MS removal tool virus

spinner456

Jr. Member

Posts: 56

MS removal tool virus

« on: June 05, 2011, 12:07:35 PM »

Yesterday I got hit with the fake MS removal virus, which I understand is a new one.No worries.I booted into safe mode and got my computer functional again with Malwarebytes Anti-Malware, but I still have a bunch of trojans on my computer.Only Spyware Doctor detects them, not Malwarebytes, AVG, Bit Defender, F-secure, Avir what evr you call it( I used an anti virus boot Cd),or Super Antispyware, just Spyware Doctor.The problem is I don't have a Spyware Doctor license, so I need another way to get rid of them.Also, how long can a trojan be on your computer before something like this happens?

I'm running Windows XP Professional, by the way.


« Last Edit: June 05, 2011, 12:44:49 PM by spinner456 »	Logged

dannyjks

Sr. Member

Posts: 371

Re: MS removal tool virus

« Reply #1 on: June 06, 2011, 04:22:36 AM »

Download the free one i think it has the same Definitions in as spyware doctor with antivirus


	Logged

spinner456

Jr. Member

Posts: 56

Re: MS removal tool virus

« Reply #2 on: June 06, 2011, 05:34:00 AM »

I'll try that, but you didn't answer my other question.How long can these trojans be on my computer with showing symptoms?I ask because I got infacted with a virus a couple of months ago, and even after I got my computer working again and all the virus scans came up clean my system has worked the same, one problem being that my windows updates don't work.They won't install.Can these trojans have been on my system this whole time causing this problem?


	Logged

Britec

Administrator
Hero Member

Posts: 3497

Re: MS removal tool virus

« Reply #3 on: June 06, 2011, 10:11:35 AM »

Steps to remove infections automatically

1. Download Dr.Web CureIt! and save it in desktop.
2. Download Security Space Pro (32-bit) or Security Space Pro (64-bit), save it in desktop.
3. Reboot computer to Safe Mode (press F8 before any Microsoft logo appears).
4. Double click "cureit.exe" on desktop, follow on screen instructions to scan hard disk.
(Wait patiently, it may take 20-60 minutes to perform an express scan.)
5. After scanning is done, select all viruses found and choose "Cure".
(If some files are not suitable to be cured, choose "Quarantine" or "Delete".)
6. When all viruses found are cured, quarantined, or deleted, reboot to Normal Mode.
7. Uninstall existing anti-virus software which cannot kill the viruses, and then reboot again.
8. Locate the setup file of Security Space Pro on desktop, double click to run it.
9. During setup, choose to obtain a demo key.
10. After first time update, the scanner will be launched again, quit the scanner at this point.
11. Complete the setup by rebooting computer.
12. When time is allowed (may need several hours), perform a full scan in Dr.Web Scanner.

Note :

1. If it is unable to start Windows due to virus infection, try Dr.Web LiveCD or Dr.Web LiveUSB instead of Dr.Web CureIt!
2. Time needed for express scan or full scan relies on many factors, such as system performance, available memory, running processes, number of drives and files, etc.

Info on Trojan-Downloader.Win32.Murlo.eb
http://www.securelist.com/en/descriptions/old133793


« Last Edit: June 06, 2011, 10:17:12 AM by Britec »	Logged

spinner456

Jr. Member

Posts: 56

Re: MS removal tool virus

« Reply #4 on: June 06, 2011, 04:45:18 PM »

PC Tools Anti-Virus free only found one trojan, not the others.I tried downloading Dr. Web cure it! and it's not working.The link for Security Space Pro isn't working either.It just says unable to connect.


	Logged

Britec

Administrator
Hero Member

Posts: 3497

Re: MS removal tool virus

« Reply #5 on: June 07, 2011, 03:00:01 AM »

cant understand that, there working for me Huh?


	Logged

spinner456

Jr. Member

Posts: 56

Re: MS removal tool virus

« Reply #6 on: June 07, 2011, 04:58:25 AM »

Just out of curiousity, what's the signifigence of safe mode?I'm about to do it nmow, but what's the difference between it and normal mode?


	Logged

Britec

Administrator
Hero Member

Posts: 3497

Re: MS removal tool virus

« Reply #7 on: June 07, 2011, 06:07:36 AM »

Nothing will be running in Safemode


	Logged

spinner456

Jr. Member

Posts: 56

Re: MS removal tool virus

« Reply #8 on: June 07, 2011, 04:20:21 PM »

Dr. Web didn't help.All it did was delete 1 virus and move the other 3, which weren't viruses, to quarantine.How do I get them moved back to where they were?

After, I did another scan with Spyware Doctor and it found all the same trojans as before, so what next?


« Last Edit: June 07, 2011, 04:23:33 PM by spinner456 »	Logged

Britec

Administrator
Hero Member

Posts: 3497

Re: MS removal tool virus

« Reply #9 on: June 08, 2011, 01:16:12 AM »

If the files was safe why did you move them? you should of ignored them.

Getting Hijackthis and installing it correctly

Click here to download HJTsetup.exe

�   Save HJTsetup.exe to your desktop.
�   Double click on the HJTsetup.exe icon on your desktop.
�   By default it will install to C:\Program Files\Hijack This.
�   Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
�   Put a check by Create a desktop icon then click Next again.
�   Continue to follow the rest of the prompts from there.
�   At the final dialogue box click Finish and it will launch Hijack This.
�   Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
�   Click Save to save the log file and then the log will open in notepad.
�   Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
�   Paste the log in your next reply.
�   If you haven't already posted then start a new thread in the Virus/Trojan/Spyware/Malware forum
�   DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


	Logged

spinner456

Jr. Member

Posts: 56

Re: MS removal tool virus

« Reply #10 on: June 08, 2011, 05:39:03 AM »

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:24:49 AM, on 6/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\PermissionTV\bin\dmtray.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\PERMIS~1\bin\dm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTgxMjUxMzMzLVQ1LVU4NSsxLUJBKzEtS1YzKzctWEwrMS1GUDkrNi1UQjkrMi1GTCs5LVhPMzYrMS1YTzEwKzExLUxJQysyLVNQMSsx"&"prod=90"&"ver=10.0.1204
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: here Player Tray App.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302633360140
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PermissionTV Download Manager Service (PermissionTVDownloadManager) - PermissionTV - C:\PROGRA~1\PERMIS~1\bin\dm.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 13001 bytes


	Logged

Britec

Administrator
Hero Member

Posts: 3497

Re: MS removal tool virus

« Reply #11 on: June 08, 2011, 12:11:02 PM »

That log is not showing any of the hardcore infections your talking about, infact its not showing anything.

If you think there is still virus on system please follow guide below

Instructions Diagnostic Scan With OTL:

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

Code:

%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

   Make sure Use Safe List is selected under all categories
   Make sure both Purity Check and LOP Check are selected
   Make sure File Age is set to 30 days
   Click the Run Scan button.

   When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

   Please Attach the contents of these logs for review by our Security Team

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://www.itxassociates.com/OT-Tools/OTL.scr
http://www.itxassociates.com/OT-Tools/OTL.com
------------------------------------------------------------------------

Instructions: Check the Master Boot Record (MBR)

Please download aswMBR from here

   Save aswMBR.exe to your Desktop
   Double click aswMBR.exe to run it
   Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop

Attach the contents of aswMBR.txt in your post for review

IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. Britec Forum Team will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for us to foresee all interactions that may happen between the software on your computer and those used to clear you of infection, and we cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, we advise you to backup any personal files and folders before you start.


« Last Edit: June 08, 2011, 12:14:33 PM by Britec »	Logged

spinner456

Jr. Member

Posts: 56

Re: MS removal tool virus

« Reply #12 on: June 08, 2011, 04:34:36 PM »

This log was really big, so I have to break into 2 posts.

TL logfile created on: 6/8/2011 3:50:21 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.92% Memory free
2.38 Gb Paging File | 1.59 Gb Available in Paging File | 66.48% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.67 Gb Total Space | 44.56 Gb Free Space | 24.53% Space Free | Partition Type: NTFS
Drive D: | 4.63 Gb Total Space | 1.25 Gb Free Space | 27.02% Space Free | Partition Type: FAT32
Drive K: | 1863.02 Gb Total Space | 19.93 Gb Free Space | 1.07% Space Free | Partition Type: NTFS

Computer Name: DAKNEL | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/08 15:37:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/03/23 07:56:48 | 000,602,624 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/05/07 18:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/02 19:59:18 | 000,057,344 | ---- | M] (PermissionTV) -- C:\Program Files\PermissionTV\bin\dmtray.exe
PRC - [2007/10/02 19:59:06 | 000,225,341 | ---- | M] (PermissionTV) -- C:\Program Files\PermissionTV\bin\dm.exe
PRC - [2007/06/07 14:55:45 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/11/22 21:10:06 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
PRC - [2005/05/12 15:00:54 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

========== Modules (SafeList) ==========

MOD - [2011/06/08 15:37:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,157,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\smum32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/23 07:56:48 | 000,602,624 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/05/22 18:34:34 | 000,851,968 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/06/01 02:13:10 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/05/07 18:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2007/10/02 19:59:06 | 000,225,341 | ---- | M] (PermissionTV) [Auto | Running] -- C:\Program Files\PermissionTV\bin\dm.exe -- (PermissionTVDownloadManager)
SRV - [2007/06/07 14:55:45 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/26 15:09:48 | 000,599,552 | ---- | M] (Hauppauge Computer Work, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hcw73bda.sys -- (hcw73bda)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/01/26 17:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 17:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/06/01 02:13:10 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 12:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/17 11:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2007/11/07 09:18:54 | 000,007,936 | R--- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\inidvd.sys -- (INIDVD)
DRV - [2007/10/31 06:14:50 | 000,031,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32)
DRV - [2007/06/07 14:40:18 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/05/12 15:00:50 | 002,951,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2005/01/07 18:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/09 20:15:14 | 000,798,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/17 17:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/11 07:27:32 | 000,212,608 | ---- | M] (OrangeWare, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WebCamDV.sys -- (WebCamDV)
DRV - [2004/04/16 14:57:58 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/01/30 14:08:59 | 000,012,672 | ---- | M] (OrangeWare, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wcdvaud.sys -- (WCDV_Aud)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 09:29:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 18:47:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 18:47:15 | 000,000,000 | ---D | M]

[2009/07/02 23:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/06/07 19:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7jxq6nxo.default\extensions
[2010/05/17 22:33:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7jxq6nxo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/06/06 13:29:43 | 000,000,000 | ---D | M] (JSONView) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7jxq6nxo.default\extensions\jsonview@brh.numbera.com
[2010/02/04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7jxq6nxo.default\searchplugins\askcom.xml
[2011/06/07 19:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/24 06:06:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/14 16:40:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/11 09:29:16 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2009/01/28 22:15:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/07 08:01:12 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\here Player Tray App.lnk = C:\Program Files\PermissionTV\bin\dmtray.exe (PermissionTV)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302633360140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab (ASPRO Installer Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/26 15:25:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/02 20:21:31 | 000,000,000 | RH-D | M] - K:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 21:56:50 | 000,000,036 | RH-- | M] () - K:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe - (Hauppauge Computer Works)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Beyond TV.lnk - C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinTV Recording Status..lnk - C:\Program Files\WinTV\WinTV7\WinTVTray.exe - (Hauppauge Computer Works, Inc.)
MsConfig - StartUpReg: OWCWebCamDV - hkey= - key= - C:\WINDOWS\system\wcdvtray.exe (OrangeWare, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{b5f15cbd-370a-4244-8f42-14cba2eb4e2c} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (67286130185207808)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 15:40:56 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/06/08 15:37:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/07 17:16:20 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/06/07 17:16:20 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/06/07 17:16:16 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/06/07 17:16:04 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/06/07 17:16:04 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/06/07 17:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/06/07 17:15:51 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/06/07 17:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/06/07 17:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2011/06/07 07:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb
[2011/06/06 07:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/06/05 12:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/06/05 12:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/06/05 11:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/06/04 11:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gA06501PbDoM06501
[2011/05/11 15:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2005/02/22 21:40:30 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/06/08 15:59:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0E319239-9947-4CCC-9E10-4CC214F38437}.job
[2011/06/08 15:40:42 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/06/08 15:37:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/08 15:13:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3033142068-2686121263-1918304332-500UA.job
[2011/06/08 08:16:50 | 117,588,799 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/08 02:13:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3033142068-2686121263-1918304332-500Core.job
[2011/06/08 00:00:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\NeroLiveEpgUpdate-DAKNEL_Administrator.job
[2011/06/07 23:19:51 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/07 17:49:39 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\trojan 6.bmp
[2011/06/07 17:47:53 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\trojan 5.bmp
[2011/06/07 17:45:53 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\trojan 4.bmp
[2011/06/07 17:44:17 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tabs.bmp
[2011/06/07 17:15:59 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/06/07 17:09:21 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/07 17:07:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/07 17:07:13 | 1609,351,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 17:02:37 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dr web.bmp
[2011/06/07 08:01:12 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/07 07:02:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/06/07 06:42:39 | 065,405,544 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2d37bwax.exe
[2011/06/06 18:55:21 | 042,730,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\4k8t247w.exe
[2011/06/06 17:00:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/06/06 06:35:42 | 000,513,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avinstall.exe
[2011/06/05 23:38:42 | 067,211,589 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sessionstore.json
[2011/06/05 14:05:17 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\trojan 3.bmp
[2011/06/05 14:04:36 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\trojan 1.bmp
[2011/06/05 14:03:26 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\trojan 2.bmp
[2011/06/05 13:19:57 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/05 11:28:59 | 000,712,670 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/05 11:22:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 10:59:46 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RWsdsetup.exe
[2011/06/05 10:56:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/05 09:57:22 | 000,030,958 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2011/06/04 21:14:45 | 000,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/04 11:59:24 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/02 03:00:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/06/01 18:15:21 | 008,098,265 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\outsportscast_26_May_2011.mp3
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/21 01:49:03 | 010,626,410 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\outsportscast_19_May_2011.mp3
[2011/05/13 16:59:20 | 009,021,474 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\outsportscast_12_May_2011.mp3
[2011/05/13 16:58:23 | 009,766,290 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\outsportscast_28_Apr_2011.mp3

========== Files Created - No Company Name ==========

[2011/06/07 17:49:38 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trojan 6.bmp
[2011/06/07 17:47:53 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trojan 5.bmp
[2011/06/07 17:45:53 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trojan 4.bmp
[2011/06/07 17:44:16 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tabs.bmp
[2011/06/07 17:15:59 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/06/07 17:07:13 | 1609,351,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/07 17:02:36 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dr web.bmp
[2011/06/07 06:38:28 | 065,405,544 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2d37bwax.exe
[2011/06/06 18:52:52 | 042,730,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\4k8t247w.exe
[2011/06/06 18:46:20 | 067,211,589 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sessionstore.json
[2011/06/06 06:36:04 | 000,513,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avinstall.exe
[2011/06/05 14:05:17 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trojan 3.bmp
[2011/06/05 14:03:25 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trojan 2.bmp
[2011/06/05 14:02:49 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trojan 1.bmp
[2011/06/05 11:28:44 | 000,712,670 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/05 11:00:05 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RWsdsetup.exe
[2011/06/01 18:14:40 | 008,098,265 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\outsportscast_26_May_2011.mp3
[2011/05/21 01:48:23 | 010,626,410 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\outsportscast_19_May_2011.mp3
[2011/05/13 16:58:48 | 009,021,474 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\outsportscast_12_May_2011.mp3
[2011/05/13 16:57:33 | 009,766,290 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\outsportscast_28_Apr_2011.mp3
[2010/10/24 03:54:24 | 000,055,760 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/22 05:11:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/22 05:11:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/22 05:11:16 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/22 05:11:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/22 05:11:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/18 03:08:12 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/27 17:43:07 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/27 00:27:14 | 000,017,922 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3962242619
[2010/04/26 13:22:16 | 000,017,910 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b08620CF7A25y
[2010/04/19 13:10:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/10 19:02:32 | 000,000,265 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini
[2010/04/10 18:59:54 | 000,142,337 | ---- | C] () -- C:\WINDOWS\System32\Wait.exe
[2010/04/10 18:57:00 | 000,004,671 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/04/10 18:32:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/04/10 18:31:54 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2009/11/11 06:37:18 | 002,542,458 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2009/11/07 16:03:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/10/03 12:11:20 | 000,011,080 | ---- | C] () -- C:\WINDOWS\owar.sys
[2009/10/03 12:11:20 | 000,010,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\azyb.dl
[2009/10/03 12:11:19 | 000,015,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\afomesenus.dll
[2009/10/03 12:11:19 | 000,015,715 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\huwydugupe._sy
[2009/10/03 12:11:19 | 000,013,983 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\asuhenodac._dl
[2009/10/03 12:11:19 | 000,013,339 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rydocu.dl
[2009/10/03 12:11:18 | 000,015,066 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\sicim.ban
[2009/10/03 12:11:18 | 000,011,558 | ---- | C] () -- C:\WINDOWS\vesogaze.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/29 17:07:54 | 000,000,068 | ---- | C] () -- C:\WINDOWS\spwdr.INI
[2009/07/29 17:07:37 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/07/29 17:07:33 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/07/29 17:07:33 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2009/07/29 17:07:32 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2009/07/29 17:07:32 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/07/29 17:07:26 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll
[2009/05/11 10:26:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/11 10:14:40 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2009/05/11 10:14:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\downloads.m3u
[2009/05/11 09:37:18 | 000,034,708 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/11/21 21:18:12 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2008/06/01 02:13:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/03/16 06:30:37 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/12/21 01:45:54 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/12/21 01:45:53 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/12/21 01:44:31 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/12/21 01:44:30 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/12/21 01:44:26 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/11/16 20:08:47 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/09/11 22:47:56 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/07/16 11:17:21 | 000,030,958 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2007/06/17 08:24:50 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/07 14:57:02 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/06/07 14:57:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/06/07 14:56:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2007/06/07 14:55:47 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2007/06/07 14:53:36 | 000,518,520 | ---- | C] () -- C:\WINDOWS\vidres.exe
[2007/06/07 14:37:31 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/06/07 14:33:33 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/07 14:24:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/31 22:06:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/05/27 05:35:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/27 04:32:55 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/05/26 15:31:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/26 15:21:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/26 14:31:01 | 000,001,144 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/26 14:31:01 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/05/26 14:30:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/26 14:30:09 | 000,459,844 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/05/26 14:30:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/05/26 14:30:09 | 000,073,706 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/05/26 14:30:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/05/26 14:30:07 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/05/26 14:30:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/05/26 14:30:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/26 14:29:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/05/26 14:29:53 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/05/26 14:29:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/05/26 14:29:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/05/26 08:14:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/26 08:13:50 | 000,254,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe

========== LOP Check ==========

[2010/07/08 16:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\abgx360
[2008/12/27 21:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2011/04/04 17:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2009/07/02 19:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2008/12/26 05:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CDRoller
[2009/05/11 22:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2008/07/11 21:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2009/01/05 06:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2010/07/08 16:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2008/07/22 17:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/05/14 08:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nici
[2009/01/05 06:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2009/12/24 15:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Participatory Culture Foundation
[2010/09/20 14:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2010/09/23 05:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2007/06/07 14:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/05/17 21:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vghd
[2007/07/31 00:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2009/05/14 08:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VOWSoft
[2009/03/25 05:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Live Writer
[2011/03/21 20:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WindSolutions
[2009/12/24 17:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\XBMC
[2010/04/26 13:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2011/04/12 12:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/04 07:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/07/02 19:09:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/07/02 19:25:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/07/02 19:27:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/04/03 10:17:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/07/25 08:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extreme Picture Finder
[2011/06/05 11:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gA06501PbDoM06501
[2007/11/16 17:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap
[2009/05/26 23:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2008/09/08 18:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/04/12 12:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/06/07 15:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2010/09/23 05:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/10 19:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnapStream
[2011/06/05 12:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/06/08 11:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/07/31 00:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/21 20:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/09 20:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/28 07:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/26 20:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/06/24 13:21:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D2A9AAE9-BAF5-4CBE-8CC4-9314EE287B09}
[2011/04/03 11:07:04 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/06/06 17:00:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011/06/02 03:00:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2011/06/08 15:59:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0E319239-9947-4CCC-9E10-4CC214F38437}.job

========== Purity Check ==========

========== Custom Scans ==========


	Logged

spinner456

Jr. Member

Posts: 56

Re: MS removal tool virus

« Reply #13 on: June 08, 2011, 04:36:28 PM »

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/05/26 15:24:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/04/01 00:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9H.DLL
[2008/04/01 00:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9H.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 01:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/07/09 09:57:48 | 000,001,674 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/11/21 16:38:37 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2009/10/03 12:11:21 | 000,013,624 | ---- | M] () -- C:\WINDOWS\system32\yroma.db

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/10/15 11:18:55 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/05/26 15:33:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/06/07 06:42:39 | 065,405,544 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2d37bwax.exe
[2011/06/06 18:55:21 | 042,730,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\4k8t247w.exe
[2011/06/08 15:40:42 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/04/07 09:41:08 | 007,592,248 | ---- | M] (AVG ) -- C:\Documents and Settings\Administrator\Desktop\avg_pct_stf_all_2011_24_c5.exe
[2011/06/06 06:35:42 | 000,513,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avinstall.exe
[2003/04/22 22:02:14 | 000,135,168 | ---- | M] (AVIPreview by AJ) -- C:\Documents and Settings\Administrator\Desktop\AVIPreview.exe
[2011/04/10 21:05:11 | 004,318,324 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/03/11 11:48:46 | 006,187,704 | ---- | M] (WindSolutions) -- C:\Documents and Settings\Administrator\Desktop\CopyTrans.exe
[2010/05/17 11:09:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
[2011/04/10 19:19:37 | 006,272,288 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Administrator\Desktop\MobileMeSetup.exe
[2007/06/24 06:41:12 | 000,135,680 | ---- | M] (www.mouseindustries.com) -- C:\Documents and Settings\Administrator\Desktop\MySpaceMp3Gopher1.exe
[2011/04/11 00:29:47 | 006,739,304 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\NDP20SP2-KB2418241-x86.exe
[2011/04/11 00:22:16 | 000,850,280 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\NDP20SP2-KB979909-x86.exe
[2011/04/11 00:28:31 | 011,660,648 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\NDP20SP2-KB983583-x86.exe
[2011/04/11 00:17:43 | 021,005,160 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\NDP30SP2-KB982168-x86.exe
[2011/04/11 00:26:07 | 016,945,512 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\NDP30SP2-KB982524-x86.exe
[2011/06/08 15:37:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/05 10:59:46 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RWsdsetup.exe
[2010/04/26 19:59:49 | 008,493,490 | ---- | M] (Neoretix Laboratory ) -- C:\Documents and Settings\Administrator\Desktop\setup.exe
[2010/09/11 01:32:57 | 000,291,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SoftonicDownloader_for_vdownloader.exe
[2011/04/12 14:36:45 | 012,817,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\windows-kb890830-v3.18.exe
[2011/04/05 09:33:11 | 002,585,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\WindowsInstaller-KB893803-v2-x86.exe
[2011/04/05 09:25:23 | 006,216,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\windowsupdateagent30-x86.exe
[2011/04/05 09:32:14 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB942288-v3-x86.exe
[2009/12/24 17:27:55 | 048,449,677 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\xbmc-9.11.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/05/02 18:47:09 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/05/02 18:47:09 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/05/02 18:47:12 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/05/02 18:47:13 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/10/15 11:18:55 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/05/26 08:13:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/05/26 08:13:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/05/26 08:13:06 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 14:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008/03/17 11:45:52 | 000,019,584 | ---- | M] () -- C:\WINDOWS\system32\Ckldrv.sys
[2004/08/04 14:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 14:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 14:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 14:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 14:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 14:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 14:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 14:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 14:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 14:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2011/03/03 08:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/04/01 00:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9H.DLL
[2008/04/01 00:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9H.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2004/05/26 15:25:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/20 14:20:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/22 05:19:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/10 21:20:09 | 000,024,857 | ---- | M] () -- C:\ComboFix.txt
[2004/05/26 15:25:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/06/07 17:07:13 | 1609,351,168 | -HS- | M] () -- C:\hiberfil.sys
[2004/05/26 15:25:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/06/07 14:42:29 | 000,000,848 | -H-- | M] () -- C:\IPH.PH
[2007/11/13 17:59:24 | 000,003,371 | ---- | M] () -- C:\LGSInst.Log
[2010/05/14 06:29:00 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/06/07 14:21:12 | 000,000,060 | ---- | M] () -- C:\MOVE_RECOVERY
[2004/05/26 15:25:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/21 16:28:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/08 15:49:02 | 1109,180,416 | -HS- | M] () -- C:\pagefile.sys
[2007/06/07 14:57:42 | 000,000,411 | ---- | M] () -- C:\RtlAudio_Result.txt
[2008/02/09 16:40:17 | 000,000,495 | ---- | M] () -- C:\RtlSetup.log
[2009/02/19 08:08:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/11/30 19:35:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/11/30 19:35:03 | 000,000,172 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/11/30 19:41:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/11/30 19:41:06 | 000,000,172 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/11/30 19:41:06 | 000,000,172 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/11/30 19:41:06 | 000,000,136 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/01/18 05:46:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/01/18 05:46:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/01/18 05:48:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/01/18 05:48:36 | 000,000,172 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/01/18 05:48:36 | 000,000,148 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/05/17 18:43:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/07/28 21:14:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/07/28 21:31:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/08/18 00:14:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/10/30 18:28:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/10/30 18:28:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/10/30 18:28:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/10/30 18:28:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/02/19 08:08:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/11/30 19:35:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/11/30 19:35:03 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/11/30 19:41:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/11/30 19:41:06 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/11/30 19:41:06 | 000,000,160 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/11/30 19:41:06 | 000,000,160 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/01/18 05:46:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/01/18 05:46:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/01/18 05:48:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/01/18 05:48:36 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/01/18 05:48:36 | 000,000,160 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/05/17 18:43:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/07/28 21:14:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/07/28 21:31:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/08/18 00:14:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/10/30 18:28:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/10/30 18:28:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/10/30 18:28:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/10/30 18:28:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2011/04/03 18:50:24 | 000,001,884 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_03.04.2011_18.50.24_log.txt
[2011/04/03 18:50:27 | 000,001,794 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_03.04.2011_18.50.27_log.txt
[2011/04/03 19:01:14 | 000,052,658 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_03.04.2011_18.55.57_log.txt
[2011/04/04 05:18:01 | 000,052,654 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_04.04.2011_05.16.29_log.txt
[2011/04/04 08:04:33 | 000,051,952 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_04.04.2011_08.04.13_log.txt

< %PROGRAMFILES%\*. >
[2007/07/14 19:17:05 | 000,000,000 | ---D | M] -- C:\Program Files\2Wire
[2009/05/14 09:31:11 | 000,000,000 | ---D | M] -- C:\Program Files\Abacre Photo Downloader
[2010/07/08 14:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\abgx360
[2008/04/10 18:55:34 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter
[2011/03/23 19:57:28 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/06/07 14:42:28 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2007/06/07 14:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2007/06/07 14:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Toolbar
[2008/12/28 02:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/04/10 19:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Multimedia
[2007/06/07 14:56:46 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/07/09 20:40:10 | 000,000,000 | ---D | M] -- C:\Program Files\att-prt22
[2009/07/09 20:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-PRT22-WISE
[2008/12/27 21:31:23 | 000,000,000 | ---D | M] -- C:\Program Files\Auslogics
[2011/04/04 17:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/07/14 20:02:01 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2011/04/12 12:18:21 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/11/12 11:19:33 | 000,000,000 | ---D | M] -- C:\Program Files\Cain
[2009/07/02 19:15:14 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2009/07/02 19:08:24 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2010/10/24 04:13:16 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2008/12/26 05:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\CDRoller
[2011/06/07 17:15:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/05/26 15:21:06 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/06/07 14:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/03/16 06:31:31 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/03/16 06:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Photo Navigator 1.5
[2009/05/14 06:27:08 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/03/24 23:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\DsNET Corp
[2007/06/07 14:34:45 | 000,000,000 | ---D | M] -- C:\Program Files\Encarta
[2010/07/25 08:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\Extreme Picture Finder 3
[2008/11/06 16:42:10 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2009/05/14 08:26:44 | 000,000,000 | ---D | M] -- C:\Program Files\GalleryDownloader
[2007/11/16 17:07:58 | 000,000,000 | ---D | M] -- C:\Program Files\GameTap
[2009/05/26 23:25:21 | 000,000,000 | ---D | M] -- C:\Program Files\GameTap Web Player
[2007/06/07 14:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\Gateway
[2007/06/07 15:32:25 | 000,000,000 | ---D | M] -- C:\Program Files\GetData
[2007/09/13 00:37:45 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2010/10/24 04:44:44 | 000,000,000 | ---D | M] -- C:\Program Files\ie_picture_downloader
[2010/07/08 14:15:12 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2010/04/10 18:59:50 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/06/04 11:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/04/10 19:43:15 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/04/12 12:18:48 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/14 16:40:16 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/06/07 14:42:20 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2010/07/08 14:44:21 | 000,000,000 | ---D | M] -- C:\Program Files\LG USB Booster
[2007/11/13 17:58:52 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2007/12/11 04:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2011/06/05 11:22:25 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/21 16:50:17 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/10/04 10:00:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/06/07 14:33:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/03/30 05:25:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/05/26 15:26:42 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/06/07 14:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2005
[2007/06/07 14:33:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/04 21:14:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/03/25 05:21:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2007/06/07 14:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets and Trips
[2007/06/07 14:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/06/07 14:32:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2005
[2009/05/14 09:07:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mihov Picture Downloader
[2010/08/11 21:35:26 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/06/07 17:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/07/07 15:53:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/06/17 08:42:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/05/26 15:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/06/07 15:18:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar Suite
[2007/06/17 06:48:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/07/07 15:47:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/04/28 22:58:11 | 000,000,000 | ---D | M] -- C:\Program Files\Neoretix
[2009/05/14 06:03:21 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/11/21 16:32:33 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/11/05 20:20:15 | 000,000,000 | ---D | M] -- C:\Program Files\Newsoft
[2009/05/14 08:41:47 | 000,000,000 | ---D | M] -- C:\Program Files\Nici
[2010/05/17 22:33:44 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2004/05/26 15:22:58 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/01/05 06:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\Orbitdownloader
[2011/01/14 16:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/11/06 03:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\Padus
[2008/09/08 11:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2010/09/26 18:14:17 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/12/24 15:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Participatory Culture Foundation
[2011/06/08 05:51:22 | 000,000,000 | ---D | M] -- C:\Program Files\PC Tools Security
[2008/07/21 06:54:22 | 000,000,000 | ---D | M] -- C:\Program Files\PermissionTV
[2009/05/14 08:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\PicaLoader
[2007/06/07 14:56:14 | 000,000,000 | ---D | M] -- C:\Program Files\Picture It! Premium 10
[2007/06/07 14:42:20 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2011/04/12 12:18:01 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/06/07 14:40:16 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/02/09 16:38:33 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2008/07/07 15:53:11 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/04/12 12:17:47 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2010/09/23 05:07:20 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2008/11/22 23:30:47 | 000,000,000 | ---D | M] -- C:\Program Files\Runtime Software
[2010/10/24 04:10:16 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/04/10 19:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\SnapStream Media
[2007/07/14 19:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/10/24 20:46:54 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/07/29 17:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix Windows Data Recovery
[2010/07/25 08:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Super Picture Finder Grabber
[2011/06/05 13:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/05/17 21:31:27 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/11/17 22:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\Tunatic
[2009/07/07 22:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\TVersity
[2009/07/09 23:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\TVersity Codec Pack
[2004/05/26 15:33:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/01/24 20:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\VDOWNLOADER
[2008/11/24 14:41:26 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2007/06/07 14:42:19 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2007/11/05 22:39:22 | 000,000,000 | ---D | M] -- C:\Program Files\WebCamDV
[2010/12/14 13:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/25 05:17:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/06/17 07:30:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/11/21 16:32:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/11/21 16:32:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/05/14 06:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2004/05/26 15:23:04 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/02/19 10:16:31 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap
[2008/11/06 19:26:16 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/04/10 19:02:36 | 000,000,000 | ---D | M] -- C:\Program Files\WinTV
[2009/12/24 17:37:17 | 000,000,000 | ---D | M] -- C:\Program Files\XBMC
[2004/05/26 15:26:42 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/07/14 19:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2009/10/03 12:11:19 | 000,015,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\afomesenus.dll
[2009/10/03 12:11:19 | 000,013,983 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\asuhenodac._dl
[2009/10/03 12:11:20 | 000,010,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\azyb.dl
[2009/05/11 10:20:58 | 000,000,029 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2004/05/26 08:14:28 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/05/11 10:14:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\downloads.m3u
[2010/09/23 05:17:27 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Rim.Desktop.Exception.log
[2010/09/23 05:03:07 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Rim.Desktop.HttpServerSetup.log
[2009/10/03 12:11:19 | 000,015,066 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\sicim.ban
[2011/06/05 09:57:22 | 000,030,958 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat

< MD5 for: AGP440.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 07-06-07 1221\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 07-06-07 1221\WINDOWS\I386\sp2.cab:AGP440.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/21 16:22:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/11/21 16:22:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\My Backup -- 07-06-07 1221\WINDOWS\system32\dllcache\agp440.sys
[2004/08/04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\My Backup -- 07-06-07 1221\WINDOWS\system32\drivers\AGP440.SYS
[2004/08/04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 07-06-07 1221\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 07-06-07 1221\WINDOWS\I386\sp2.cab:atapi.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/21 16:22:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/11/21 16:22:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 07-06-07 1221\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 07-06-07 1221\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 07-06-07 1221\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 07-06-07 1221\WINDOWS\I386\sp2.cab:disk.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/21 16:22:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/11/21 16:22:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\My Backup -- 07-06-07 1221\WINDOWS\system32\drivers\disk.sys
[2004/08/04 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\My Backup -- 07-06-07 1221\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\My Backup -- 07-06-07 1221\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\My Backup -- 07-06-07 1221\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 07-06-07 1221\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 07-06-07 1221\WINDOWS\I386\sp2.cab:usbstor.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/11/21 16:22:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2008/11/21 16:22:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 01:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\My Backup -- 07-06-07 1221\WINDOWS\system32\drivers\USBSTOR.SYS
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-05 02:22:40

========== Alternate Data Streams ==========

@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

< End of report >


	Logged

spinner456

Jr. Member

Posts: 56

Re: MS removal tool virus

« Reply #14 on: June 08, 2011, 04:37:36 PM »

OTL Extras logfile created on: 6/8/2011 3:50:21 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.92% Memory free
2.38 Gb Paging File | 1.59 Gb Available in Paging File | 66.48% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.67 Gb Total Space | 44.56 Gb Free Space | 24.53% Space Free | Partition Type: NTFS
Drive D: | 4.63 Gb Total Space | 1.25 Gb Free Space | 27.02% Space Free | Partition Type: FAT32
Drive K: | 1863.02 Gb Total Space | 19.93 Gb Free Space | 1.07% Space Free | Partition Type: NTFS

Computer Name: DAKNEL | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"58784:TCP" = 58784:TCP:*:Enabled:Pando
"58784:UDP" = 58784:UDP:*:Enabled:Pando

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Pando Networks\Pando\Pando.exe" = C:\Program Files\Pando Networks\Pando\Pando.exe:*:Enabled:Pando -- (Pando Networks)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0c1917a2-a2d3-4314-96e5-e66d6f36a338}" = Activation (Nero 9)
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 23
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64630268-1833-4461-9EC3-857EEB8A0540}" = DiskExplorer for NTFS
"{67E158AF-8856-4337-B483-EA21930786AF}" = GameTap
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68DB5366-1481-4277-B3A9-DA63A279DB29}" = TubeHunter
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}" = MSN Search Toolbar
"{7FEEF9D5-0633-4A74-820C-A9EF541F4CC6}" = RAID Reconstructor
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{a1aad9a8-e194-4f6d-bd9b-38a37400f975}" = Nero 9
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C005B774-1D6C-41E0-9D7C-290ABDA7115C}" = Captain Nemo Pro
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C538E5-524C-4253-AA74-0EEEF34990EA}" = DiscJuggler
"{C75EE24E-AFF2-4A0A-A394-CED3DE255ECC}" = McAfee AntiSpyware
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.12
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CC40FA96-9445-4EF4-8DDB-5DADF5F01BA8}" = AVG 2011
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FA0BC743-0C8D-40C1-A074-BD4825A75A77}" = TubeHunter Ultra
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Abacre Photo Downloader_is1" = Abacre Photo Downloader 2.0
"abgx360" = abgx360 v1.0.2
"AC3Filter" = AC3Filter (remove only)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"ATT-PRT22" = ATT-PRT22
"AVG" = AVG 2011
"Beyond TV" = SnapStream Beyond TV 4.9.2
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Canon MP240 series User Registration" = Canon MP240 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CDRoller_is1" = CDRoller version 7.61
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Extreme Picture Finder_is1" = Extreme Picture Finder 3.12
"FileZilla Client" = FileZilla Client 3.0.9.3
"Firefly Mini" = SnapStream Firefly Mini 1.0.2
"Gallery Downloader_is1" = Gallery Downloader 1.20.0.105
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster
"here! Networks Player_is1" = here! Networks Player Version 2.21
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"LG USB Booster_is1" = Booster 1.03
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mihov Picture Downloader" = Mihov Picture Downloader 1.4 (remove only)
"Miro" = Miro
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nici_is1" = Nici v2.10
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OWC WebCamDV" = OrangeWare WebCamDV
"Panda ActiveScan" = Panda ActiveScan
"Panda ActiveScan Pro" = Panda ActiveScan Pro
"PermissionTV Download Manager_is1" = PermissionTV Download Manager
"PicaLoader" = PicaLoader 1.7.1
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"Port Magic" = Pure Networks Port Magic
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Recover My Files_is1" = Recover My Files
"RegCure" = RegCure 1.5.0.0
"Spyware Doctor" = Spyware Doctor 8.0
"Stellar Phoenix Windows Data Recovery_is1" = Stellar Phoenix Windows Data Recovery V4.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Super Picture Finder Grabber_is1" = Super Picture Finder Grabber 4.15
"Tunatic" = Tunatic
"TVersity Media Server " = TVersity Media Server 1.6 Beta
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.4a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2011 7:40:59 PM | Computer Name = DAKNEL | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 6/1/2011 6:27:27 AM | Computer Name = DAKNEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4127, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 6/5/2011 1:06:43 PM | Computer Name = DAKNEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4127, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 6/5/2011 2:05:12 PM | Computer Name = DAKNEL | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 6/5/2011 2:24:19 PM | Computer Name = DAKNEL | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 6/6/2011 7:46:48 AM | Computer Name = DAKNEL | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x636faa09.

Error - 6/6/2011 7:46:53 AM | Computer Name = DAKNEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4127, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 6/6/2011 7:29:53 PM | Computer Name = DAKNEL | Source = Application Error | ID = 1000
Description = Faulting application alg.exe, version 5.1.2600.5512, faulting module
PCTLsp.dll, version 0.0.0.0, fault address 0x00004a29.

Error - 6/7/2011 7:45:27 AM | Computer Name = DAKNEL | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 6/7/2011 7:48:33 AM | Computer Name = DAKNEL | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 6/7/2011 6:07:16 PM | Computer Name = DAKNEL | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 6/7/2011 6:09:19 PM | Computer Name = DAKNEL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 6/7/2011 6:09:36 PM | Computer Name = DAKNEL | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 6/7/2011 6:09:36 PM | Computer Name = DAKNEL | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 6/7/2011 6:10:09 PM | Computer Name = DAKNEL | Source = DCOM | ID = 10010
Description = The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register
with DCOM within the required timeout.

Error - 6/7/2011 6:10:27 PM | Computer Name = DAKNEL | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 6/7/2011 6:10:27 PM | Computer Name = DAKNEL | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 6/7/2011 6:11:07 PM | Computer Name = DAKNEL | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 6/7/2011 6:11:07 PM | Computer Name = DAKNEL | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 6/7/2011 6:11:47 PM | Computer Name = DAKNEL | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

< End of report >


	Logged

Pages: [1] 2

« previous next »