 | ---- | M] ()
Music - Shortcut.lnk -> C:\Users\Parent\Desktop\Music - Shortcut.lnk -> [2010/04/27 00:06:37 | 000,001,106 | ---- | M] ()
Videos - Shortcut.lnk -> C:\Users\Parent\Desktop\Videos - Shortcut.lnk -> [2010/04/27 00:06:26 | 000,001,113 | ---- | M] ()
y5-square_numbers.pdf -> C:\Users\Public\Documents\y5-square_numbers.pdf -> [2010/04/26 17:40:03 | 000,077,552 | ---- | M] ()
Advanced SystemCare.lnk -> C:\Users\Public\Desktop\Advanced SystemCare.lnk -> [2010/04/24 21:03:18 | 000,001,179 | ---- | M] ()
nsreg.dat -> C:\Windows\nsreg.dat -> [2010/04/24 19:31:55 | 000,000,000 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2010/04/24 19:31:46 | 000,001,885 | ---- | M] ()
ivireg.ivr -> C:\Windows\System32\ivireg.ivr -> [2010/04/23 20:38:40 | 000,000,040 | -H-- | M] ()
license.rtf -> C:\Windows\System32\license.rtf -> [2010/04/23 20:38:33 | 000,040,833 | ---- | M] ()
Real Mahjong.lnk -> C:\Users\Parent\Desktop\Real Mahjong.lnk -> [2010/04/23 14:21:05 | 000,001,197 | ---- | M] ()
Paint.NET.lnk -> C:\Users\Public\Desktop\Paint.NET.lnk -> [2010/04/23 13:33:46 | 000,001,180 | ---- | M] ()
Microsoft Security Essentials.lnk -> C:\Users\Public\Desktop\Microsoft Security Essentials.lnk -> [2010/04/23 13:20:48 | 000,001,035 | ---- | M] ()
Netintelligence.url -> C:\Users\Public\Desktop\Netintelligence.url -> [2010/04/23 12:49:15 | 000,000,163 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Parent\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/04/23 12:43:13 | 000,064,336 | ---- | M] ()
ExentInfo.exe -> C:\Windows\ExentInfo.exe -> [2010/04/11 21:15:54 | 000,053,314 | ---- | M] (Exent Technologies Ltd.)

[Files - No Company Name]
Amazon Adventure.lnk -> C:\Users\Parent\Desktop\Amazon Adventure.lnk -> [2010/05/10 23:17:36 | 000,001,240 | ---- | C] ()
SZKGFS.dat -> C:\SZKGFS.dat -> [2010/05/10 21:29:01 | 000,086,016 | -H-- | C] ()
PEV.exe -> C:\Windows\PEV.exe -> [2010/05/10 21:03:11 | 000,256,512 | ---- | C] ()
sed.exe -> C:\Windows\sed.exe -> [2010/05/10 21:03:11 | 000,098,816 | ---- | C] ()
grep.exe -> C:\Windows\grep.exe -> [2010/05/10 21:03:11 | 000,080,412 | ---- | C] ()
zip.exe -> C:\Windows\zip.exe -> [2010/05/10 21:03:11 | 000,068,096 | ---- | C] ()
kaspersky log.html -> C:\Users\Parent\Desktop\kaspersky log.html -> [2010/05/10 20:36:01 | 000,003,283 | ---- | C] ()
IconCache.db -> C:\Users\Parent\AppData\Local\IconCache.db -> [2010/05/10 12:20:43 | 002,084,315 | -H-- | C] ()
Spyware Terminator.lnk -> C:\Users\Public\Desktop\Spyware Terminator.lnk -> [2010/05/09 23:27:46 | 000,001,080 | ---- | C] ()
sp_rsdrv2.sys -> C:\Windows\System32\drivers\sp_rsdrv2.sys -> [2010/05/09 23:23:50 | 000,142,592 | ---- | C] ()
µTorrent.lnk -> C:\Users\Public\Desktop\µTorrent.lnk -> [2010/05/09 18:46:25 | 000,000,913 | ---- | C] ()
Play Chameleon Gems.lnk -> C:\Users\Parent\Desktop\Play Chameleon Gems.lnk -> [2010/05/08 18:42:11 | 000,001,986 | ---- | C] ()
Space Bubbles.lnk -> C:\Users\Parent\Desktop\Space Bubbles.lnk -> [2010/05/01 15:37:51 | 000,001,204 | ---- | C] ()
FRGT.ico -> C:\Windows\FRGT.ico -> [2010/04/29 16:48:06 | 000,037,033 | ---- | C] ()
GPlrLanc.dat -> C:\Windows\GPlrLanc.dat -> [2010/04/29 16:48:06 | 000,000,064 | ---- | C] ()
More Great Games.lnk -> C:\Users\Parent\Desktop\More Great Games.lnk -> [2010/04/28 21:22:27 | 000,001,889 | ---- | C] ()
Music - Shortcut.lnk -> C:\Users\Parent\Desktop\Music - Shortcut.lnk -> [2010/04/27 00:06:37 | 000,001,106 | ---- | C] ()
Videos - Shortcut.lnk -> C:\Users\Parent\Desktop\Videos - Shortcut.lnk -> [2010/04/27 00:06:26 | 000,001,113 | ---- | C] ()
y5-square_numbers.pdf -> C:\Users\Public\Documents\y5-square_numbers.pdf -> [2010/04/26 17:41:23 | 000,077,552 | ---- | C] ()
More SpinTop Games.url -> C:\Users\Parent\Desktop\More SpinTop Games.url -> [2010/04/25 13:37:14 | 000,000,164 | ---- | C] ()
AWC AutoSweep.job -> C:\Windows\tasks\AWC AutoSweep.job -> [2010/04/24 21:09:34 | 000,000,378 | ---- | C] ()
AWC Startup.job -> C:\Windows\tasks\AWC Startup.job -> [2010/04/24 21:03:26 | 000,000,372 | ---- | C] ()
Advanced SystemCare.lnk -> C:\Users\Public\Desktop\Advanced SystemCare.lnk -> [2010/04/24 21:03:18 | 000,001,179 | ---- | C] ()
nsreg.dat -> C:\Windows\nsreg.dat -> [2010/04/24 19:31:55 | 000,000,000 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2010/04/24 19:31:46 | 000,001,885 | ---- | C] ()
ivireg.ivr -> C:\Windows\System32\ivireg.ivr -> [2010/04/23 20:38:39 | 000,000,040 | -H-- | C] ()
Real Mahjong.lnk -> C:\Users\Parent\Desktop\Real Mahjong.lnk -> [2010/04/23 14:21:05 | 000,001,197 | ---- | C] ()
srvmon.startuplog -> C:\Windows\System32\srvmon.startuplog -> [2010/04/23 13:09:13 | 000,012,368 | ---- | C] ()
Netintelligence.url -> C:\Users\Public\Desktop\Netintelligence.url -> [2010/04/23 12:49:15 | 000,000,163 | ---- | C] ()
igfxtvcx.dll -> C:\Windows\System32\igfxtvcx.dll -> [2010/01/28 14:42:25 | 000,140,288 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 000,403,816 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/14 05:52:31 | 000,043,318 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/14 05:52:31 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/14 05:52:31 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/14 05:52:31 | 000,026,040 | ---- | C] ()
BthpanContextHandler.dll -> C:\Windows\System32\BthpanContextHandler.dll -> [2009/07/14 00:51:43 | 000,073,728 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\System32\BWContextHandler.dll -> [2009/07/14 00:42:10 | 000,064,000 | ---- | C] ()
EELSCore.dll -> C:\Windows\System32\EELSCore.dll -> [2009/07/14 00:15:50 | 000,180,224 | ---- | C] ()

[File - Lop Check]
Arkadium -> C:\Users\Parent\AppData\Roaming\Arkadium -> [2010/05/09 18:06:46 | 000,000,000 | ---D | M]
Exent Technologies -> C:\Users\Parent\AppData\Roaming\Exent Technologies -> [2010/04/29 19:21:07 | 000,000,000 | ---D | M]
GameHouse -> C:\Users\Parent\AppData\Roaming\GameHouse -> [2010/04/27 21:26:38 | 000,000,000 | ---D | M]
IObit -> C:\Users\Parent\AppData\Roaming\IObit -> [2010/05/09 21:55:24 | 000,000,000 | ---D | M]
Righteous Kill -> C:\Users\Parent\AppData\Roaming\Righteous Kill -> [2010/05/08 03:43:50 | 000,000,000 | ---D | M]
Sahmon Games -> C:\Users\Parent\AppData\Roaming\Sahmon Games -> [2010/04/28 22:01:23 | 000,000,000 | ---D | M]
SpinTop -> C:\Users\Parent\AppData\Roaming\SpinTop -> [2010/04/25 13:36:51 | 000,000,000 | ---D | M]
Spyware Terminator -> C:\Users\Parent\AppData\Roaming\Spyware Terminator -> [2010/05/10 21:26:53 | 000,000,000 | ---D | M]
Texthelp Systems -> C:\Users\Parent\AppData\Roaming\Texthelp Systems -> [2010/04/23 13:41:57 | 000,000,000 | ---D | M]
uTorrent -> C:\Users\Parent\AppData\Roaming\uTorrent -> [2010/05/09 20:28:01 | 000,000,000 | ---D | M]
AWC AutoSweep.job -> C:\Windows\Tasks\AWC AutoSweep.job -> [2010/05/11 08:22:03 | 000,000,378 | ---- | M] ()
AWC Startup.job -> C:\Windows\Tasks\AWC Startup.job -> [2010/05/11 08:20:31 | 000,000,372 | ---- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/14 05:53:46 | 000,016,750 | ---- | M] ()

[File - Purity Scan]

[Custom Scans]
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
dxtmsft.dll : Unable to obtain MD5 -> C:\Windows\System32\dxtmsft.dll -> [2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation)
dxtrans.dll : Unable to obtain MD5 -> C:\Windows\System32\dxtrans.dll -> [2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation)
LocationApi.dll : Unable to obtain MD5 -> C:\Windows\System32\LocationApi.dll -> [2009/07/14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.exe /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\System32\*.sys >
ANSI.SYS -> C:\Windows\System32\ANSI.SYS -> [2009/07/13 22:40:41 | 000,009,029 | ---- | M] ()
clfs.sys -> C:\Windows\System32\clfs.sys -> [2009/07/14 02:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation)
country.sys -> C:\Windows\System32\country.sys -> [2009/07/13 22:40:44 | 000,027,097 | ---- | M] ()
HIMEM.SYS -> C:\Windows\System32\HIMEM.SYS -> [2009/07/13 22:40:40 | 000,004,768 | ---- | M] ()
KEY01.SYS -> C:\Windows\System32\KEY01.SYS -> [2009/07/13 22:40:43 | 000,042,809 | ---- | M] ()
KEYBOARD.SYS -> C:\Windows\System32\KEYBOARD.SYS -> [2009/07/13 22:40:43 | 000,042,537 | ---- | M] ()
NTDOS.SYS -> C:\Windows\System32\NTDOS.SYS -> [2009/07/13 22:40:23 | 000,027,866 | ---- | M] ()
NTDOS404.SYS -> C:\Windows\System32\NTDOS404.SYS -> [2009/07/13 22:40:31 | 000,029,146 | ---- | M] ()
NTDOS411.SYS -> C:\Windows\System32\NTDOS411.SYS -> [2009/07/13 22:40:35 | 000,029,370 | ---- | M] ()
NTDOS412.SYS -> C:\Windows\System32\NTDOS412.SYS -> [2009/07/13 22:40:39 | 000,029,274 | ---- | M] ()
NTDOS804.SYS -> C:\Windows\System32\NTDOS804.SYS -> [2009/07/13 22:40:27 | 000,029,146 | ---- | M] ()
NTIO.SYS -> C:\Windows\System32\NTIO.SYS -> [2009/07/13 22:40:11 | 000,033,952 | ---- | M] ()
NTIO404.SYS -> C:\Windows\System32\NTIO404.SYS -> [2009/07/13 22:40:15 | 000,034,672 | ---- | M] ()
NTIO411.SYS -> C:\Windows\System32\NTIO411.SYS -> [2009/07/13 22:40:17 | 000,035,776 | ---- | M] ()
NTIO412.SYS -> C:\Windows\System32\NTIO412.SYS -> [2009/07/13 22:40:19 | 000,035,536 | ---- | M] ()
NTIO804.SYS -> C:\Windows\System32\NTIO804.SYS -> [2009/07/13 22:40:13 | 000,034,672 | ---- | M] ()
win32k.sys -> C:\Windows\System32\win32k.sys -> [2009/07/14 00:26:52 | 002,326,528 | ---- | M] (Microsoft Corporation)
< %systemroot%\System32\drivers\*.dll >
< %systemroot%\System32\drivers\*.ini >
< %systemroot%\System32\drivers\*.exe >
< %SYSTEMDRIVE%\*.* >
autoexec.bat -> C:\autoexec.bat -> [2009/06/10 22:42:20 | 000,000,024 | ---- | M] ()
BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/12/05 02:34:12 | 000,008,192 | RHS- | M] ()
ComboFix.txt -> C:\ComboFix.txt -> [2010/05/10 21:25:04 | 000,023,120 | ---- | M] ()
config.sys -> C:\config.sys -> [2009/06/10 22:42:20 | 000,000,010 | ---- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/05/11 08:19:45 | 749,420,544 | -HS- | M] ()
pagefile.sys -> C:\pagefile.sys -> [2010/05/11 08:19:50 | 1073,741,824 | -HS- | M] ()
SZKGFS.dat -> C:\SZKGFS.dat -> [2010/05/10 21:29:01 | 000,086,016 | -H-- | M] ()
vcredist_x86.log -> C:\vcredist_x86.log -> [2010/01/28 14:44:47 | 000,468,926 | ---- | M] ()
< %PROGRAMFILES%\*. >
Acer -> C:\Program Files\Acer -> [2009/12/05 04:41:30 | 000,000,000 | ---D | M]
Adobe -> C:\Program Files\Adobe -> [2009/12/05 04:08:08 | 000,000,000 | ---D | M]
Ask.com -> C:\Program Files\Ask.com -> [2010/05/09 18:46:42 | 000,000,000 | ---D | M]
BECTA -> C:\Program Files\BECTA -> [2010/01/28 22:33:19 | 000,000,000 | ---D | M]
COMET GUIDE -> C:\Program Files\COMET GUIDE -> [2009/12/11 05:12:13 | 000,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2010/05/10 21:14:49 | 000,000,000 | ---D | M]
CONEXANT -> C:\Program Files\CONEXANT -> [2009/12/05 02:53:49 | 000,000,000 | ---D | M]
Crawler -> C:\Program Files\Crawler -> [2010/05/09 23:24:19 | 000,000,000 | ---D | M]
DVD Maker -> C:\Program Files\DVD Maker -> [2009/07/14 08:50:43 | 000,000,000 | ---D | M]
Google -> C:\Program Files\Google -> [2010/04/27 21:27:10 | 000,000,000 | ---D | M]
InstallShield Installation Information -> C:\Program Files\InstallShield Installation Information -> [2010/04/29 16:47:30 | 000,000,000 | -H-D | M]
Intel -> C:\Program Files\Intel -> [2010/01/28 14:42:23 | 000,000,000 | ---D | M]
Internet Explorer -> C:\Program Files\Internet Explorer -> [2010/04/24 18:41:57 | 000,000,000 | ---D | M]
InterVideo -> C:\Program Files\InterVideo -> [2010/01/28 14:47:21 | 000,000,000 | ---D | M]
IObit -> C:\Program Files\IObit -> [2010/04/24 21:03:10 | 000,000,000 | ---D | M]
Issist -> C:\Program Files\Issist -> [2009/12/05 04:12:12 | 000,000,000 | ---D | M]
Java -> C:\Program Files\Java -> [2010/04/26 17:30:21 | 000,000,000 | ---D | M]
KNOWITALL -> C:\Program Files\KNOWITALL -> [2009/12/05 02:33:06 | 000,000,000 | ---D | M]
Launch Manager -> C:\Program Files\Launch Manager -> [2009/12/05 03:00:31 | 000,000,000 | ---D | M]
MatchWare -> C:\Program Files\MatchWare -> [2009/12/05 04:11:17 | 000,000,000 | ---D | M]
Microsoft -> C:\Program Files\Microsoft -> [2010/04/23 15:38:08 | 000,000,000 | ---D | M]
Microsoft Expression -> C:\Program Files\Microsoft Expression -> [2009/12/05 05:04:32 | 000,000,000 | ---D | M]
Microsoft Office -> C:\Program Files\Microsoft Office -> [2009/12/05 04:35:23 | 000,000,000 | ---D | M]
Microsoft Office Outlook Connector -> C:\Program Files\Microsoft Office Outlook Connector -> [2010/04/23 15:38:01 | 000,000,000 | ---D | M]
Microsoft SDKs -> C:\Program Files\Microsoft SDKs -> [2009/12/05 05:02:52 | 000,000,000 | ---D | M]
Microsoft Security Essentials -> C:\Program Files\Microsoft Security Essentials -> [2010/04/23 13:21:28 | 000,000,000 | ---D | M]
Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2010/04/24 18:30:18 | 000,000,000 | ---D | M]
Microsoft SQL Server -> C:\Program Files\Microsoft SQL Server -> [2009/12/05 04:55:00 | 000,000,000 | ---D | M]
Microsoft SQL Server Compact Edition -> C:\Program Files\Microsoft SQL Server Compact Edition -> [2009/12/05 04:52:03 | 000,000,000 | ---D | M]
Microsoft Sync Framework -> C:\Program Files\Microsoft Sync Framework -> [2009/12/05 04:16:05 | 000,000,000 | ---D | M]
Microsoft Synchronization Services -> C:\Program Files\Microsoft Synchronization Services -> [2009/12/05 04:52:04 | 000,000,000 | ---D | M]
Microsoft Visual Studio -> C:\Program Files\Microsoft Visual Studio -> [2009/12/05 04:35:22 | 000,000,000 | ---D | M]
Microsoft Visual Studio 8 -> C:\Program Files\Microsoft Visual Studio 8 -> [2009/12/05 05:01:41 | 000,000,000 | ---D | M]
Microsoft Visual Studio 9.0 -> C:\Program Files\Microsoft Visual Studio 9.0 -> [2009/12/05 04:57:14 | 000,000,000 | ---D | M]
Microsoft Works -> C:\Program Files\Microsoft Works -> [2009/12/05 05:07:43 | 000,000,000 | ---D | M]
Microsoft XNA -> C:\Program Files\Microsoft XNA -> [2009/12/05 04:59:28 | 000,000,000 | ---D | M]
Microsoft.NET -> C:\Program Files\Microsoft.NET -> [2009/12/05 04:53:53 | 000,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2010/04/27 21:27:16 | 000,000,000 | ---D | M]
MSBuild -> C:\Program Files\MSBuild -> [2009/07/14 05:52:30 | 000,000,000 | ---D | M]
MSXML 4.0 -> C:\Program Files\MSXML 4.0 -> [2009/12/05 04:46:14 | 000,000,000 | ---D | M]
MyRealGames.com -> C:\Program Files\MyRealGames.com -> [2010/05/10 23:17:30 | 000,000,000 | ---D | M]
Netintelligence Home -> C:\Program Files\Netintelligence Home -> [2010/05/11 08:42:30 | 000,000,000 | ---D | M]
NewTech Infosystems -> C:\Program Files\NewTech Infosystems -> [2009/12/05 04:44:43 | 000,000,000 | ---D | M]
Paint.NET -> C:\Program Files\Paint.NET -> [2010/04/23 13:33:37 | 000,000,000 | ---D | M]
PuzzleInlay_at -> C:\Program Files\PuzzleInlay_at -> [2010/04/28 21:54:23 | 000,000,000 | ---D | M]
Read&Write -> C:\Program Files\Read&Write -> [2009/12/05 04:08:51 | 000,000,000 | ---D | M]
Realtek -> C:\Program Files\Realtek -> [2009/12/05 02:57:23 | 000,000,000 | ---D | M]
Reference Assemblies -> C:\Program Files\Reference Assemblies -> [2009/07/14 05:52:30 | 000,000,000 | ---D | M]
Scansoft -> C:\Program Files\Scansoft -> [2009/12/05 04:09:39 | 000,000,000 | ---D | M]
Spyware Terminator -> C:\Program Files\Spyware Terminator -> [2010/05/10 18:03:50 | 000,000,000 | ---D | M]
STOPzilla! -> C:\Program Files\STOPzilla! -> [2010/05/09 22:16:09 | 000,000,000 | ---D | M]
Synaptics -> C:\Program Files\Synaptics -> [2009/12/05 03:12:13 | 000,000,000 | ---D | M]
Texthelp Systems -> C:\Program Files\Texthelp Systems -> [2009/12/05 04:09:39 | 000,000,000 | ---D | M]
TTMessenger -> C:\Program Files\TTMessenger -> [2010/05/05 17:27:51 | 000,000,000 | ---D | M]
Uninstall Information -> C:\Program Files\Uninstall Information -> [2009/07/14 05:53:23 | 000,000,000 | -H-D | M]
uTorrent -> C:\Program Files\uTorrent -> [2010/05/09 18:46:24 | 000,000,000 | ---D | M]
Windows Defender -> C:\Program Files\Windows Defender -> [2009/07/14 05:56:49 | 000,000,000 | ---D | M]
Windows Journal -> C:\Program Files\Windows Journal -> [2009/07/14 08:50:32 | 000,000,000 | ---D | M]
Windows Live -> C:\Program Files\Windows Live -> [2010/04/23 15:37:37 | 000,000,000 | ---D | M]
Windows Live SkyDrive -> C:\Program Files\Windows Live SkyDrive -> [2009/12/05 04:14:23 | 000,000,000 | ---D | M]
Windows Mail -> C:\Program Files\Windows Mail -> [2009/07/14 05:56:49 | 000,000,000 | ---D | M]
Windows Media Player -> C:\Program Files\Windows Media Player -> [2009/12/05 02:47:14 | 000,000,000 | ---D | M]
Windows NT -> C:\Program Files\Windows NT -> [2009/07/14 05:52:30 | 000,000,000 | ---D | M]
Windows Photo Viewer -> C:\Program Files\Windows Photo Viewer -> [2009/07/14 05:56:49 | 000,000,000 | ---D | M]
Windows Portable Devices -> C:\Program Files\Windows Portable Devices -> [2009/07/14 05:52:32 | 000,000,000 | ---D | M]
Windows Sidebar -> C:\Program Files\Windows Sidebar -> [2009/07/14 05:56:49 | 000,000,000 | ---D | M]
WPF Toolkit -> C:\Program Files\WPF Toolkit -> [2009/12/05 05:03:05 | 000,000,000 | ---D | M]
< %appdata%\*.* >

[Alternate Data Streams]
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4D71580D
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0EB34B30
< End of report >
[/code]