Problem - Please Help

[SCHC]

Code: [Select]

OTS logfile created on: 3/17/2010 12:25:18 AM - Run 1
OTS by OldTimer - Version 3.1.27.0     Folder = C:\Documents and Settings\Me\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.18 Gb Total Space | 80.05 Gb Free Space | 73.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: STEVE
Current User Name: Me
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Me\Desktop\OTS.exe -> [2010/03/17 00:20:46 | 000,637,952 | ---- | M] (OldTimer Tools)
oacat.exe -> C:\Program Files\Tall Emu\Online Armor\oacat.exe -> [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB)
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/08/21 23:09:15 | 000,068,856 | ---- | M] (Google Inc.)
stsystra.exe -> C:\WINDOWS\stsystra.exe -> [2007/06/06 15:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.)
oem02mon.exe -> C:\WINDOWS\OEM02Mon.exe -> [2007/05/09 10:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.)
pcmservice.exe -> C:\Program Files\DELL\MediaDirect\PCMService.exe -> [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.)
evteng.exe -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2007/02/21 11:28:36 | 000,643,072 | ---- | M] (Intel Corporation)
zcfgsvc.exe -> C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe -> [2007/02/21 11:19:58 | 000,819,200 | ---- | M] (Intel Corporation)
wlkeeper.exe -> C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -> [2007/02/21 11:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation)
ifrmewrk.exe -> C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe -> [2007/02/21 11:17:42 | 000,970,752 | ---- | M] (Intel Corporation)
s24evmon.exe -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2007/02/21 11:16:48 | 000,983,040 | ---- | M] (Intel Corporation )
dot1xcfg.exe -> C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe -> [2007/02/21 11:13:26 | 000,487,424 | ---- | M] (Intel Corporation)
regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2007/02/21 11:10:00 | 000,327,680 | ---- | M] (Intel Corporation)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software )
kadxmain.exe -> C:\WINDOWS\system32\KADxMain.exe -> [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Me\Desktop\OTS.exe -> [2010/03/17 00:20:46 | 000,637,952 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(SvcOnlineArmor) Online Armor [Auto | Stopped] -> C:\Program Files\Tall Emu\Online Armor\oasrv.exe -> [2009/12/05 08:53:38 | 003,291,336 | ---- | M] (Tall Emu)
(OAcat) Online Armor Helper Service [Auto | Running] -> C:\Program Files\Tall Emu\Online Armor\OAcat.exe -> [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
(aawservice) Ad-Aware 2007 Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB)
(EvtEng) Intel(R) PROSet/Wireless Event Log [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2007/02/21 11:28:36 | 000,643,072 | ---- | M] (Intel Corporation)
(WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -> [2007/02/21 11:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation)
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2007/02/21 11:16:48 | 000,983,040 | ---- | M] (Intel Corporation )
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2007/02/21 11:10:00 | 000,327,680 | ---- | M] (Intel Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(OAmon) OAmon [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\OAmon.sys -> [2009/12/05 08:28:06 | 000,024,656 | ---- | M] (Tall Emu)
(OAnet) OAnet [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\OAnet.sys -> [2009/12/05 08:27:56 | 000,029,776 | ---- | M] (Tall Emu Pty Ltd)
(OADevice) OADriver [File_System | System | Running] -> C:\WINDOWS\system32\drivers\OADriver.sys -> [2009/12/05 08:27:52 | 000,223,312 | ---- | M] (Tall Emu)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2007/06/06 15:34:38 | 006,345,472 | ---- | M] (NVIDIA Corporation)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2007/06/06 15:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2007/06/03 14:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.)
(OEM02Dev) Creative Camera OEM002 Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\OEM02Dev.sys -> [2007/05/09 10:01:00 | 000,235,584 | ---- | M] (Creative Technology Ltd.)
(NETw4x32) Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NETw4x32.sys -> [2007/05/08 23:05:36 | 002,203,520 | ---- | M] (Intel Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2007/05/08 21:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\rixdptsk.sys -> [2007/05/08 21:46:12 | 000,037,376 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\rimsptsk.sys -> [2007/05/08 21:46:08 | 000,043,520 | ---- | M] (REDC)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\rimmptsk.sys -> [2007/05/08 21:46:06 | 000,032,256 | ---- | M] (REDC)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\iaStor.sys -> [2007/05/08 20:22:58 | 000,277,784 | ---- | M] (Intel Corporation)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DPV.sys -> [2007/04/23 21:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2007/04/23 21:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWAZL.sys -> [2007/04/23 21:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.)
(OEM02Vfx) Creative Camera OEM002 Video VFX Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\OEM02Vfx.sys -> [2007/03/05 03:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.)
(s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\s24trans.sys -> [2007/02/21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation)
(DXEC02) DXEC02 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\dxec02.sys -> [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics)
(APPDRV) APPDRV [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> http://news.yahoo.com/ [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> http://news.yahoo.com/ [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"Default_Secondary_Page_URL" -> http://news.yahoo.com/ [binary data] ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"SearchDefaultBranded" -> 1 ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"SearchMigratedDefaultName" -> Google ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"Start Page" -> http://www.yahoo.com ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: SearchURL\\"" -> http://www.google.com/search?q=%s ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Me\Application Data\Mozilla\FireFox\Profiles\xs21qfhi.default\prefs.js ->
browser.startup.homepage -> "http://law.wustl.edu/" ->
extensions.enabledItems -> [email protected]:1.0.0.071101000055 ->
extensions.enabledItems -> [email protected]:1.0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  ->
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions ->  ->
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/02 12:26:56 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/03/03 18:07:10 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
  -> C:\Documents and Settings\Me\Application Data\Mozilla\Extensions -> [2008/08/26 16:07:50 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\extensions -> [2010/03/15 00:15:07 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\extensions\[email protected] -> [2008/09/20 21:10:18 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\extensions\[email protected] -> [2009/09/14 07:21:38 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/15 00:15:07 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/03/09 15:09:37 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/01/12 20:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/01/28 11:43:28 | 001,554,256 | ---- | M] (Safer Networking Limited)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [Yahoo! IE Suggest] -> [2008/01/14 16:09:20 | 000,233,472 | ---- | M] (Yahoo! Inc.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/05 12:51:19 | 000,812,528 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"@OnlineArmor GUI" -> C:\Program Files\Tall Emu\Online Armor\oaui.exe ["C:\Program Files\Tall Emu\Online Armor\oaui.exe"] -> [2009/12/05 08:53:38 | 006,622,920 | ---- | M] (Tall Emu)
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
"awurstdrv" ->  [rundll32.exe "rqrstu.dll",s] -> File not found
"hgfcdasys" ->  [rundll32.exe "jkhfde.dll",DllRegisterServer] -> File not found
"IntelWireless" -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> [2007/02/21 11:17:42 | 000,970,752 | ---- | M] (Intel Corporation)
"IntelZeroConfig" -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> [2007/02/21 11:19:58 | 000,819,200 | ---- | M] (Intel Corporation)
"KADxMain" -> C:\WINDOWS\system32\KADxMain.exe [C:\WINDOWS\system32\KADxMain.exe] -> [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2007/06/06 15:34:42 | 008,429,568 | ---- | M] (NVIDIA Corporation)
"NVHotkey" -> C:\WINDOWS\System32\nvhotkey.dll [rundll32.exe nvHotkey.dll,Start] -> [2007/06/06 15:34:54 | 000,067,584 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\nvmctray.dll [RunDLL32.exe NvMCTray.dll,NvTaskbarInit] -> [2007/06/06 15:34:56 | 000,081,920 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /installquiet] -> [2007/06/06 15:35:12 | 001,626,112 | ---- | M] ()
"OEM02Mon.exe" -> C:\WINDOWS\OEM02Mon.exe [C:\WINDOWS\OEM02Mon.exe] -> [2007/05/09 10:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.)
"PCMService" -> C:\Program Files\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.)
"SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2007/06/06 15:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2008/11/04 02:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation)
"khefdadrv" ->  [rundll32.exe "rqrstu.dll",s] -> File not found
"vtttstsys" ->  [rundll32.exe "jkhfde.dll",DllRegisterServer] -> File not found
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2008/11/04 02:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation)
"khefdadrv" ->  [rundll32.exe "rqrstu.dll",s] -> File not found
"vtttstsys" ->  [rundll32.exe "jkhfde.dll",DllRegisterServer] -> File not found
< Run [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2007/08/21 23:09:15 | 000,068,856 | ---- | M] (Google Inc.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 22:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe -> [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software )
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Me Startup Folder > -> C:\Documents and Settings\Me\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2010/01/15 01:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/02/05 12:11:47 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 08:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 08:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 05:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 001,554,256 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2008/10/25 08:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 05:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 001,554,256 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4393 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4392 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4392 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4392 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab [Windows Live Safety Center Base Module] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 172.16.2.5 172.18.82.11 4.2.2.2 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{286109AB-BCDA-4BB4-BB4B-CFEB2A546527}\\DhcpNameServer -> 172.16.2.5 172.18.82.11 4.2.2.2   (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009/09/03 15:21:42 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 20:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation)
"{4F07DA45-8170-4859-9B5F-037EF2970034}" [HKLM] -> C:\Program Files\Tall Emu\Online Armor\oaevent.dll [OA Shell Helper] -> [2009/12/05 08:53:40 | 000,923,336 | ---- | M] (Tall Emu)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\system32\drivers\svchost.exe" -> C:\WINDOWS\System32\drivers\svchost.exe [%windir%\system32\drivers\svchost.exe:*:Enabled:svchost] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\drivers\svchost.exe" -> C:\WINDOWS\System32\drivers\svchost.exe [%windir%\system32\drivers\svchost.exe:*:Enabled:svchost] -> File not found
"C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> [2007/04/27 16:17:26 | 000,050,736 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/10/10 12:53:46 | 000,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\DELL\MediaDirect\PCMService.exe" -> C:\Program Files\DELL\MediaDirect\PCMService.exe [C:\Program Files\DELL\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program] -> [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.)
"C:\Program Files\ExamSoft\SofTest\softest.exe" -> C:\Program Files\ExamSoft\SofTest.exe [C:\Program Files\ExamSoft\SofTest.exe:*:Enabled:SofTest
] -> File not found
"C:\Program Files\ExamSoft\SofTest\SoftLnch.exe" -> C:\Program Files\ExamSoft\SoftLnch.exe [C:\Program Files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch
] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/10/28 21:21:22 | 010,358,048 | ---- | M] (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2009/02/14 07:03:18 | 000,337,264 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/11/24 23:16:44 | 001,020,776 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[SCHC]

 
[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 19:12:42 | 000,199,680 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2008/04/13 19:09:57 | 000,290,816 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 19:10:50 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/04 05:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/13 19:12:08 | 000,053,760 | ---- | M] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/13 19:11:54 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 19:12:42 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 19:11:55 | 000,755,200 | ---- | M] (Intel Corporation)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Program Files\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2008/10/25 07:18:50 | 000,172,880 | ---- | M] ()
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{03F998B2-0E00-11D3-A498-00104B6EB52E} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll [MetaStreamCtl Class] -> [2007/10/07 11:03:44 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/26 19:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation)
{0D012ABD-CEED-11D2-9C76-00105AA73033} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveDocumentShareTool.dll [Groove DocumentShareView] -> [2009/02/14 07:03:38 | 003,070,832 | ---- | M] (Microsoft Corporation)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/03/19 19:36:22 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll [MetaStreamCtl Class] -> [2007/10/07 11:03:44 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/03/19 19:36:22 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{56A58823-AE99-11D5-B90B-0050DACD1F75} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveCommonComponents.dll [Groove Data List Display] -> [2009/02/14 07:03:28 | 002,687,336 | ---- | M] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/03/03 18:06:51 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [Yahoo! IE Suggest] -> [2008/01/14 16:09:20 | 000,233,472 | ---- | M] (Yahoo! Inc.)
{62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2009/03/06 04:01:06 | 002,335,648 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8075631E-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Microsoft Office\Office12\INLAUNCH.DLL [SharepointOpenXMLDocuments] -> [2009/03/06 05:26:06 | 000,065,400 | ---- | M] (Microsoft Corporation)
{88d969c0-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c1-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c2-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c3-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c4-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c5-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA} [HKLM] -> C:\Program Files\AIM6\services\imApp\ver6_1_41_2\isAim.dll [aimlocator Class] -> [2007/04/27 16:15:23 | 000,083,504 | ---- | M] (America Online Inc)
{BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found
{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 07:18:46 | 000,054,152 | ---- | M] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2006/05/16 21:31:20 | 000,296,584 | ---- | M] (Adobe Systems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deploytk.dll [Deployment Toolkit] -> [2010/03/03 18:06:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/26 19:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation)
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx [Shockwave Flash Object] -> [2008/10/04 22:16:26 | 003,789,728 | R--- | M] (Adobe Systems, Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2009/10/28 21:21:16 | 000,111,912 | ---- | M] (Apple Inc.)
{DFEAF541-F3E1-4c24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 01:33:56 | 000,876,872 | ---- | M] ( Microsoft Corporation)
{E01D1C6A-4F40-11D3-8958-00105A272DCF} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveTextTools.dll [Groove Text View] -> [2009/02/14 07:03:54 | 001,161,568 | ---- | M] (Microsoft Corporation)
{E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2009/03/06 05:23:50 | 000,022,432 | ---- | M] (Microsoft Corporation)
{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2008/10/26 06:42:16 | 000,482,656 | ---- | M] ()
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{F3FFF5F4-A643-447E-A5A5-0B5F760C7F4A} [HKLM] -> C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll [Google Update Plugin] -> [2010/02/25 01:42:15 | 000,220,656 | ---- | M] (Google Inc.)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{754FF233-5D4E-11D2-875B-00A0C93C09B3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/05 12:51:19 | 000,812,528 | ---- | M] (Google Inc.)
{B1549E58-3894-11D2-BB7F-00A0C999C4C1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{BD96C556-65A3-11D0-983A-00C04FC29E36} [HKLM] -> C:\Program Files\Common Files\System\msadc\msadco.dll [RDS.DataSpace] -> [2008/04/13 19:11:58 | 000,143,360 | ---- | M] (Microsoft Corporation)
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C533ADF1-0C80-11D1-8C54-00A02468F316} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CCCCCCD3-666F-4F81-8B69-745DE9F6D897} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [HKLM] -> C:\Program Files\Microsoft Office\Office12\NAME.DLL [NameCtrl Class] -> [2009/03/06 05:04:56 | 000,064,872 | ---- | M] (Microsoft Corporation)
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{0006F033-0000-0000-C000-000000000046} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [Microsoft Outlook 8.0 Object Library] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation)
{0006F03A-0000-0000-C000-000000000046} [HKLM] -> Reg Error: Value error. [Microsoft Office Outlook] -> File not found
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Script Object] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{03F998B2-0E00-11D3-A498-00104B6EB52E} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll [MetaStreamCtl Class] -> [2007/10/07 11:03:44 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/01/12 20:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{10072CEC-8CC1-11D1-986E-00A0C955B42E} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll [PeerDraw Class] -> [2007/07/12 18:31:54 | 000,765,952 | ---- | M] (Microsoft Corporation)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/03/19 19:36:22 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll [MetaStreamCtl Class] -> [2007/10/07 11:03:44 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/03/19 19:36:22 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{2670000A-7350-4F3C-8081-5663EE0C6C49} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx [DHTML Edit Control Safe for Scripting for IE5] -> [2009/07/27 17:27:12 | 000,128,512 | ---- | M] (Microsoft Corporation)
{31435657-9980-0010-8000-00AA00389B71} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{38481807-CA0E-42D2-BF39-B33AF135CC4D} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL [IETag Factory] -> [2009/04/02 13:01:44 | 000,177,520 | ---- | M] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/01/28 11:43:28 | 001,554,256 | ---- | M] (Safer Networking Limited)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/03/03 18:06:51 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [Yahoo! IE Suggest] -> [2008/01/14 16:09:20 | 000,233,472 | ---- | M] (Yahoo! Inc.)
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> C:\WINDOWS\Downloaded Program Files\wlscBase.dll [Windows Live Safety Center Base Module] -> [2009/03/16 14:01:08 | 000,452,488 | ---- | M] ()
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{8E5C8BEE-1887-414C-8AC9-7C3951F28476} [HKLM] -> C:\Program Files\Windows Live Safety Center\wlscCtrl.dll [Windows Live Safety Center Control Module] -> [2009/03/16 14:01:10 | 000,753,544 | ---- | M] (Microsoft Corporation)
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/05 12:51:19 | 000,812,528 | ---- | M] (Google Inc.)
{BD96C556-65A3-11D0-983A-00C04FC29E36} [HKLM] -> C:\Program Files\Common Files\System\msadc\msadco.dll [RDS.DataSpace] -> [2008/04/13 19:11:58 | 000,143,360 | ---- | M] (Microsoft Corporation)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 07:18:46 | 000,054,152 | ---- | M] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2006/05/16 21:31:20 | 000,296,584 | ---- | M] (Adobe Systems, Inc.)
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx [Shockwave Flash Object] -> [2008/10/04 22:16:26 | 003,789,728 | R--- | M] (Adobe Systems, Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2009/10/28 21:21:16 | 000,111,912 | ---- | M] (Apple Inc.)
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [HKLM] -> C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx [QuickTimeCheck Class] -> [2009/09/05 02:55:06 | 000,136,496 | ---- | M] (Apple Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 01:33:56 | 000,876,872 | ---- | M] ( Microsoft Corporation)
{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [HKLM] -> C:\Program Files\Microsoft Office\Office12\NAME.DLL [NameCtrl Class] -> [2009/03/06 05:04:56 | 000,064,872 | ---- | M] (Microsoft Corporation)
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{e3e02f12-2adb-478c-8742-5f0819f9f0f4} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{e473a65c-8087-49a3-affd-c5bc4a10669b} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{F4430FE8-2638-42E5-B849-800749B94EED} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{fc345d4c-b8f4-4674-bff7-3c37d2e535ee} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{fd6484ed-ebe3-4c3d-938a-8238003b41b7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
Ias -> C:\WINDOWS\system32\ias -> [2004/08/10 12:52:56 | 000,000,000 | ---D | M]
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
Wmi -> C:\WINDOWS\system32\wmi.dll -> [2008/04/13 19:11:15 | 000,005,632 | ---- | M] (Microsoft Corporation)
WmdmPmSp ->  -> File not found
*MultiFile Done* -> ->
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
aawservice -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PEVSystemStart -> Service
PNP Filter -> Driver Group
Primary disk -> Driver Group
procexp90.Sys -> Driver
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
WinDefend -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
aawservice -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PEVSystemStart -> Service
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
procexp90.Sys -> Driver
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
WinDefend -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
 
[Files/Folders - Created Within 90 Days]
 OTS.exe -> C:\Documents and Settings\Me\Desktop\OTS.exe -> [2010/03/17 00:20:43 | 000,637,952 | ---- | C] (OldTimer Tools)
 radix_installer -> C:\Documents and Settings\Me\Desktop\radix_installer -> [2010/03/14 17:12:54 | 000,000,000 | ---D | C]
 moviemk.exe -> C:\WINDOWS\System32\dllcache\moviemk.exe -> [2010/03/10 17:13:44 | 003,558,912 | ---- | C] (Microsoft Corporation)
 ComboFix -> C:\ComboFix -> [2010/03/09 15:54:33 | 000,000,000 | --SD | C]
 temp -> C:\WINDOWS\temp -> [2010/03/09 15:06:52 | 000,000,000 | ---D | C]
 RECYCLER -> C:\RECYCLER -> [2010/03/09 14:59:06 | 000,000,000 | -HSD | C]
 cmdcons -> C:\cmdcons -> [2010/03/09 01:04:57 | 000,000,000 | RHSD | C]
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/03/09 01:02:35 | 000,212,480 | ---- | C] (SteelWerX)
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/03/09 01:02:35 | 000,161,792 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/03/09 01:02:35 | 000,136,704 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/03/09 01:02:35 | 000,031,232 | ---- | C] (NirSoft)
 ERDNT -> C:\WINDOWS\ERDNT -> [2010/03/09 01:02:26 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2010/03/09 01:01:50 | 000,000,000 | ---D | C]
 Rooter$ -> C:\Rooter$ -> [2010/03/05 01:36:01 | 000,000,000 | ---D | C]
 Rooter.exe -> C:\Documents and Settings\Me\Desktop\Rooter.exe -> [2010/03/05 01:33:31 | 000,173,119 | ---- | C] (Eric_71)
 MalwareBytes -> C:\Program Files\MalwareBytes -> [2010/03/03 22:21:55 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2010/03/03 22:04:51 | 000,000,000 | ---D | M]
 Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2010/03/03 18:07:39 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2010/03/03 16:00:28 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\Me\Application Data\SUPERAntiSpyware.com -> [2010/03/03 15:59:26 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/03/03 15:59:26 | 000,000,000 | ---D | C]
 Recent -> C:\Documents and Settings\Me\Recent -> [2010/03/03 15:36:16 | 000,000,000 | RH-D | C]
 OnlineArmor -> C:\Documents and Settings\Me\Application Data\OnlineArmor -> [2010/03/03 15:19:38 | 000,000,000 | ---D | C]
 OnlineArmor -> C:\Documents and Settings\All Users\Application Data\OnlineArmor -> [2010/03/03 15:19:38 | 000,000,000 | ---D | C]
 OAnet.sys -> C:\WINDOWS\System32\drivers\OAnet.sys -> [2010/03/03 15:18:55 | 000,029,776 | ---- | C] (Tall Emu Pty Ltd)
 OAmon.sys -> C:\WINDOWS\System32\drivers\OAmon.sys -> [2010/03/03 15:18:55 | 000,024,656 | ---- | C] (Tall Emu)
 OADriver.sys -> C:\WINDOWS\System32\drivers\OADriver.sys -> [2010/03/03 15:18:54 | 000,223,312 | ---- | C] (Tall Emu)
 Tall Emu -> C:\Program Files\Tall Emu -> [2010/03/03 15:18:53 | 000,000,000 | ---D | C]
 CCleaner -> C:\Program Files\CCleaner -> [2010/03/03 12:49:08 | 000,000,000 | ---D | C]
 avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2010/03/02 21:30:21 | 000,096,104 | ---- | C] (Avira GmbH)
 avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2010/03/02 21:30:21 | 000,056,816 | ---- | C] (Avira GmbH)
 avgntdd.sys -> C:\WINDOWS\System32\drivers\avgntdd.sys -> [2010/03/02 21:30:21 | 000,045,416 | ---- | C] (Avira GmbH)
 avgntmgr.sys -> C:\WINDOWS\System32\drivers\avgntmgr.sys -> [2010/03/02 21:30:21 | 000,022,360 | ---- | C] (Avira GmbH)
 ssmdrv.sys -> C:\WINDOWS\System32\drivers\ssmdrv.sys -> [2010/03/02 21:30:18 | 000,028,520 | ---- | C] (Avira GmbH)
 Avira -> C:\Program Files\Avira -> [2010/03/02 21:30:17 | 000,000,000 | ---D | C]
 Avira -> C:\Documents and Settings\All Users\Application Data\Avira -> [2010/03/02 21:30:17 | 000,000,000 | ---D | C]
 mapp -> C:\Program Files\mapp -> [2010/03/02 21:01:51 | 000,000,000 | ---D | C]
 Downloads -> C:\Documents and Settings\Me\My Documents\Downloads -> [2010/01/25 21:51:56 | 000,000,000 | ---D | C]
 ymrpyb -> C:\Documents and Settings\Me\Local Settings\Application Data\ymrpyb -> [2010/01/22 03:12:43 | 000,000,000 | ---D | C]
 aclayers.dll -> C:\WINDOWS\System32\dllcache\aclayers.dll -> [2010/01/13 10:22:10 | 000,471,552 | ---- | C] (Microsoft Corporation)
 Randoms -> C:\Documents and Settings\Me\My Documents\Randoms -> [2010/01/11 18:46:49 | 000,000,000 | ---D | C]
 Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/11/01 07:37:13 | 000,000,000 | ---D | M]
 Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2009/04/19 11:57:28 | 000,000,000 | ---D | M]
 Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2009/03/12 23:25:30 | 000,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2008/11/25 11:04:48 | 000,000,000 | ---D | M]
 PCHealth -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth -> [2008/03/19 11:23:34 | 000,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2007/12/02 21:30:20 | 000,000,000 | --SD | M]
 Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2007/08/31 10:22:00 | 000,000,000 | ---D | M]
 Intel -> C:\Documents and Settings\NetworkService\Application Data\Intel -> [2007/08/06 07:08:00 | 000,000,000 | ---D | M]
 Intel -> C:\Documents and Settings\LocalService\Application Data\Intel -> [2007/08/06 07:08:00 | 000,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2004/08/10 12:57:26 | 000,000,000 | --SD | M]
 Implode.dll -> C:\WINDOWS\System32\Implode.dll -> [1996/11/18 01:00:00 | 000,018,944 | ---- | C] ( )
 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[SCHC]

Code: [Select]


[Files/Folders - Modified Within 90 Days]
 OTS.exe -> C:\Documents and Settings\Me\Desktop\OTS.exe -> [2010/03/17 00:20:46 | 000,637,952 | ---- | M] (OldTimer Tools)
 nvModes.001 -> C:\WINDOWS\System32\nvModes.001 -> [2010/03/17 00:10:55 | 000,091,562 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/03/16 17:47:01 | 000,000,886 | ---- | M] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/03/16 17:17:00 | 000,436,778 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/03/16 17:17:00 | 000,378,878 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/03/16 17:17:00 | 000,052,450 | ---- | M] ()
 MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/03/16 17:15:32 | 000,000,330 | -H-- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/03/16 17:12:40 | 000,000,882 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/03/16 17:12:36 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/03/16 17:12:24 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/03/16 17:12:15 | 2145,579,008 | -HS- | M] ()
 NTUSER.DAT -> C:\Documents and Settings\Me\NTUSER.DAT -> [2010/03/16 17:11:39 | 005,767,168 | -H-- | M] ()
 IconCache.db -> C:\Documents and Settings\Me\Local Settings\Application Data\IconCache.db -> [2010/03/16 17:11:23 | 006,291,456 | -H-- | M] ()
 SystemLook.exe -> C:\Documents and Settings\Me\Desktop\SystemLook.exe -> [2010/03/16 14:24:49 | 000,100,908 | ---- | M] ()
 radix_installer.zip -> C:\Documents and Settings\Me\Desktop\radix_installer.zip -> [2010/03/14 17:12:30 | 000,216,498 | ---- | M] ()
 Beers.xlsx -> C:\Documents and Settings\Me\My Documents\Beers.xlsx -> [2010/03/10 00:23:47 | 000,013,345 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/03/09 15:09:37 | 000,000,027 | ---- | M] ()
 ComboFix.exe -> C:\Documents and Settings\Me\Desktop\ComboFix.exe -> [2010/03/09 14:58:05 | 003,884,919 | R--- | M] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/03/09 11:47:07 | 000,000,664 | ---- | M] ()
 system.ini -> C:\WINDOWS\system.ini -> [2010/03/09 01:11:15 | 000,000,227 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2010/03/09 01:05:02 | 000,000,281 | RHS- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/06 18:21:53 | 000,000,626 | ---- | M] ()
 mbr.exe -> C:\Documents and Settings\Me\Desktop\mbr.exe -> [2010/03/06 18:16:29 | 000,077,312 | ---- | M] ()
 Win32kDiag.exe -> C:\Documents and Settings\Me\Desktop\Win32kDiag.exe -> [2010/03/05 10:31:18 | 000,047,616 | ---- | M] ()
 Cheetah-Anti-Rogue.zip -> C:\Documents and Settings\Me\Desktop\Cheetah-Anti-Rogue.zip -> [2010/03/05 01:41:14 | 000,013,251 | ---- | M] ()
 CKScanner.exe -> C:\Documents and Settings\Me\Desktop\CKScanner.exe -> [2010/03/05 01:39:03 | 000,451,584 | ---- | M] ()
 LockSearch.exe -> C:\Documents and Settings\Me\Desktop\LockSearch.exe -> [2010/03/05 01:36:58 | 000,032,653 | ---- | M] ()
 Rooter.exe -> C:\Documents and Settings\Me\Desktop\Rooter.exe -> [2010/03/05 01:33:37 | 000,173,119 | ---- | M] (Eric_71)
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/03/03 21:20:16 | 000,000,284 | ---- | M] ()
 hosts.idx -> C:\WINDOWS\System32\drivers\etc\hosts.idx -> [2010/03/03 15:19:40 | 000,001,644 | ---- | M] ()
 ntuser.ini -> C:\Documents and Settings\Me\ntuser.ini -> [2010/03/03 04:31:00 | 000,000,178 | -HS- | M] ()
 March 1 Notes.docx -> C:\Documents and Settings\Me\My Documents\March 1 Notes.docx -> [2010/03/01 12:06:54 | 000,015,817 | ---- | M] ()
 MpSigStub.exe -> C:\WINDOWS\System32\MpSigStub.exe -> [2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation)
 Google SketchUp 7.lnk -> C:\Documents and Settings\All Users\Desktop\Google SketchUp 7.lnk -> [2010/02/14 15:18:19 | 000,001,762 | ---- | M] ()
 Food.xlsx -> C:\Documents and Settings\Me\My Documents\Food.xlsx -> [2010/02/11 15:36:28 | 000,008,362 | ---- | M] ()
 To Do.docx -> C:\Documents and Settings\Me\My Documents\To Do.docx -> [2010/02/10 11:47:55 | 000,011,054 | ---- | M] ()
 Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/02/06 21:44:58 | 000,001,915 | ---- | M] ()
 90s.xlsx -> C:\Documents and Settings\Me\My Documents\90s.xlsx -> [2010/01/31 23:37:58 | 000,009,164 | ---- | M] ()
 MPRE Admission Ticket.pdf -> C:\Documents and Settings\Me\My Documents\MPRE Admission Ticket.pdf -> [2010/01/31 20:41:15 | 000,019,559 | ---- | M] ()
 nvModes.dat -> C:\WINDOWS\System32\nvModes.dat -> [2010/01/21 16:41:51 | 000,091,562 | ---- | M] ()
 Spring 2010 Schedule.xlsx -> C:\Documents and Settings\Me\My Documents\Spring 2010 Schedule.xlsx -> [2010/01/19 02:40:58 | 000,009,823 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 17:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation)
 wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2010/01/05 05:00:29 | 000,832,512 | ---- | M] (Microsoft Corporation)
 urlmon.dll -> C:\WINDOWS\System32\dllcache\urlmon.dll -> [2010/01/05 05:00:28 | 001,168,384 | ---- | M] (Microsoft Corporation)
 mstime.dll -> C:\WINDOWS\System32\mstime.dll -> [2010/01/05 05:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation)
 mstime.dll -> C:\WINDOWS\System32\dllcache\mstime.dll -> [2010/01/05 05:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation)
 webcheck.dll -> C:\WINDOWS\System32\dllcache\webcheck.dll -> [2010/01/05 05:00:28 | 000,233,472 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\WINDOWS\System32\url.dll -> [2010/01/05 05:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\WINDOWS\System32\dllcache\url.dll -> [2010/01/05 05:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation)
 occache.dll -> C:\WINDOWS\System32\dllcache\occache.dll -> [2010/01/05 05:00:28 | 000,102,912 | ---- | M] (Microsoft Corporation)
 pngfilt.dll -> C:\WINDOWS\System32\pngfilt.dll -> [2010/01/05 05:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation)
 pngfilt.dll -> C:\WINDOWS\System32\dllcache\pngfilt.dll -> [2010/01/05 05:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\WINDOWS\System32\dllcache\mshtmled.dll -> [2010/01/05 05:00:27 | 000,477,696 | ---- | M] (Microsoft Corporation)
 msrating.dll -> C:\WINDOWS\System32\msrating.dll -> [2010/01/05 05:00:27 | 000,193,024 | ---- | M] (Microsoft Corporation)
 msrating.dll -> C:\WINDOWS\System32\dllcache\msrating.dll -> [2010/01/05 05:00:27 | 000,193,024 | ---- | M] (Microsoft Corporation)
 mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2010/01/05 05:00:26 | 003,599,360 | ---- | M] (Microsoft Corporation)
 msfeedsbs.dll -> C:\WINDOWS\System32\msfeedsbs.dll -> [2010/01/05 05:00:25 | 000,052,224 | ---- | M] (Microsoft Corporation)
 msfeedsbs.dll -> C:\WINDOWS\System32\dllcache\msfeedsbs.dll -> [2010/01/05 05:00:25 | 000,052,224 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\WINDOWS\System32\inetcpl.cpl -> [2010/01/05 05:00:24 | 001,830,912 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\WINDOWS\System32\dllcache\inetcpl.cpl -> [2010/01/05 05:00:24 | 001,830,912 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\WINDOWS\System32\msfeeds.dll -> [2010/01/05 05:00:24 | 000,459,264 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\WINDOWS\System32\dllcache\msfeeds.dll -> [2010/01/05 05:00:24 | 000,459,264 | ---- | M] (Microsoft Corporation)
 iertutil.dll -> C:\WINDOWS\System32\dllcache\iertutil.dll -> [2010/01/05 05:00:24 | 000,268,288 | ---- | M] (Microsoft Corporation)
 iepeers.dll -> C:\WINDOWS\System32\iepeers.dll -> [2010/01/05 05:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation)
 iepeers.dll -> C:\WINDOWS\System32\dllcache\iepeers.dll -> [2010/01/05 05:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation)
 iernonce.dll -> C:\WINDOWS\System32\iernonce.dll -> [2010/01/05 05:00:24 | 000,044,544 | ---- | M] (Microsoft Corporation)
 iernonce.dll -> C:\WINDOWS\System32\dllcache\iernonce.dll -> [2010/01/05 05:00:24 | 000,044,544 | ---- | M] (Microsoft Corporation)
 jsproxy.dll -> C:\WINDOWS\System32\jsproxy.dll -> [2010/01/05 05:00:24 | 000,027,648 | ---- | M] (Microsoft Corporation)
 jsproxy.dll -> C:\WINDOWS\System32\dllcache\jsproxy.dll -> [2010/01/05 05:00:24 | 000,027,648 | ---- | M] (Microsoft Corporation)
 ieframe.dll -> C:\WINDOWS\System32\dllcache\ieframe.dll -> [2010/01/05 05:00:23 | 006,067,200 | ---- | M] (Microsoft Corporation)
 iedkcs32.dll -> C:\WINDOWS\System32\iedkcs32.dll -> [2010/01/05 05:00:21 | 000,385,024 | ---- | M] (Microsoft Corporation)
 iedkcs32.dll -> C:\WINDOWS\System32\dllcache\iedkcs32.dll -> [2010/01/05 05:00:21 | 000,385,024 | ---- | M] (Microsoft Corporation)
 ieapfltr.dll -> C:\WINDOWS\System32\ieapfltr.dll -> [2010/01/05 05:00:21 | 000,380,928 | ---- | M] (Microsoft Corporation)
 ieapfltr.dll -> C:\WINDOWS\System32\dllcache\ieapfltr.dll -> [2010/01/05 05:00:21 | 000,380,928 | ---- | M] (Microsoft Corporation)
 ieaksie.dll -> C:\WINDOWS\System32\ieaksie.dll -> [2010/01/05 05:00:21 | 000,230,400 | ---- | M] (Microsoft Corporation)
 ieaksie.dll -> C:\WINDOWS\System32\dllcache\ieaksie.dll -> [2010/01/05 05:00:21 | 000,230,400 | ---- | M] (Microsoft Corporation)
 dxtrans.dll -> C:\WINDOWS\System32\dxtrans.dll -> [2010/01/05 05:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation)
 dxtrans.dll -> C:\WINDOWS\System32\dllcache\dxtrans.dll -> [2010/01/05 05:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation)
 ieakeng.dll -> C:\WINDOWS\System32\ieakeng.dll -> [2010/01/05 05:00:21 | 000,153,088 | ---- | M] (Microsoft Corporation)
 ieakeng.dll -> C:\WINDOWS\System32\dllcache\ieakeng.dll -> [2010/01/05 05:00:21 | 000,153,088 | ---- | M] (Microsoft Corporation)
 extmgr.dll -> C:\WINDOWS\System32\dllcache\extmgr.dll -> [2010/01/05 05:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation)
 ieencode.dll -> C:\WINDOWS\System32\ieencode.dll -> [2010/01/05 05:00:21 | 000,078,336 | ---- | M] (Microsoft Corporation)
 ieencode.dll -> C:\WINDOWS\System32\dllcache\ieencode.dll -> [2010/01/05 05:00:21 | 000,078,336 | ---- | M] (Microsoft Corporation)
 icardie.dll -> C:\WINDOWS\System32\dllcache\icardie.dll -> [2010/01/05 05:00:21 | 000,063,488 | ---- | M] (Microsoft Corporation)
 dxtmsft.dll -> C:\WINDOWS\System32\dxtmsft.dll -> [2010/01/05 05:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation)
 dxtmsft.dll -> C:\WINDOWS\System32\dllcache\dxtmsft.dll -> [2010/01/05 05:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation)
 advpack.dll -> C:\WINDOWS\System32\dllcache\advpack.dll -> [2010/01/05 05:00:20 | 000,124,928 | ---- | M] (Microsoft Corporation)
 corpol.dll -> C:\WINDOWS\System32\dllcache\corpol.dll -> [2010/01/05 05:00:20 | 000,017,408 | ---- | M] (Microsoft Corporation)
 corpol.dll -> C:\WINDOWS\System32\corpol.dll -> [2010/01/05 05:00:20 | 000,017,408 | ---- | M] (Microsoft Corporation)
 srv.sys -> C:\WINDOWS\System32\dllcache\srv.sys -> [2009/12/31 11:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation)
 html.iec -> C:\WINDOWS\System32\html.iec -> [2009/12/31 10:33:27 | 000,389,120 | ---- | M] (Microsoft Corporation)
 ie4uinit.exe -> C:\WINDOWS\System32\ie4uinit.exe -> [2009/12/31 10:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
 ie4uinit.exe -> C:\WINDOWS\System32\dllcache\ie4uinit.exe -> [2009/12/31 10:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
 ieudinit.exe -> C:\WINDOWS\System32\ieudinit.exe -> [2009/12/31 10:33:06 | 000,013,824 | ---- | M] (Microsoft Corporation)
 ieudinit.exe -> C:\WINDOWS\System32\dllcache\ieudinit.exe -> [2009/12/31 10:33:06 | 000,013,824 | ---- | M] (Microsoft Corporation)
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/19 23:56:30 | 000,002,206 | ---- | M] ()
 msrecovery.cfc -> C:\Documents and Settings\All Users\msrecovery.cfc -> [2009/12/18 12:19:14 | 000,000,034 | ---- | M] ()
 iexplore.exe -> C:\WINDOWS\System32\dllcache\iexplore.exe -> [2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation)
 ieakui.dll -> C:\WINDOWS\System32\ieakui.dll -> [2009/12/18 08:04:09 | 000,161,792 | ---- | M] (Microsoft Corporation)
 ieakui.dll -> C:\WINDOWS\System32\dllcache\ieakui.dll -> [2009/12/18 08:04:09 | 000,161,792 | ---- | M] (Microsoft Corporation)
 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
 
[Files - No Company Name]
 SystemLook.exe -> C:\Documents and Settings\Me\Desktop\SystemLook.exe -> [2010/03/16 14:24:48 | 000,100,908 | ---- | C] ()
 radix_installer.zip -> C:\Documents and Settings\Me\Desktop\radix_installer.zip -> [2010/03/14 17:12:28 | 000,216,498 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2010/03/09 01:05:02 | 000,000,211 | ---- | C] ()
 cmldr -> C:\cmldr -> [2010/03/09 01:04:58 | 000,260,272 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/03/09 01:02:35 | 000,261,632 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2010/03/09 01:02:35 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2010/03/09 01:02:35 | 000,080,412 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/03/09 01:02:35 | 000,077,312 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2010/03/09 01:02:35 | 000,068,096 | ---- | C] ()
 ComboFix.exe -> C:\Documents and Settings\Me\Desktop\ComboFix.exe -> [2010/03/09 00:56:36 | 003,884,919 | R--- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/06 18:21:53 | 000,000,626 | ---- | C] ()
 mbr.exe -> C:\Documents and Settings\Me\Desktop\mbr.exe -> [2010/03/06 18:16:28 | 000,077,312 | ---- | C] ()
 Win32kDiag.exe -> C:\Documents and Settings\Me\Desktop\Win32kDiag.exe -> [2010/03/05 10:31:17 | 000,047,616 | ---- | C] ()
 Cheetah-Anti-Rogue.zip -> C:\Documents and Settings\Me\Desktop\Cheetah-Anti-Rogue.zip -> [2010/03/05 01:41:13 | 000,013,251 | ---- | C] ()
 CKScanner.exe -> C:\Documents and Settings\Me\Desktop\CKScanner.exe -> [2010/03/05 01:39:02 | 000,451,584 | ---- | C] ()
 LockSearch.exe -> C:\Documents and Settings\Me\Desktop\LockSearch.exe -> [2010/03/05 01:36:57 | 000,032,653 | ---- | C] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/03/03 11:37:29 | 2145,579,008 | -HS- | C] ()
 March 1 Notes.docx -> C:\Documents and Settings\Me\My Documents\March 1 Notes.docx -> [2010/03/01 12:06:54 | 000,015,817 | ---- | C] ()
 Beers.xlsx -> C:\Documents and Settings\Me\My Documents\Beers.xlsx -> [2010/02/20 17:24:21 | 000,013,345 | ---- | C] ()
 Google SketchUp 7.lnk -> C:\Documents and Settings\All Users\Desktop\Google SketchUp 7.lnk -> [2010/02/14 15:18:19 | 000,001,762 | ---- | C] ()
 Food.xlsx -> C:\Documents and Settings\Me\My Documents\Food.xlsx -> [2010/02/11 15:36:28 | 000,008,362 | ---- | C] ()
 Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/02/06 21:44:58 | 000,001,915 | ---- | C] ()
 90s.xlsx -> C:\Documents and Settings\Me\My Documents\90s.xlsx -> [2010/01/31 23:37:58 | 000,009,164 | ---- | C] ()
 MPRE Admission Ticket.pdf -> C:\Documents and Settings\Me\My Documents\MPRE Admission Ticket.pdf -> [2010/01/31 20:41:15 | 000,019,559 | ---- | C] ()
 Spring 2010 Schedule.xlsx -> C:\Documents and Settings\Me\My Documents\Spring 2010 Schedule.xlsx -> [2010/01/18 21:06:06 | 000,009,823 | ---- | C] ()
 MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2007/12/12 19:39:28 | 000,000,127 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2007/08/06 07:15:47 | 000,000,061 | ---- | C] ()
 _psisdecd.dll -> C:\WINDOWS\System32\_psisdecd.dll -> [2007/08/06 07:13:45 | 000,198,144 | ---- | C] ()
 rixdicon.dll -> C:\WINDOWS\System32\rixdicon.dll -> [2007/08/06 06:45:55 | 000,016,480 | ---- | C] ()
 nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2007/08/06 06:45:17 | 001,703,936 | ---- | C] ()
 nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2007/08/06 06:45:17 | 001,019,904 | ---- | C] ()
 nview.dll -> C:\WINDOWS\System32\nview.dll -> [2007/08/06 06:45:16 | 001,474,560 | ---- | C] ()
 nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2007/08/06 06:45:16 | 000,466,944 | ---- | C] ()
 OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2007/08/06 06:44:15 | 000,001,118 | ---- | C] ()
 ESxUtil.dll -> C:\WINDOWS\System32\ESxUtil.dll -> [2005/08/10 11:56:00 | 000,028,672 | ---- | C] ()
 orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,780 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
 Co2c40en.dll -> C:\WINDOWS\System32\Co2c40en.dll -> [1996/11/18 01:00:00 | 000,748,160 | ---- | C] ()
 P2sodbc.dll -> C:\WINDOWS\System32\P2sodbc.dll -> [1996/11/18 01:00:00 | 000,131,072 | ---- | C] ()
 P2irdao.dll -> C:\WINDOWS\System32\P2irdao.dll -> [1996/11/18 01:00:00 | 000,054,272 | ---- | C] ()
 P2ctdao.dll -> C:\WINDOWS\System32\P2ctdao.dll -> [1996/11/18 01:00:00 | 000,050,176 | ---- | C] ()
 P2bbnd.dll -> C:\WINDOWS\System32\P2bbnd.dll -> [1996/11/18 01:00:00 | 000,036,352 | ---- | C] ()
 fxtls432.dll -> C:\WINDOWS\System32\fxtls432.dll -> [1996/05/25 17:00:00 | 000,107,008 | ---- | C] ()
 
[File - Lop Check]
 Examsoft -> C:\Documents and Settings\All Users\Application Data\Examsoft -> [2009/12/18 12:19:14 | 000,000,000 | ---D | M]
 OnlineArmor -> C:\Documents and Settings\All Users\Application Data\OnlineArmor -> [2010/03/03 15:39:38 | 000,000,000 | ---D | M]
 Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/10/07 11:03:45 | 000,000,000 | ---D | M]
 {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/11/03 16:36:26 | 000,000,000 | ---D | M]
 {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009/07/09 00:17:03 | 000,000,000 | ---D | M]
 acccore -> C:\Documents and Settings\Me\Application Data\acccore -> [2007/08/31 16:22:54 | 000,000,000 | ---D | M]
 OnlineArmor -> C:\Documents and Settings\Me\Application Data\OnlineArmor -> [2010/03/09 16:21:57 | 000,000,000 | ---D | M]
 tmp -> C:\Documents and Settings\Me\Application Data\tmp -> [2009/09/15 13:37:51 | 000,000,000 | ---D | M]
 Viewpoint -> C:\Documents and Settings\Me\Application Data\Viewpoint -> [2007/10/07 11:03:47 | 000,000,000 | ---D | M]
 MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2010/03/16 17:15:32 | 000,000,330 | -H-- | M] ()
 
[File - Purity Scan]
 
< End of report >


[Dr Jay]

This should get rid of those entries at startup.

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  Registry::
  [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "khefdadrv"=-
  "vtttstsys"=-
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[SCHC]

ComboFix 10-03-20.01 - Me 03/20/2010  22:23:18.4.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1405 [GMT -5:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Me\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

(((((((((((((((((((((((((   Files Created from 2010-02-21 to 2010-03-21  )))))))))))))))))))))))))))))))
.

2010-03-10 22:13 . 2009-10-23 15:28   3558912   ------w-   c:\windows\system32\dllcache\moviemk.exe
2010-03-05 06:36 . 2010-03-05 06:36   --------   d-----w-   C:\Rooter$
2010-03-04 03:21 . 2010-03-06 23:21   --------   d-----w-   c:\program files\MalwareBytes
2010-03-03 23:07 . 2010-03-03 23:07   61440   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-19b5e70a-n\decora-sse.dll
2010-03-03 23:07 . 2010-03-03 23:07   503808   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54eb42d2-n\msvcp71.dll
2010-03-03 23:07 . 2010-03-03 23:07   499712   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54eb42d2-n\jmc.dll
2010-03-03 23:07 . 2010-03-03 23:07   348160   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54eb42d2-n\msvcr71.dll
2010-03-03 23:07 . 2010-03-03 23:07   12800   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-19b5e70a-n\decora-d3d.dll
2010-03-03 23:07 . 2010-03-03 23:06   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-03-03 21:01 . 2010-03-03 21:01   52224   ----a-w-   c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-03 21:01 . 2010-03-03 21:01   117760   ----a-w-   c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-03 21:00 . 2010-03-03 21:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-03 20:59 . 2010-03-03 20:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-03-03 20:59 . 2010-03-03 20:59   --------   d-----w-   c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com
2010-03-03 20:19 . 2010-03-09 21:21   --------   d-----w-   c:\documents and settings\Me\Application Data\OnlineArmor
2010-03-03 20:19 . 2010-03-03 20:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2010-03-03 20:18 . 2009-12-05 13:28   24656   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-03-03 20:18 . 2009-12-05 13:27   29776   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-03-03 20:18 . 2009-12-05 13:27   223312   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-03-03 20:18 . 2010-03-03 20:18   --------   d-----w-   c:\program files\Tall Emu
2010-03-03 17:49 . 2010-03-03 17:49   --------   d-----w-   c:\program files\CCleaner
2010-03-03 02:30 . 2009-11-25 17:19   56816   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-03-03 02:30 . 2009-03-30 15:33   96104   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-03-03 02:30 . 2009-02-13 17:29   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2010-03-03 02:30 . 2009-02-13 17:17   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2010-03-03 02:30 . 2010-03-03 02:30   --------   d-----w-   c:\program files\Avira
2010-03-03 02:30 . 2010-03-03 02:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2010-03-03 02:01 . 2010-03-03 22:58   --------   d-----w-   c:\program files\mapp
2010-03-03 01:28 . 2010-03-03 01:28   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 18:19 . 2007-08-14 01:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 16:47 . 2008-03-09 01:17   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-03-07 16:41 . 2008-08-26 20:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-03-03 23:12 . 2007-08-06 12:04   --------   d-----w-   c:\program files\Java
2010-03-03 23:07 . 2007-08-06 12:04   --------   d-----w-   c:\program files\Common Files\Java
2010-03-03 20:58 . 2007-12-03 02:29   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-03-03 17:55 . 2007-12-03 05:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-24 15:16 . 2009-10-03 18:26   181632   ------w-   c:\windows\system32\MpSigStub.exe
2010-02-14 20:18 . 2007-08-14 02:23   --------   d-----w-   c:\program files\Google
2010-01-21 21:41 . 2007-08-06 11:51   91562   ----a-w-   c:\windows\system32\nvModes.dat
2010-01-21 13:54 . 2009-06-02 04:54   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-01-15 00:11 . 2008-09-19 02:31   5115824   ----a-w-   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 22:07 . 2008-08-26 20:16   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-08-26 20:16   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2004-08-10 17:51   832512   ------w-   c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 17:51   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 17:50   17408   ------w-   c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-10 17:51   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-06-09 16:29 . 2009-06-09 16:20   724952   ----a-w-   c:\program files\avenger.zip
2008-08-27 16:50 . 2008-08-27 16:50   1495112   ----a-w-   c:\program files\install_flash_player.exe
2008-08-26 21:07 . 2008-08-26 20:44   7499056   ----a-w-   c:\program files\Firefox Setup 3.0.1.exe
2008-08-12 23:14 . 2008-08-12 23:14   2367160   ----a-w-   c:\program files\LinksysWebConnectPC.exe
2008-07-06 20:16 . 2008-07-06 20:16   9390251   ----a-w-   c:\program files\vlc-0.8.6h-win32.exe
2008-01-04 03:10 . 2008-01-04 03:10   13413048   ----a-w-   c:\program files\Google_Earth_BZXD.exe
2007-08-30 12:08 . 2007-08-30 12:08   238450   ----a-w-   c:\program files\SecureW2_2kXP.exe
2007-08-27 12:43 . 2007-08-27 12:43   50009400   ----a-w-   c:\program files\iTunesSetup.exe
2007-08-06 12:09 . 2007-08-06 12:09   76   --sh--r-   c:\windows\CT4CET.bin
.

(((((((((((((((((((((((((((((   SnapShot@2010-03-09_06.11.15   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-16 22:12 . 2010-03-16 22:12   16384              c:\windows\temp\Perflib_Perfdata_704.dat
- 2007-08-06 12:13 . 2009-05-26 11:40   17272              c:\windows\system32\spmsg.dll
+ 2007-08-06 12:13 . 2008-07-08 13:02   17272              c:\windows\system32\spmsg.dll
+ 2004-08-10 17:51 . 2010-03-16 22:17   52450              c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2010-03-03 22:55   52450              c:\windows\system32\perfc009.dat
+ 2010-03-19 13:47 . 2010-03-19 13:47   22528              c:\windows\Installer\da57593.msi
- 2007-08-14 02:02 . 2010-02-10 16:34   35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2004-08-10 17:51 . 2010-03-03 22:55   378878              c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2010-03-16 22:17   378878              c:\windows\system32\perfh009.dat
+ 2007-08-14 02:02 . 2010-03-11 18:18   888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-02-04 23:24 . 2010-02-04 23:24   9122304              c:\windows\Installer\7f458d0.msp
+ 2010-02-21 07:00 . 2010-02-21 07:00   8480768              c:\windows\Installer\7f458ba.msp
+ 2010-02-04 06:59 . 2010-02-04 06:59   5031936              c:\windows\Installer\7f458a4.msp
- 2007-08-14 02:02 . 2010-02-10 16:34   1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-12-05 05:54 . 2010-03-02 05:30   31648712              c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-06-06 81920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-6 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DELL\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/3/2010 3:18 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/3/2010 3:18 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/3/2010 3:18 PM 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/2/2010 9:30 PM 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/3/2010 3:18 PM 1282248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 gupdate1c9a393ba0b99a0;Google Update Service (gupdate1c9a393ba0b99a0);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2009 11:25 PM 133104]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [3/3/2010 3:18 PM 3291336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 04:25]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 04:25]

2010-03-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\
FF - prefs.js: browser.startup.homepage - hxxp://law.wustl.edu/
FF - plugin: c:\documents and settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-awurstdrv - rqrstu.dll
HKLM-Run-hgfcdasys - jkhfde.dll



**************************************************************************
scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ *·*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2492)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-03-20  22:30:17
ComboFix-quarantined-files.txt  2010-03-21 03:30
ComboFix2.txt  2010-03-09 06:13

Pre-Run: 85,792,276,480 bytes free
Post-Run: 85,824,356,352 bytes free

- - End Of File - - D12FB91C67DA83F2C61211706535D38B

[Dr Jay]

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

[SCHC]

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=018ad093406da747a08d41abf6095aaa
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-23 06:07:31
# local_time=2010-03-23 01:07:31 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 94 0 41032469 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=6401 16777214 66 100 0 8381936 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=60838
# found=4
# cleaned=4
# scan_time=3300
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkhfde.dll.vir   a variant of Win32/Kryptik.CUN trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrstu.dll.vir   a variant of Win32/Kryptik.CUN trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP684\A0072083.dll   a variant of Win32/Kryptik.CUN trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP684\A0072084.dll   a variant of Win32/Kryptik.CUN trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

[Dr Jay]

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

[SCHC]

Malwarebytes' Anti-Malware 1.44
Database version: 3913
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/25/2010 12:10:04 PM
mbam-log-2010-03-25 (12-10-04).txt

Scan type: Quick Scan
Objects scanned: 129368
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Dr Jay]

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[SCHC]

 Results of screen317's Security Check version 0.99.2 
 Windows XP Service Pack 3 
 Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 Avira AntiVir Personal - Free Antivirus
 ESET Online Scanner v3   
 Online Armor 4.0   
 Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
 Out of date Spybot installed!
 Ad-Aware
 Malwarebytes' Anti-Malware   
 CCleaner     
 Java(TM) 6 Update 18 
 Adobe Flash Player 10 
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Windows Defender MSMpEng.exe
 Ad-Aware AAWService.exe
 Ad-Aware AAWTray.exe is disabled!
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Tall Emu Online Armor OAcat.exe
 Windows Defender MsMpEng.exe   
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[Dr Jay]

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

====================================================

See this page for more info about malware and prevention.

Any more questions?

[SCHC]

All done.  If there's nothing else, I don't think I have any more questions.  Sorry this took so long; didn't have time to check up on the progress of this very often.  You've been patient and helpful throughout.

Thanks.

[Dr Jay]

You're welcome.

[Dr Jay]

Since this appears to be resolved, this topic is now closed. Glad we could help!

=>CLOSED