Help! - Any advice on trojans removal ?

S

shiphen

Banned
Local time
10:08 PM
Messages
207
Hi

Any advice on how best to remove trojans?

BACKGROUND
At the bottom right of my Windows7 screen, the Action Center gave me the following alerts:
- "Remove the W32/Gaobot.worm.genu - Win32/RBot.3eu!Worm virus"
and
- "Remove the Trojan.PWS.Legmir.AD / W32.Ahlem.A@mm virus"

Strangely the anti-virus software that I am running - AVG (Free)(V9-LATEST) - completely failed to find either of these viruses, even though I regularly make sure that it is bang up to date.


STEPS TAKEN SO FAR
I have downloaded SuperAntiSpyware, MalwareBytes, and A-Squared Free(v4.5).
I tried rebooting Windows7 in Safe Mode, by hitting F8 repeatedly during reboot.
However I could not get this to work. The first time I tried all that happened is that Windows7 completely failed to boot! The second and third times simply produced a normal boot.

I then ran MalwareBytes which found some stuff, at which point (very late in the day!) AVG found some stuff too.

So then I tried running msconfig.exe and selected "Diagnostic Startup" and rebooted into a safe mode.

Right now I am running an A-Squared scan and re-running MalwareBytes scan...

...But what is extremely worrying to me, is that I can't get AVG to run a scan right now. if I click on the "Computer Scanner" tab, and then click on "Scan Whole Computer", all that happens is that it says "! There are no active components" at the top of that window. (Is this because I have booted into "Diagnostic Startup" mode?

What should I do?
e.g.
- What else should I use to scan for trojans/viruses?
- How will I know when I have removed all the trojans/viruses?

All advice much appreciated!


Ship
 

My Computer My Computer

Computer Manufacturer/Model Number
Custom built
OS
Windows7 Pro x64
CPU
Intel Core I5 750 2.66GHz
Motherboard
Intel DP55WB (MA TX)
Memory
8GB = (2GB 1066 DDR3 Memory) x4 modules
Graphics Card(s)
NVIDIA XTF GeForce 9500GT 512Mb
Sound Card
none
Monitor(s) Displays
Samsung SyncMaster 244T
Screen Resolution
1920 x 1200
Hard Drives
Seagate 500Gb, RPM: 7200, Cache:32MB, SATA
PSU
500W ATX 12v 80+ PSU
Case
Midi Tower
Cooling
?
Keyboard
Logitech Y-UV90 (corded ergonomic)
Mouse
Microsoft Intellimouse Explorer Tilt Wheel Mouse
Internet Speed
ADSL
shiphen said:
Hi

Any advice on how best to remove trojans?

BACKGROUND
At the bottom right of my Windows7 screen, the Action Center gave me the following alerts:
- "Remove the W32/Gaobot.worm.genu - Win32/RBot.3eu!Worm virus"
and
- "Remove the Trojan.PWS.Legmir.AD / W32.Ahlem.A@mm virus"

Strangely the anti-virus software that I am running - AVG (Free)(V9-LATEST) - completely failed to find either of these viruses, even though I regularly make sure that it is bang up to date.


STEPS TAKEN SO FAR
I have downloaded SuperAntiSpyware, MalwareBytes, and A-Squared Free(v4.5).
I tried rebooting Windows7 in Safe Mode, by hitting F8 repeatedly during reboot.
However I could not get this to work. The first time I tried all that happened is that Windows7 completely failed to boot! The second and third times simply produced a normal boot.

I then ran MalwareBytes which found some stuff, at which point (very late in the day!) AVG found some stuff too.

So then I tried running msconfig.exe and selected "Diagnostic Startup" and rebooted into a safe mode.

Right now I am running an A-Squared scan and re-running MalwareBytes scan...

...But what is extremely worrying to me, is that I can't get AVG to run a scan right now. if I click on the "Computer Scanner" tab, and then click on "Scan Whole Computer", all that happens is that it says "! There are no active components" at the top of that window. (Is this because I have booted into "Diagnostic Startup" mode?

What should I do?
e.g.
- What else should I use to scan for trojans/viruses?
- How will I know when I have removed all the trojans/viruses?

All advice much appreciated!


Ship
Click to expand...

Combofix is the Best

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

After comments
 

My Computer My Computer

Computer Manufacturer/Model Number
Acer 5620Z
OS
Windows 7 Ultimate Edition (build 7600) Default web client: Mozilla Firefox Default email client: Mi
CPU
Intel Pentium Merom Socket P (478) (@65 nm) 1866 Mhz ( L1I:
Motherboard
SMBios version 2.4 Acer Columbia Rev Bios: Phoenix Technolog
Memory
Physical memory size: 2048 Mo, Type: DDR2, @266.0MHz, 4.0-4-
Graphics Card(s)
Intel Corporation Mobile GM965/GL960 Integrated Graphics Con
Sound Card
Intel Corporation:82801H (ICH8 Family) HD Audio Controller:
Monitor(s) Displays
Generic PnP Monitor(AUOB154EW08 V1 )
Hard Drives
WDC WD3200BEVT-22ZCT0 ATA Device
Keyboard
Standard PS/2 Keyboard
Mouse
HID-compliant mouse PS/2 Compatible Mouse
Internet Speed
20 Mbs
Hi Ship, Welcome to SF,

I guess the AVG failed to start the scan might be because when to switched to selective startup you might have stopped the service required to function AVG. In MSCONFIG under services tab you could Sort by Company name and enable AVG. Personally i would recommend Microsoft Security Essentials then if you think the your security is not detecting the Trojans then you could install MSE and update it then try to scan and see whether it finds something. Also you could try some Online scanners like Kaspersky or ESET which are free. Just Google Online scanners you would find it.

Hope this helps,
Captain
 

My Computer My Computer

Computer Manufacturer/Model Number
Samsung NP550P5C-S02IN
OS
Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
CPU
Intel® Core™ i7 Processor 3,610QM (2.30Hz, 6MB L3 Cach
Memory
8 GB
Graphics Card(s)
NVIDIA® GeForce® GT 650M 2GB Graphics, Optimus™ techno
Sound Card
SoundAlive™ JBL 3 Speakers (With sub-Woofer)
Monitor(s) Displays
39.62cm (15.6) SuperBright 300nit HD+ LED Display
Screen Resolution
1,600 x 900, Anti-Reflective
Hard Drives
1TB S-ATA II Hard Drive (5,400RPM)
@Bolaxad - Sorry my Windows7 is 64 bit. Combofix does not appear to run as 64 bit... :(

@Captain - Yes, someone else recommended "Microsoft Security Essentials" which I am not running a scan with...

Thanks both

Ship
 

My Computer My Computer

Computer Manufacturer/Model Number
Custom built
OS
Windows7 Pro x64
CPU
Intel Core I5 750 2.66GHz
Motherboard
Intel DP55WB (MA TX)
Memory
8GB = (2GB 1066 DDR3 Memory) x4 modules
Graphics Card(s)
NVIDIA XTF GeForce 9500GT 512Mb
Sound Card
none
Monitor(s) Displays
Samsung SyncMaster 244T
Screen Resolution
1920 x 1200
Hard Drives
Seagate 500Gb, RPM: 7200, Cache:32MB, SATA
PSU
500W ATX 12v 80+ PSU
Case
Midi Tower
Cooling
?
Keyboard
Logitech Y-UV90 (corded ergonomic)
Mouse
Microsoft Intellimouse Explorer Tilt Wheel Mouse
Internet Speed
ADSL
You have a tricky worm there according to McAfee.

Please try MSE rather than just relying on AVG 9. It is better to try different AV when you are in a tight situation like this.
 

My Computer My Computer

Computer Manufacturer/Model Number
Neo Vivid V2121
OS
Windows 7 Ultimate 32-bit Version 6.1 (build 7600.16385)
CPU
Intel Pentium Dual CPU T2390 @ 1.86GHz
Motherboard
SiS M720SR
Graphics Card(s)
SiS Mirage 3 Graphics SiS627 series
Sound Card
Built-in
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1280x800
Hard Drives
Fujitsu MHZ2160BH G1 ATA Device 160GB
Keyboard
Standard PS/2 Keyboard
Mouse
Synaptics PS/2 Port Pointing Device
Yes it is also a good idea to run a couple of AV's in safe mode as well for those tricky ones that are hard to find or respawn themselves.
 

My Computer My Computer

OS
Windows 7 Ultimate X64
CPU
Q6600 @3.6
Motherboard
DFI X38-T2R
Memory
2X2 Mushkin
Graphics Card(s)
XFX 4870X2
Monitor(s) Displays
Philips 240PW
Hard Drives
Intel X25-M 80GB
PSU
PCP&C 750W
Case
Antec 900
Cooling
TRUE 120
http://www.sevenforums.com/member.php?u=20825Use any of those according to your preference:

Linux based Bootable CD (Highly recommended for cleaning infected PC):
F-Secure Rescue CD 3.00 released
Avira AntiVir Rescue System
Dr.Web CureIt!
http://download.bitdefender.com/rescue_cd/
VIPRE Rescue
13 Antivirus Rescue CDs Software Compared in Search For the Best Rescue Disk Raymond.CC Blog

a-squared Emergency USB Stick (rescue USB stick, portable)

Online Scanners:
a-squared Web Malware Scanner
COMODO AV SCANNER
Free Online Scanner F-Secure
BitDefender Online Scanner
PANDA SECURITY
Free ESET Online Antivirus Scanner
McAfee
HouseCall - Free Antivirus Scan
avast! Online Scanner

Anti-Malware scanners: (in order of personal preference)
Malwarebytes.org
The home of Spybot-S&D!
SUPERAntiSpyware.com
Ad-Aware by Lavasoft

List of Dedicated Anti-Trojan Scanners:
List of Dedicated Anti Trojan Products - Wilders Security Forums


More Alternative Scans:
Alternative Scans - MajorGeeks Support Forums

Personal recommendation download Ccleaner (CCleaner - Home) and clean temp files before scans.
Trojan Remover - Program Details (helped me once)
Hitman Pro 3 - SurfRight (very quick scan, if it detects somethings, activate trial version to clean up)

Hope you will get some ideas from this ;)

EDIT: +1 for theog's recommendation. Run Windows Malware removal tool
 

My Computer My Computer

OS
Windows 7 Ultimate x86 SP1

My Computer My Computer

Computer Manufacturer/Model Number
Neo Vivid V2121
OS
Windows 7 Ultimate 32-bit Version 6.1 (build 7600.16385)
CPU
Intel Pentium Dual CPU T2390 @ 1.86GHz
Motherboard
SiS M720SR
Graphics Card(s)
SiS Mirage 3 Graphics SiS627 series
Sound Card
Built-in
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1280x800
Hard Drives
Fujitsu MHZ2160BH G1 ATA Device 160GB
Keyboard
Standard PS/2 Keyboard
Mouse
Synaptics PS/2 Port Pointing Device
Nice list jav. That should be a sticky somewhere. I would also recommend a live cd scan as well. I suggested a safe mode scan to help find any hidden malicious code though the live cd would be even better.
 

My Computer My Computer

OS
Windows 7 Ultimate X64
CPU
Q6600 @3.6
Motherboard
DFI X38-T2R
Memory
2X2 Mushkin
Graphics Card(s)
XFX 4870X2
Monitor(s) Displays
Philips 240PW
Hard Drives
Intel X25-M 80GB
PSU
PCP&C 750W
Case
Antec 900
Cooling
TRUE 120
GROAN - worse and worse!
I just tried to boot in Safe Mode but the screen stays completely blank - even after about 5 minutes.
Here is a list of my hardware:

Motherboard: Intel DP55WB MA TX
Processor: Intel Core I5 750 2.66GHz
RAM: (2GB 1066 DDR3 Memory) x4 modules
Hard disk: Seagate 500Gb, RPM: 7200, Cache:32MB, SATA
Graphics card: XTF 9500GT 512Mb
Operating system: Windows7 Pro 64Bit
Power supply: 500W ATX 12v 80+ PSU
DVD: DVD-RWSATA
Mouse: Microsoft Intellimouse Explorer Tilt Wheel Mouse
Keyboard: Microsoft Ergonomic 400 USB Keyboard
Case: Midi Tower

How do I get the damned thing OUT of safe mode (which is invisible for some reason on my system!)


Ship
 

My Computer My Computer

Computer Manufacturer/Model Number
Custom built
OS
Windows7 Pro x64
CPU
Intel Core I5 750 2.66GHz
Motherboard
Intel DP55WB (MA TX)
Memory
8GB = (2GB 1066 DDR3 Memory) x4 modules
Graphics Card(s)
NVIDIA XTF GeForce 9500GT 512Mb
Sound Card
none
Monitor(s) Displays
Samsung SyncMaster 244T
Screen Resolution
1920 x 1200
Hard Drives
Seagate 500Gb, RPM: 7200, Cache:32MB, SATA
PSU
500W ATX 12v 80+ PSU
Case
Midi Tower
Cooling
?
Keyboard
Logitech Y-UV90 (corded ergonomic)
Mouse
Microsoft Intellimouse Explorer Tilt Wheel Mouse
Internet Speed
ADSL
Just hold down the power button until it turns off. Then start it up again and try to get into safe mode again. Just select "safe mode" you do not need anything else like networking or any of the other options listed.
 

My Computer My Computer

OS
Windows 7 Ultimate X64
CPU
Q6600 @3.6
Motherboard
DFI X38-T2R
Memory
2X2 Mushkin
Graphics Card(s)
XFX 4870X2
Monitor(s) Displays
Philips 240PW
Hard Drives
Intel X25-M 80GB
PSU
PCP&C 750W
Case
Antec 900
Cooling
TRUE 120
Gads - okay I have now discovered that the NVIDIA XTF 9500GT graphics card has a second graphics port (the old fashioned sort) and I have managed to hook up an old monitor to it - gads they don't make this stuff make easy do they!

Right, so now I am in Safe Mode, I have uninstalled AVG free, and I am running MRT (the microsoft Malicious Software Removal Tool).
I have already run Microsoft Security Esssentials but it didnt find anything.
Ship
 

My Computer My Computer

Computer Manufacturer/Model Number
Custom built
OS
Windows7 Pro x64
CPU
Intel Core I5 750 2.66GHz
Motherboard
Intel DP55WB (MA TX)
Memory
8GB = (2GB 1066 DDR3 Memory) x4 modules
Graphics Card(s)
NVIDIA XTF GeForce 9500GT 512Mb
Sound Card
none
Monitor(s) Displays
Samsung SyncMaster 244T
Screen Resolution
1920 x 1200
Hard Drives
Seagate 500Gb, RPM: 7200, Cache:32MB, SATA
PSU
500W ATX 12v 80+ PSU
Case
Midi Tower
Cooling
?
Keyboard
Logitech Y-UV90 (corded ergonomic)
Mouse
Microsoft Intellimouse Explorer Tilt Wheel Mouse
Internet Speed
ADSL
For clarification, that was why my screen was staying BLANK every time I tried to go into Safe Mode - the graphics card was talking to the OLD style graphics port (which strangely is also the one that is FURTHEST from the rest of the card)!

OK now I am re-running all the scans at once: i.e.
- A-Squared Free
- MalwareBytes (Anti-Malware)
- Microsoft Security Essentials
- Microsoft Malicious Software Removal Tool
- Spybot Search & Destroy

I'll let them all run and come back and see what if anything they find...

Ship
 

My Computer My Computer

Computer Manufacturer/Model Number
Custom built
OS
Windows7 Pro x64
CPU
Intel Core I5 750 2.66GHz
Motherboard
Intel DP55WB (MA TX)
Memory
8GB = (2GB 1066 DDR3 Memory) x4 modules
Graphics Card(s)
NVIDIA XTF GeForce 9500GT 512Mb
Sound Card
none
Monitor(s) Displays
Samsung SyncMaster 244T
Screen Resolution
1920 x 1200
Hard Drives
Seagate 500Gb, RPM: 7200, Cache:32MB, SATA
PSU
500W ATX 12v 80+ PSU
Case
Midi Tower
Cooling
?
Keyboard
Logitech Y-UV90 (corded ergonomic)
Mouse
Microsoft Intellimouse Explorer Tilt Wheel Mouse
Internet Speed
ADSL
BACKGROUND
At the bottom right of my Windows7 screen, the Action Center gave me the following alerts:
- "Remove the W32/Gaobot.worm.genu - Win32/RBot.3eu!Worm virus"
and
- "Remove the Trojan.PWS.Legmir.AD / W32.Ahlem.A@mm virus"
Click to expand...
How were you notified that these Bots and password stealers were on your computer, if AVG didn't notify you?
Did this happen when you were on a web page or by opening a malicious e-mail?

First of all, flush your DNS cache:
Open a command prompt....from the Start menu, select Run > In the box/"open field", enter cmd.exe
enter ipconfig /flushdns press 'enter'

Next, download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Now, using a known "CLEAN" computer, change all your passwords.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

**** This OTL log will take more than one reply window, so be aware of that.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Thanks so much guys - love that list Jav - I am working my way through it.
My main problem right now is that my (64bit Windows7) PC has a NVIDIA GeForce GTX 9500 graphics card and when I boot from CD it defaults to the (old-fashioned) graphics port (VGA??) and I dont have a working monitor for it! [Aaaaaargh!]

Btw, word on the street is that Combofix is the best utility but I cant find a 64bit version for it...


Ship
 

My Computer My Computer

Computer Manufacturer/Model Number
Custom built
OS
Windows7 Pro x64
CPU
Intel Core I5 750 2.66GHz
Motherboard
Intel DP55WB (MA TX)
Memory
8GB = (2GB 1066 DDR3 Memory) x4 modules
Graphics Card(s)
NVIDIA XTF GeForce 9500GT 512Mb
Sound Card
none
Monitor(s) Displays
Samsung SyncMaster 244T
Screen Resolution
1920 x 1200
Hard Drives
Seagate 500Gb, RPM: 7200, Cache:32MB, SATA
PSU
500W ATX 12v 80+ PSU
Case
Midi Tower
Cooling
?
Keyboard
Logitech Y-UV90 (corded ergonomic)
Mouse
Microsoft Intellimouse Explorer Tilt Wheel Mouse
Internet Speed
ADSL
I just wrote a long explanation of what I've been up do but this darned website crashed on me. Here is OLT.txt
 

My Computer My Computer

Computer Manufacturer/Model Number
Custom built
OS
Windows7 Pro x64
CPU
Intel Core I5 750 2.66GHz
Motherboard
Intel DP55WB (MA TX)
Memory
8GB = (2GB 1066 DDR3 Memory) x4 modules
Graphics Card(s)
NVIDIA XTF GeForce 9500GT 512Mb
Sound Card
none
Monitor(s) Displays
Samsung SyncMaster 244T
Screen Resolution
1920 x 1200
Hard Drives
Seagate 500Gb, RPM: 7200, Cache:32MB, SATA
PSU
500W ATX 12v 80+ PSU
Case
Midi Tower
Cooling
?
Keyboard
Logitech Y-UV90 (corded ergonomic)
Mouse
Microsoft Intellimouse Explorer Tilt Wheel Mouse
Internet Speed
ADSL
OTL logfile created on: 11/01/2010 23:45:26 - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\XXXX\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

Code: 
8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 82.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 433.07 Gb Free Space | 93.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXXX09
Current User Name: XXXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[COLOR=#e56717]========== Processes (SafeList) ==========[/COLOR]
 
PRC - C:\Users\XXXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\XXXX\AppData\Local\Temp\Temp1_HostsXpert.zip\HostsXpert\HostsXpert.exe (funkytoad.com)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Everything\Everything.exe ()
 
 
[COLOR=#e56717]========== Modules (SafeList) ==========[/COLOR]
 
MOD - C:\Users\XXXX\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
[COLOR=#e56717]========== Win32 Services (SafeList) ==========[/COLOR]
 
SRV:[B]64bit:[/B] - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:[B]64bit:[/B] - (TabletServiceWacom) -- C:\Windows\SysNative\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV:[B]64bit:[/B] - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:[B]64bit:[/B] - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:[B]64bit:[/B] - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:[B]64bit:[/B] - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:[B]64bit:[/B] - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (VSS) -- C:\Windows\Vss [2009/07/14 03:20:14 | 00,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 03:20:14 | 00,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
[COLOR=#e56717]========== Driver Services (SafeList) ==========[/COLOR]
 
DRV:[B]64bit:[/B] - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:[B]64bit:[/B] - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab)
DRV:[B]64bit:[/B] - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab)
DRV:[B]64bit:[/B] - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:[B]64bit:[/B] - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:[B]64bit:[/B] - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:[B]64bit:[/B] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[B]64bit:[/B] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[B]64bit:[/B] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[B]64bit:[/B] - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[B]64bit:[/B] - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[B]64bit:[/B] - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[B]64bit:[/B] - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (e1kexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:[B]64bit:[/B] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[B]64bit:[/B] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[B]64bit:[/B] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[B]64bit:[/B] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[B]64bit:[/B] - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:[B]64bit:[/B] - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:[B]64bit:[/B] - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:[B]64bit:[/B] - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (CSC) -- C:\Windows\CSC [2010/01/05 10:11:39 | 00,000,000 | ---D | M]
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
[COLOR=#e56717]========== Standard Registry (All) ==========[/COLOR]
 
 
[COLOR=#e56717]========== Internet Explorer ==========[/COLOR]
 
IE:[B]64bit:[/B] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]
IE:[B]64bit:[/B] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
IE:[B]64bit:[/B] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:[B]64bit:[/B] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[B]64bit:[/B] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[B]64bit:[/B] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
IE:[B]64bit:[/B] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[B]64bit:[/B] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [URL="http://www.google.com"]Google[/URL]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.XXXXgolf.co.uk/t1/t1/launch.html[/URL]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [URL="http://uk.msn.com/?ocid=iehp"]Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK[/URL]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 E3 FD C7 E8 8F CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[COLOR=#e56717]========== FireFox ==========[/COLOR]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.XXXXgolf.co.uk/t1/t1/launch.html"
FF - prefs.js..extensions.enabledItems: [EMAIL="[email protected]"][email protected][/EMAIL]:9.0.0.736
FF - prefs.js..extensions.enabledItems: [EMAIL="[email protected]"][email protected][/EMAIL]:1.0.0.464
FF - prefs.js..extensions.enabledItems: {b4e481a8-9ef7-47ff-8512-dc865ba752bd}:1.1.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/11 19:38:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/11 19:37:41 | 00,000,000 | ---D | M]
 
[2010/01/07 22:28:34 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mozilla\Extensions
[2010/01/07 22:28:34 | 00,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/11 13:49:25 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\rkmp1sbs.default\extensions
[2010/01/07 23:37:46 | 00,000,000 | ---D | M] (Zen Usage Viewer) -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\rkmp1sbs.default\extensions\{b4e481a8-9ef7-47ff-8512-dc865ba752bd}
[2010/01/09 12:16:30 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\rkmp1sbs.default\extensions\[email protected]
[2010/01/10 21:24:51 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/07 22:19:19 | 00,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/10 21:24:52 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2009/12/22 17:41:43 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/12/22 17:41:44 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/12/22 17:41:45 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/12/22 02:32:20 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/12/22 02:32:20 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/01/08 21:05:27 | 00,001,353 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/12/22 02:32:20 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/22 02:32:20 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/12/22 02:32:20 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/12/22 02:32:20 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/22 02:32:20 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (698 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:[B]64bit:[/B] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:[B]64bit:[/B] - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:[B]64bit:[/B] - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:[B]64bit:[/B] - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:[B]64bit:[/B] - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:[B]64bit:[/B] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[B]64bit:[/B] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\306313.lnk = C:\Users\XXXX\AppData\Local\Temp\nvscv.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:[B]64bit:[/B] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:[B]64bit:[/B] - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:[B]64bit:[/B] - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10:[B]64bit:[/B] - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[B]64bit:[/B] - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL] (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [URL]https://secure.logmein.com/activex/ractrl.cab?lmi=100[/URL] (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:[B]64bit:[/B] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[B]64bit:[/B] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[B]64bit:[/B] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[B]64bit:[/B] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[B]64bit:[/B] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\msdaipp - No CLSID value found
O18:[B]64bit:[/B] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[B]64bit:[/B] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[B]64bit:[/B] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:[B]64bit:[/B] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:[B]64bit:[/B] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[B]64bit:[/B] - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:[B]64bit:[/B] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[B]64bit:[/B] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[B]64bit:[/B] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[B]64bit:[/B] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[B]64bit:[/B] - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:[B]64bit:[/B] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:[B]64bit:[/B] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:[B]64bit:[/B] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:[B]64bit:[/B] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:[B]64bit:[/B] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:[B]64bit:[/B] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:[B]64bit:[/B] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:[B]64bit:[/B] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:[B]64bit:[/B] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4604f6de-f9e9-11de-b431-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4604f6de-f9e9-11de-b431-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.bat -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
[B]64bit:[/B] O35 - comfile [open] -- "%1" %* File not found
[B]64bit:[/B] O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[COLOR=#e56717]========== Files/Folders - Created Within 30 Days ==========[/COLOR]
 
[2010/01/11 23:37:32 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
[2010/01/11 23:33:23 | 00,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\HostsXpert
[2010/01/11 23:03:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
[2010/01/11 22:50:28 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Yahoo!
[2010/01/11 22:50:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/01/11 19:35:37 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/11 18:52:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/01/11 18:26:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\process explorer
[2010/01/11 15:47:48 | 00,093,872 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\drivers\SBREDrv.sys
[2010/01/11 15:47:48 | 00,027,944 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\sbbd.exe
[2010/01/11 15:47:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VIPRERESCUE
[2010/01/11 14:51:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Process Monitor
[2010/01/10 21:23:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/01/10 21:23:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010/01/10 21:23:48 | 00,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/01/10 18:06:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/01/10 12:32:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/01/10 12:32:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/10 12:20:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/10 12:20:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/01/10 11:05:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free
[2010/01/10 10:41:17 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes
[2010/01/10 10:41:12 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/10 10:41:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/10 10:38:50 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/10 10:38:44 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/10 10:38:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/01/10 10:14:07 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2010/01/09 23:39:14 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\{C0B133B8-33F7-401B-A331-5780D8F885A9}
[2010/01/09 23:34:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/01/09 19:24:49 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/01/09 19:12:42 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/01/09 19:09:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/01/09 19:09:10 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Adobe
[2010/01/09 19:08:58 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/01/09 19:08:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/01/09 16:43:16 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Foxit
[2010/01/09 13:57:47 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/01/09 13:57:31 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Macromedia
[2010/01/09 13:56:07 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Adobe
[2010/01/09 13:56:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/01/09 13:56:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/01/09 13:55:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/01/09 13:54:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/01/09 12:55:15 | 00,000,000 | ---D | C] -- C:\Users\XXXX\Documents\My Maps
[2010/01/09 12:54:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Mindjet
[2010/01/09 12:44:30 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\{7C480F86-91B2-4DE0-9E83-A05DD0140F5C}
[2010/01/09 12:41:24 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Mindjet
[2010/01/09 12:40:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mindjet
[2010/01/09 12:36:30 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/01/09 12:22:14 | 00,031,744 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2010/01/09 11:25:42 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Van Dyke Technologies
[2010/01/09 11:24:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AbsoluteFTP
[2010/01/09 11:10:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Xara
[2010/01/09 11:09:49 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/01/09 09:59:41 | 00,000,000 | ---D | C] -- C:\Users\XXXX\Documents\Xara_Xara Xtreme Pro 5
[2010/01/09 09:59:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Magix
[2010/01/09 09:34:12 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Xara
[2010/01/09 09:34:12 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\MAGIX
[2010/01/09 09:34:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Xara
[2010/01/08 22:47:36 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\.oit
[2010/01/08 22:45:04 | 00,000,000 | ---D | C] -- C:\ProgramData\X1 Updater
[2010/01/08 22:45:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\X1
[2010/01/08 22:05:15 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/01/08 21:30:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2010/01/08 21:30:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/01/08 21:30:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/01/08 21:30:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/01/08 21:27:27 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2010/01/08 18:00:38 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Diagnostics
[2010/01/08 08:35:23 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Helios
[2010/01/08 08:24:15 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\PolyEdit Lite
[2010/01/08 00:21:10 | 00,000,000 | ---D | C] -- C:\Docs
[2010/01/08 00:20:16 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\TeamViewer
[2010/01/08 00:20:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010/01/08 00:19:45 | 00,000,000 | ---D | C] -- C:\Users\XXXX\temp
[2010/01/08 00:13:36 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\skypePM
[2010/01/08 00:10:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/01/07 23:58:47 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\WTablet
[2010/01/07 23:58:43 | 09,104,680 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\WacomTablet.cpl
[2010/01/07 23:58:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2010/01/07 23:58:40 | 00,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys
[2010/01/07 23:58:33 | 00,015,656 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys
[2010/01/07 23:58:29 | 00,018,216 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys
[2010/01/07 23:58:29 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\WTablet
[2010/01/07 23:58:26 | 05,521,192 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wacom_Tablet.exe
[2010/01/07 23:58:26 | 00,486,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wacom_Tablet.dll
[2010/01/07 23:58:26 | 00,412,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wacom_Tablet.dll
[2010/01/07 23:58:26 | 00,350,208 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll
[2010/01/07 23:58:26 | 00,285,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll
[2010/01/07 23:58:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Tablet
[2010/01/07 23:23:02 | 00,000,000 | ---D | C] -- C:\PSTs
[2010/01/07 23:16:03 | 00,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\Seldom Used
[2010/01/07 22:56:41 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Deployment
[2010/01/07 22:56:41 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Apps
[2010/01/07 22:53:38 | 00,000,000 | ---D | C] -- C:\Users\XXXX\Documents\Downloads
[2010/01/07 22:48:00 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Google
[2010/01/07 22:47:54 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Google
[2010/01/07 22:47:49 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2010/01/07 22:28:29 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Mozilla
[2010/01/07 22:28:29 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Mozilla
[2010/01/07 22:25:59 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Searches
[2010/01/07 22:25:57 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Identities
[2010/01/07 22:25:55 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Contacts
[2010/01/07 22:25:55 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\VirtualStore
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\AppData\Local\Temporary Internet Files
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Templates
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Start Menu
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\SendTo
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Recent
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\PrintHood
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\NetHood
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Documents\My Videos
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Documents\My Pictures
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Documents\My Music
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\My Documents
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Local Settings
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\AppData\Local\History
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Cookies
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Application Data
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\AppData\Local\Application Data
[2010/01/07 22:25:52 | 00,000,000 | --SD | C] -- C:\Users\XXXX\AppData\Roaming\Microsoft
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Videos
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Saved Games
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Pictures
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Music
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Links
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Favorites
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Downloads
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Documents
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Desktop
[2010/01/07 22:25:52 | 00,000,000 | -H-D | C] -- C:\Users\XXXX\AppData
[2010/01/07 22:25:52 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Temp
[2010/01/07 22:25:52 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Microsoft
[2010/01/07 22:25:52 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Media Center Programs
[2010/01/07 22:19:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/01/07 21:24:52 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/01/07 21:16:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2010/01/05 18:10:37 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2010/01/05 13:23:57 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/01/05 13:23:18 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/01/05 12:20:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/01/05 11:19:05 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/01/05 11:18:45 | 00,541,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2010/01/05 11:15:35 | 14,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/01/05 11:15:35 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/01/05 11:15:34 | 12,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/01/05 11:15:34 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/01/05 11:15:34 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/01/05 11:15:34 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/01/05 11:15:34 | 01,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/01/05 11:15:34 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/01/05 11:15:34 | 00,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/01/05 11:15:34 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/01/05 11:15:34 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/01/05 11:15:34 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/01/05 11:15:34 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/01/05 11:15:34 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/01/05 11:15:22 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/01/05 11:15:21 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/01/05 11:15:21 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/01/05 11:06:04 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/01/05 11:05:53 | 00,342,656 | R--- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe
[2010/01/05 11:05:27 | 00,273,072 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\e1k62x64.sys
[2010/01/05 11:05:27 | 00,072,288 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\e1kmsg.dll
[2010/01/05 11:05:27 | 00,036,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicCo36.dll
[2010/01/05 11:05:25 | 00,078,016 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicInstK.dll
[2010/01/05 11:03:02 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/01/05 11:03:02 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/01/05 11:02:54 | 00,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/01/05 11:02:54 | 00,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/01/05 11:02:54 | 00,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/01/05 11:02:53 | 01,552,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/01/05 11:02:53 | 01,272,352 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/01/05 11:02:53 | 00,417,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/01/05 11:02:53 | 00,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/01/05 11:02:53 | 00,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/01/05 11:02:53 | 00,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/01/05 11:02:52 | 01,163,296 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/01/05 11:02:52 | 00,611,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/01/05 11:02:52 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/01/05 11:02:52 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/01/05 11:02:52 | 00,066,080 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/01/05 11:02:51 | 00,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/01/05 11:02:50 | 00,176,640 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll
[2010/01/05 11:02:50 | 00,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010/01/05 11:02:50 | 00,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010/01/05 11:02:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/01/05 11:02:49 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/01/05 11:02:49 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/01/05 11:02:48 | 00,540,672 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/01/05 11:02:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/01/05 11:01:01 | 00,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/01/05 11:01:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/01/05 11:00:59 | 00,000,000 | ---D | C] -- C:\Intel
[2010/01/05 11:00:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/01/05 11:00:16 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/01/05 11:00:13 | 00,000,000 | ---D | C] -- C:\TempEI4
[2010/01/05 10:54:50 | 00,000,000 | -HSD | C] -- C:\Recovery
[2010/01/05 10:54:47 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/01/05 10:11:43 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/01/05 10:11:11 | 00,000,000 | -HSD | C] -- C:\System Volume Information
 
[COLOR=#e56717]========== Files - Modified Within 30 Days ==========[/COLOR]
 
[2010/01/11 23:47:00 | 02,359,296 | -HS- | M] () -- C:\Users\XXXX\NTUSER.DAT
[2010/01/11 23:37:36 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
[2010/01/11 23:36:43 | 00,000,698 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/01/11 23:33:09 | 00,353,485 | ---- | M] () -- C:\Users\XXXX\Desktop\HostsXpert.zip
[2010/01/11 23:22:00 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1000UA.job
[2010/01/11 23:21:17 | 00,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/11 23:21:17 | 00,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/11 23:18:28 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/11 23:18:28 | 00,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/11 23:18:28 | 00,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/11 23:14:24 | 00,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/11 23:14:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/11 23:14:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/11 23:13:53 | 21,399,42911 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/11 23:09:38 | 02,876,814 | -H-- | M] () -- C:\Users\XXXX\AppData\Local\IconCache.db
[2010/01/11 23:03:07 | 00,001,079 | ---- | M] () -- C:\Users\XXXX\Desktop\Search Everything.lnk
[2010/01/11 23:02:54 | 00,341,811 | ---- | M] () -- C:\Users\XXXX\Desktop\Everything-1.2.1.371.exe
[2010/01/11 22:58:00 | 00,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1003UA.job
[2010/01/11 22:57:00 | 00,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1003Core.job
[2010/01/11 22:52:00 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/11 22:50:21 | 00,001,933 | ---- | M] () -- C:\Users\XXXX\Desktop\CCleaner.lnk
[2010/01/11 19:18:58 | 52,428,8000 | ---- | M] () -- C:\.fuse_hidden0000000200000001
[2010/01/11 18:44:27 | 00,001,555 | ---- | M] () -- C:\Users\XXXX\Desktop\procexp.exe - Shortcut.lnk
[2010/01/11 18:25:04 | 01,615,732 | ---- | M] () -- C:\Users\XXXX\Desktop\ProcessExplorer.zip
[2010/01/11 16:01:04 | 00,001,035 | ---- | M] () -- C:\Users\XXXX\Desktop\TextPad.lnk
[2010/01/10 22:22:00 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1000Core.job
[2010/01/10 21:24:41 | 00,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/01/10 21:24:41 | 00,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/01/10 21:23:48 | 00,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/01/10 21:22:02 | 02,972,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/10 18:01:57 | 03,168,344 | ---- | M] () -- C:\Users\XXXX\Desktop\Satellite_image_of_snow-covered_Great_Britain_on_7_January_2010.jpg
[2010/01/10 12:32:56 | 00,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/01/10 12:05:01 | 00,072,541 | ---- | M] () -- C:\Users\XXXX\Desktop\AVG_virus_vault_2010-01-10.gif
[2010/01/10 11:22:13 | 00,001,027 | ---- | M] () -- C:\Users\XXXX\Desktop\a-squared Free.lnk
[2010/01/10 11:22:02 | 00,001,075 | ---- | M] () -- C:\Users\XXXX\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/10 09:46:40 | 00,001,286 | ---- | M] () -- C:\Users\XXXX\Desktop\Control_Alt_A__batch_file.bat - Shortcut.lnk
[2010/01/10 09:46:30 | 00,001,286 | ---- | M] () -- C:\Users\XXXX\Desktop\Control_Alt_W__batch_file.bat - Shortcut.lnk
[2010/01/10 00:25:10 | 00,001,458 | ---- | M] () -- C:\Users\XXXX\Desktop\Internet Explorer (64-bit).lnk
[2010/01/10 00:01:25 | 00,000,948 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\306313.lnk
[2010/01/10 00:00:21 | 00,089,752 | ---- | M] () -- C:\Users\XXXX\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/09 23:51:44 | 00,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Xara Xtreme Pro 5.lnk
[2010/01/09 23:40:32 | 00,002,886 | ---- | M] () -- C:\Users\Public\Desktop\Mindjet MindManager 8.lnk
[2010/01/09 23:37:31 | 00,001,024 | ---- | M] () -- C:\Users\XXXX\Desktop\7-Zip File Manager.lnk
[2010/01/09 22:54:31 | 00,001,205 | ---- | M] () -- C:\Users\XXXX\Desktop\Adobe Dreamweaver CS4.lnk
[2010/01/09 16:43:49 | 03,451,056 | ---- | M] () -- C:\Users\XXXX\Desktop\U.S. Preventive Medicine Comprehensive Business Plan June 2008.PDF
[2010/01/09 14:02:22 | 00,001,181 | ---- | M] () -- C:\Users\XXXX\Desktop\Adobe Photoshop CS4.lnk
[2010/01/09 14:02:16 | 00,001,202 | ---- | M] () -- C:\Users\XXXX\Desktop\Adobe Photoshop CS4 (64 Bit).lnk
[2010/01/09 12:39:01 | 00,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2010/01/09 12:27:30 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/01/09 12:09:27 | 00,000,224 | -H-- | M] () -- C:\ProgramData\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2010/01/09 00:32:58 | 00,002,558 | ---- | M] () -- C:\Users\XXXX\Documents\AMSS_Certificate_Export.pfx
[2010/01/08 22:40:13 | 00,001,920 | ---- | M] () -- C:\Users\XXXX\Desktop\SCANPST - Shortcut.lnk
[2010/01/08 22:17:29 | 00,002,675 | ---- | M] () -- C:\Users\XXXX\Desktop\Microsoft Office Word 2003.lnk
[2010/01/08 22:17:25 | 00,002,563 | ---- | M] () -- C:\Users\XXXX\Desktop\Microsoft Office Visio 2003.lnk
[2010/01/08 22:17:21 | 00,002,651 | ---- | M] () -- C:\Users\XXXX\Desktop\Microsoft Office Project 2003.lnk
[2010/01/08 22:17:16 | 00,002,645 | ---- | M] () -- C:\Users\XXXX\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/01/08 22:17:09 | 00,002,693 | ---- | M] () -- C:\Users\XXXX\Desktop\Microsoft Office Outlook 2003.lnk
[2010/01/08 22:17:05 | 00,002,677 | ---- | M] () -- C:\Users\XXXX\Desktop\Microsoft Office Excel 2003.lnk
[2010/01/08 22:11:19 | 00,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/01/08 22:10:38 | 00,000,499 | ---- | M] () -- C:\Windows\win.ini
[2010/01/08 21:52:34 | 00,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/01/08 00:13:36 | 00,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/01/07 22:57:41 | 00,001,024 | ---- | M] () -- C:\.rnd
[2010/01/07 22:53:23 | 00,002,248 | ---- | M] () -- C:\Users\XXXX\Desktop\Google Chrome.lnk
[2010/01/07 22:25:53 | 00,524,288 | -HS- | M] () -- C:\Users\XXXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/01/07 22:25:53 | 00,524,288 | -HS- | M] () -- C:\Users\XXXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/01/07 22:25:53 | 00,065,536 | -HS- | M] () -- C:\Users\XXXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/01/07 22:25:53 | 00,000,020 | -HS- | M] () -- C:\Users\XXXX\ntuser.ini
[2010/01/07 22:19:19 | 00,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/07 21:16:20 | 00,002,677 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Keyboard.lnk
[2010/01/07 16:07:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/05 10:13:42 | 00,040,833 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/01/05 10:13:42 | 00,040,833 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
[COLOR=#e56717]========== Files Created - No Company Name ==========[/COLOR]
 
[2010/01/11 23:33:08 | 00,353,485 | ---- | C] () -- C:\Users\XXXX\Desktop\HostsXpert.zip
[2010/01/11 23:03:07 | 00,001,079 | ---- | C] () -- C:\Users\XXXX\Desktop\Search Everything.lnk
[2010/01/11 23:02:47 | 00,341,811 | ---- | C] () -- C:\Users\XXXX\Desktop\Everything-1.2.1.371.exe
[2010/01/11 22:50:21 | 00,001,933 | ---- | C] () -- C:\Users\XXXX\Desktop\CCleaner.lnk
[2010/01/11 19:18:36 | 52,428,8000 | ---- | C] () -- C:\.fuse_hidden0000000200000001
[2010/01/11 18:44:27 | 00,001,555 | ---- | C] () -- C:\Users\XXXX\Desktop\procexp.exe - Shortcut.lnk
[2010/01/11 18:25:01 | 01,615,732 | ---- | C] () -- C:\Users\XXXX\Desktop\ProcessExplorer.zip
[2010/01/11 16:01:04 | 00,001,035 | ---- | C] () -- C:\Users\XXXX\Desktop\TextPad.lnk
[2010/01/10 21:24:41 | 00,143,387 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/01/10 21:24:41 | 00,104,987 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/01/10 18:01:57 | 03,168,344 | ---- | C] () -- C:\Users\XXXX\Desktop\Satellite_image_of_snow-covered_Great_Britain_on_7_January_2010.jpg
[2010/01/10 12:32:56 | 00,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/01/10 12:14:54 | 00,000,948 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\306313.lnk
[2010/01/10 12:05:01 | 00,072,541 | ---- | C] () -- C:\Users\XXXX\Desktop\AVG_virus_vault_2010-01-10.gif
[2010/01/10 11:22:13 | 00,001,027 | ---- | C] () -- C:\Users\XXXX\Desktop\a-squared Free.lnk
[2010/01/10 11:22:02 | 00,001,075 | ---- | C] () -- C:\Users\XXXX\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/10 09:45:56 | 00,001,286 | ---- | C] () -- C:\Users\XXXX\Desktop\Control_Alt_A__batch_file.bat - Shortcut.lnk
[2010/01/10 09:45:51 | 00,001,286 | ---- | C] () -- C:\Users\XXXX\Desktop\Control_Alt_W__batch_file.bat - Shortcut.lnk
[2010/01/10 00:25:10 | 00,001,458 | ---- | C] () -- C:\Users\XXXX\Desktop\Internet Explorer (64-bit).lnk
[2010/01/09 23:40:32 | 00,002,886 | ---- | C] () -- C:\Users\Public\Desktop\Mindjet MindManager 8.lnk
[2010/01/09 23:37:31 | 00,001,024 | ---- | C] () -- C:\Users\XXXX\Desktop\7-Zip File Manager.lnk
[2010/01/09 22:54:31 | 00,001,205 | ---- | C] () -- C:\Users\XXXX\Desktop\Adobe Dreamweaver CS4.lnk
[2010/01/09 16:41:00 | 03,451,056 | ---- | C] () -- C:\Users\XXXX\Desktop\U.S. Preventive Medicine Comprehensive Business Plan June 2008.PDF
[2010/01/09 14:02:22 | 00,001,181 | ---- | C] () -- C:\Users\XXXX\Desktop\Adobe Photoshop CS4.lnk
[2010/01/09 14:02:16 | 00,001,202 | ---- | C] () -- C:\Users\XXXX\Desktop\Adobe Photoshop CS4 (64 Bit).lnk
[2010/01/09 12:27:30 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/01/09 12:24:04 | 00,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/01/09 12:09:27 | 00,000,224 | -H-- | C] () -- C:\ProgramData\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2010/01/09 11:10:34 | 00,001,037 | ---- | C] () -- C:\Users\Public\Desktop\Xara Xtreme Pro 5.lnk
[2010/01/09 00:32:55 | 00,002,558 | ---- | C] () -- C:\Users\XXXX\Documents\AMSS_Certificate_Export.pfx
[2010/01/08 22:40:13 | 00,001,920 | ---- | C] () -- C:\Users\XXXX\Desktop\SCANPST - Shortcut.lnk
[2010/01/08 22:17:29 | 00,002,675 | ---- | C] () -- C:\Users\XXXX\Desktop\Microsoft Office Word 2003.lnk
[2010/01/08 22:17:25 | 00,002,563 | ---- | C] () -- C:\Users\XXXX\Desktop\Microsoft Office Visio 2003.lnk
[2010/01/08 22:17:21 | 00,002,651 | ---- | C] () -- C:\Users\XXXX\Desktop\Microsoft Office Project 2003.lnk
[2010/01/08 22:17:16 | 00,002,645 | ---- | C] () -- C:\Users\XXXX\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/01/08 22:17:09 | 00,002,693 | ---- | C] () -- C:\Users\XXXX\Desktop\Microsoft Office Outlook 2003.lnk
[2010/01/08 22:17:05 | 00,002,677 | ---- | C] () -- C:\Users\XXXX\Desktop\Microsoft Office Excel 2003.lnk
[2010/01/08 00:13:36 | 00,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/07 23:58:43 | 01,653,980 | ---- | C] () -- C:\Windows\SysNative\WacomTablet.znc
[2010/01/07 22:57:40 | 00,001,024 | ---- | C] () -- C:\.rnd
[2010/01/07 22:53:23 | 00,002,248 | ---- | C] () -- C:\Users\XXXX\Desktop\Google Chrome.lnk
[2010/01/07 22:53:00 | 00,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1003UA.job
[2010/01/07 22:52:59 | 00,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1003Core.job
[2010/01/07 22:47:57 | 00,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/07 22:47:56 | 00,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/07 22:45:20 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/07 22:25:53 | 00,524,288 | -HS- | C] () -- C:\Users\XXXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/01/07 22:25:53 | 00,524,288 | -HS- | C] () -- C:\Users\XXXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/01/07 22:25:53 | 00,065,536 | -HS- | C] () -- C:\Users\XXXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/01/07 22:25:53 | 00,000,020 | -HS- | C] () -- C:\Users\XXXX\ntuser.ini
[2010/01/07 22:25:52 | 02,359,296 | -HS- | C] () -- C:\Users\XXXX\NTUSER.DAT
[2010/01/07 22:19:19 | 00,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/07 22:17:08 | 00,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1000UA.job
[2010/01/07 22:17:07 | 00,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1000Core.job
[2010/01/07 21:16:20 | 00,002,677 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Keyboard.lnk
[2010/01/05 11:05:53 | 00,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2010/01/05 11:05:27 | 00,003,127 | ---- | C] () -- C:\Windows\SysNative\e1k62x64.din
[2010/01/05 10:11:11 | 21,399,42911 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/13 23:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/14 14:29:30 | 00,008,520 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2007/04/27 11:43:58 | 00,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
[COLOR=#e56717]========== LOP Check ==========[/COLOR]
 
[2010/01/10 02:00:17 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\.oit
[2010/01/09 16:43:16 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Foxit
[2010/01/08 08:35:23 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Helios
[2010/01/09 09:34:12 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MAGIX
[2010/01/08 08:24:15 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\PolyEdit Lite
[2010/01/09 17:27:55 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TeamViewer
[2010/01/09 11:25:42 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Van Dyke Technologies
[2009/07/14 05:08:49 | 00,007,310 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[COLOR=#e56717]========== Purity Check ==========[/COLOR]
 
 
< End of report >
 
Last edited by a moderator:

My Computer My Computer

Computer Manufacturer/Model Number
Custom built
OS
Windows7 Pro x64
CPU
Intel Core I5 750 2.66GHz
Motherboard
Intel DP55WB (MA TX)
Memory
8GB = (2GB 1066 DDR3 Memory) x4 modules
Graphics Card(s)
NVIDIA XTF GeForce 9500GT 512Mb
Sound Card
none
Monitor(s) Displays
Samsung SyncMaster 244T
Screen Resolution
1920 x 1200
Hard Drives
Seagate 500Gb, RPM: 7200, Cache:32MB, SATA
PSU
500W ATX 12v 80+ PSU
Case
Midi Tower
Cooling
?
Keyboard
Logitech Y-UV90 (corded ergonomic)
Mouse
Microsoft Intellimouse Explorer Tilt Wheel Mouse
Internet Speed
ADSL
And here is Extras.txt

Code: 
OTL Extras logfile created on: 11/01/2010 23:45:26 - Run 1
OTL by OldTimer - Version 3.1.24.0     Folder = C:\Users\XXXX\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 82.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 433.07 Gb Free Space | 93.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXXX09
Current User Name: XXXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[COLOR=#e56717]========== Extra Registry (SafeList) ==========[/COLOR]
 
 
[COLOR=#e56717]========== File Associations ==========[/COLOR]
 
[B]64bit:[/B] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[COLOR=#e56717]========== Shell Spawning ==========[/COLOR]
 
[B]64bit:[/B] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[COLOR=#e56717]========== Security Center Settings ==========[/COLOR]
 
[B]64bit:[/B] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[B]64bit:[/B] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[B]64bit:[/B] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[B]64bit:[/B] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[COLOR=#e56717]========== Authorized Applications List ==========[/COLOR]
 
 
[COLOR=#e56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/COLOR]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{59B4B93D-FC47-4F16-AE8E-CD103F022654}" = Microsoft Security Essentials
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EEEFE7A9-293E-4F5F-A114-81731A9C3826}" = Intel(R) Network Connections 14.2.100.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel(R) Network Connections 14.2.100.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0236C1B8-A699-4A8F-9121-36B41FFDB33A}" = Mindjet MindManager 8
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{2BF52D77-1DF7-4391-85B3-AE45CEE8BD86}" = Xara Xtreme Pro 5
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 9.10 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"CCleaner" = CCleaner
"Everything" = Everything 1.2.1.371
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Wacom Tablet Driver" = Wacom Tablet
 
[COLOR=#e56717]========== HKEY_CURRENT_USER Uninstall List ==========[/COLOR]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
[COLOR=#e56717]========== Last 10 Event Log Errors ==========[/COLOR]
 
[ Application Events ]
Error - 10/01/2010 18:33:52 | Computer Name = XXXX09 | Source = ESENT | ID = 902
Description = Windows (1560) Windows: The database engine detected multiple threads
 illegally using the same database session to perform database operations.     SessionId:
 0x0000000001351100     Session-context: 0x00000000     Session-context ThreadId: 0x00000000000013F4

    Current
 ThreadId: 0x00000000000013FC
 
Error - 10/01/2010 18:33:52 | Computer Name = XXXX09 | Source = ESENT | ID = 902
Description = Windows (1560) Windows: The database engine detected multiple threads
 illegally using the same database session to perform database operations.     SessionId:
 0x0000000001351100     Session-context: 0x00000000     Session-context ThreadId: 0x00000000000013F4

    Current
 ThreadId: 0x00000000000013FC
 
Error - 10/01/2010 18:33:52 | Computer Name = XXXX09 | Source = ESENT | ID = 902
Description = Windows (1560) Windows: The database engine detected multiple threads
 illegally using the same database session to perform database operations.     SessionId:
 0x0000000001351100     Session-context: 0x00000000     Session-context ThreadId: 0x00000000000013F4

    Current
 ThreadId: 0x00000000000013FC
 
Error - 10/01/2010 20:30:17 | Computer Name = XXXX09 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\LogMeIn\x86\LogMeInToolkit.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error - 10/01/2010 20:30:20 | Computer Name = XXXX09 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 10/01/2010 20:30:31 | Computer Name = XXXX09 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program 
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of 
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 11/01/2010 11:09:31 | Computer Name = XXXX09 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 11/01/2010 11:18:54 | Computer Name = XXXX09 | Source = SPP | ID = 16388
Description = 
 
Error - 11/01/2010 11:18:55 | Computer Name = XXXX09 | Source = SPP | ID = 16388
Description = 
 
Error - 11/01/2010 14:43:45 | Computer Name = XXXX09 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\LogMeIn\x64\LogMeInToolkit.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
[ System Events ]
Error - 11/01/2010 15:49:27 | Computer Name = XXXX09 | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid 
current state 32.
 
Error - 11/01/2010 18:47:16 | Computer Name = XXXX09 | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\SBREdrv.sys has been blocked from 
loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 11/01/2010 18:47:41 | Computer Name = XXXX09 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SBRE
 
Error - 11/01/2010 18:50:41 | Computer Name = XXXX09 | Source = bowser | ID = 8003
Description = 
 
Error - 11/01/2010 19:09:44 | Computer Name = XXXX09 | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid 
current state 32.
 
Error - 11/01/2010 19:13:51 | Computer Name = XXXX09 | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\SBREdrv.sys has been blocked from 
loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 11/01/2010 19:14:08 | Computer Name = XXXX09 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 11/01/2010 19:14:14 | Computer Name = XXXX09 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SBRE
 
Error - 11/01/2010 19:22:11 | Computer Name = XXXX09 | Source = bowser | ID = 8003
Description = 
 
Error - 11/01/2010 19:34:11 | Computer Name = XXXX09 | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
 
Last edited by a moderator:

My Computer My Computer

Computer Manufacturer/Model Number
Custom built
OS
Windows7 Pro x64
CPU
Intel Core I5 750 2.66GHz
Motherboard
Intel DP55WB (MA TX)
Memory
8GB = (2GB 1066 DDR3 Memory) x4 modules
Graphics Card(s)
NVIDIA XTF GeForce 9500GT 512Mb
Sound Card
none
Monitor(s) Displays
Samsung SyncMaster 244T
Screen Resolution
1920 x 1200
Hard Drives
Seagate 500Gb, RPM: 7200, Cache:32MB, SATA
PSU
500W ATX 12v 80+ PSU
Case
Midi Tower
Cooling
?
Keyboard
Logitech Y-UV90 (corded ergonomic)
Mouse
Microsoft Intellimouse Explorer Tilt Wheel Mouse
Internet Speed
ADSL
You must log in or register to reply here.

Similar threads

Any advice on Windows 7 clean install?
Replies
3
Views
3K
gregrocker
gregrocker
Solved Looking for any advice for high CPU Core Speed
Replies
5
Views
3K
AirPower4ever
A
Solved Files won't stay pinned on the taskbar. Any advice?
Replies
12
Views
21K
mrje1
M
any advice on a budget gaming laptop?
Replies
2
Views
4K
Tepid
Tepid
Back
Top