# Help getting rid of Clicksor



## Clicksorhater (Sep 2, 2010)

As you can see from my name, I hate Clicksor. This just started affecting me within the last day or so. PLEASE HELP!!

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:10:24 PM, on 9/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Tyan Computer Corp\Tyan System Monitor Server Agent\TSMDataEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\hijackthis.exe

O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguard-pro.com
O1 - Hosts: 91.212.127.226 www.osguard-pro.com
O1 - Hosts: antivirsystem.com
O1 - Hosts: inetavirus.com
O1 - Hosts: antivirwin2009.com
O1 - Hosts: antivir2009pro.com
O1 - Hosts: antivirussys2009.com
O1 - Hosts: scan-spyware-now.com
O1 - Hosts: osadwarekill.com
O1 - Hosts: osawarepro.com
O1 - Hosts: virusermoverpro.com
O1 - Hosts: awareremover.com
O1 - Hosts: antivir-platinum.com
O1 - Hosts: antivirplatinum.com
O1 - Hosts: windows-shield.com
O1 - Hosts: winshield2009.com
O1 - Hosts: os-guard.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150810866375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: sebowowa.dll c:\windows\system32\wejuwava.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98a5597189556) (gupdate1c98a5597189556) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (lvprcsrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (nero backitup scheduler 4.0) - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: SentinelLM - Rainbow Technologies, Inc. - C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TSMDataEngine - Tyan Computer Corp - C:\Program Files\Tyan Computer Corp\Tyan System Monitor Server Agent\TSMDataEngine.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 12605 bytes

DDS:

DDS (Ver_10-03-17.01) - NTFSx86 
Run by Administrator at 16:11:02.53 on Thu 09/02/2010
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1123 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Tyan Computer Corp\Tyan System Monitor Server Agent\TSMDataEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aliass~1.lnk - c:\program files\alias\alias sketchbook pro 1.1\AliasSketchSnap.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\sandisk\sandisk transfermate\SD Monitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150810866375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: sebowowa.dll c:\windows\system32\wejuwava.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli raganapo.dll
Hosts: 91.212.127.226 osguard-pro.com
Hosts: 91.212.127.226 www.osguard-pro.com

============= SERVICES / DRIVERS ===============

R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [2005-1-20 27648]
R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [2005-1-20 29696]
R0 AMDEIDE;AMD EIDE Driver;c:\windows\system32\drivers\AmdEide.sys [2005-1-20 38400]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-23 207280]
R0 si3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\si3114.sys [2003-9-3 54872]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2003-6-9 10112]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-24 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-24 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-24 243024]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 IPMI_Driver;IPMI_Driver;c:\windows\system32\drivers\ipmidrv.sys [2005-1-20 8064]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-23 358600]
R2 SentinelLM;SentinelLM;c:\program files\rainbow technologies\sentinellm 7.2.0 server\english\lservnt.exe [2007-2-23 675840]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]
R2 TSMDataEngine;TSMDataEngine;c:\program files\tyan computer corp\tyan system monitor server agent\TSMDataEngine.exe [2005-1-20 98304]
R2 tyansmb;tyansmb;c:\windows\system32\drivers\tyansmb.sys [2005-1-20 15103]
S1 7f3bf97f;7f3bf97f;c:\windows\system32\drivers\7f3bf97f.sys --> c:\windows\system32\drivers\7f3bf97f.sys [?]
S1 a6e0d940;a6e0d940;c:\windows\system32\drivers\a6e0d940.sys --> c:\windows\system32\drivers\a6e0d940.sys [?]
S1 af97b5c1;af97b5c1;c:\windows\system32\drivers\af97b5c1.sys --> c:\windows\system32\drivers\af97b5c1.sys [?]
S1 cf5dd7fd;cf5dd7fd;c:\windows\system32\drivers\cf5dd7fd.sys --> c:\windows\system32\drivers\cf5dd7fd.sys [?]
S2 gupdate1c98a5597189556;Google Update Service (gupdate1c98a5597189556);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2007-8-7 49377]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2010-09-02 22:59:04	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-02 18:41:25	0	d-----w-	c:\program files\Trend Micro
2010-09-01 22:49:20	0	d-----w-	c:\windows\system32\wbem\Repository
2010-09-01 22:48:44	0	d-----w-	c:\program files\Realtek AC97
2010-08-27 16:11:08	0	d-----w-	c:\program files\Realtek AC97(2)
2010-08-14 06:25:54	0	d-----w-	c:\program files\common files\Macrovision Shared

==================== Find3M ====================

2010-09-02 19:15:34	2992	----a-w-	c:\windows\system32\tmp.reg
2010-07-15 15:36:13	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:36:11	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-07-15 15:35:36	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2003-08-05 19:41:44	53248	----a-w-	c:\windows\inf\ap561.exe
2003-05-08 16:16:14	811520	----a-w-	c:\program files\mayaNetRenderClent.exe
2003-05-08 14:32:58	869376	----a-w-	c:\program files\mayaNetRenderServer.exe
2002-11-27 00:24:58	32768	----a-w-	c:\windows\inf\Remove561.exe
2002-11-22 23:56:52	118784	----a-w-	c:\windows\inf\ShowBmp.exe
2002-10-30 02:07:44	36864	----a-w-	c:\windows\inf\Setup8a.exe
2002-10-01 22:43:32	119798	----a-w-	c:\windows\inf\spca561.sys

============= FINISH: 16:12:25.89 ===============

GMER Log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2010-09-02 17:02:33
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT 899D51B8 ZwConnectPort

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) ADB6316D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) ADB62FC2

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{60778762-8BE2-5BE8-74B1F534DECE7DD7}\{033814D8-F5F0-69C3-B63A6822FA3F97AC}\{BB1878CD-9C66-F7AC-793F8981AF2E0354} 
Reg HKLM\SOFTWARE\Classes\CLSID\{60778762-8BE2-5BE8-74B1F534DECE7DD7}\{033814D8-F5F0-69C3-B63A6822FA3F97AC}\{BB1878CD-9C66-F7AC-793F8981AF2E0354}@63AUOURV1X6YIYB2ELIFO4LTRC1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7FA7DB51-4296-4DCE-E915E900AF1A706F}\{6ECD6E35-CD02-B6E7-116E97829ECA1B77}\{2BCFFA55-7302-F76B-60625DCE35F7A6E2} 
Reg HKLM\SOFTWARE\Classes\CLSID\{7FA7DB51-4296-4DCE-E915E900AF1A706F}\{6ECD6E35-CD02-B6E7-116E97829ECA1B77}\{2BCFFA55-7302-F76B-60625DCE35F7A6E2}@63AUOURV1X6YIYB2ELIFO4LTRC1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version 
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\[email protected] 0x9F 0xE6 0x84 0x5A ...

---- EOF - GMER 1.0.14 ----


----------



## Clicksorhater (Sep 2, 2010)

Bump!

I've contacted Clicksor to ask about removal, but no response (surprise). I did find some stuff online about removal, but it looks like that is only about removing their code from your personal blog. That's not helpful to me.

Thanks in advance!


----------



## Clicksorhater (Sep 2, 2010)

Nobody? I'm hoping it's because of the holiday weekend in the US and not the fact that nobody can help me.


----------



## dvk01 (Dec 14, 2002)

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​
Download ComboFix from *Here* or *Here*to your Desktop.

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this 
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" * for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. *

Please tell us if it has cured the problems or if there are any outstanding issues


----------



## Clicksorhater (Sep 2, 2010)

OK, I did all that, but when I try to run ComboFix.exe, I get the standard Open File Security Warning message that the publisher could not be verified. The software does not install.

I'm going to try booting in Safe Mode and installing. I'll let you know how I make out.


----------



## Clicksorhater (Sep 2, 2010)

I got Combo Fix to run. I had to rename it to KomboFix.exe. It was just hanging before.

The problems are still there, with Clicksor ads popping up on nearly every site I visit. Here are the contents of ComboFix.txt:

ComboFix 10-09-06.03 - Administrator 09/06/2010 14:45:44.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1731 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\KomboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\g2mdlhlpx.exe
C:\Thumbs.db
c:\windows\system32\fonts
c:\windows\system32\fonts\a010013l.afm
c:\windows\system32\fonts\a010013l.pfb
c:\windows\system32\fonts\a010013l.pfm
c:\windows\system32\fonts\a010015l.afm
c:\windows\system32\fonts\a010015l.pfb
c:\windows\system32\fonts\a010015l.pfm
c:\windows\system32\fonts\a010033l.afm
c:\windows\system32\fonts\a010033l.pfb
c:\windows\system32\fonts\a010033l.pfm
c:\windows\system32\fonts\a010035l.afm
c:\windows\system32\fonts\a010035l.pfb
c:\windows\system32\fonts\a010035l.pfm
c:\windows\system32\fonts\b018012l.afm
c:\windows\system32\fonts\b018012l.pfb
c:\windows\system32\fonts\b018012l.pfm
c:\windows\system32\fonts\b018015l.afm
c:\windows\system32\fonts\b018015l.pfb
c:\windows\system32\fonts\b018015l.pfm
c:\windows\system32\fonts\b018032l.afm
c:\windows\system32\fonts\b018032l.pfb
c:\windows\system32\fonts\b018032l.pfm
c:\windows\system32\fonts\b018035l.afm
c:\windows\system32\fonts\b018035l.pfb
c:\windows\system32\fonts\b018035l.pfm
c:\windows\system32\fonts\c059013l.afm
c:\windows\system32\fonts\c059013l.pfb
c:\windows\system32\fonts\c059013l.pfm
c:\windows\system32\fonts\c059016l.afm
c:\windows\system32\fonts\c059016l.pfb
c:\windows\system32\fonts\c059016l.pfm
c:\windows\system32\fonts\c059033l.afm
c:\windows\system32\fonts\c059033l.pfb
c:\windows\system32\fonts\c059033l.pfm
c:\windows\system32\fonts\c059036l.afm
c:\windows\system32\fonts\c059036l.pfb
c:\windows\system32\fonts\c059036l.pfm
c:\windows\system32\fonts\d050000l.afm
c:\windows\system32\fonts\d050000l.pfb
c:\windows\system32\fonts\d050000l.pfm
c:\windows\system32\fonts\fonts.dir
c:\windows\system32\fonts\fonts.scale
c:\windows\system32\fonts\n019003l.afm
c:\windows\system32\fonts\n019003l.pfb
c:\windows\system32\fonts\n019003l.pfm
c:\windows\system32\fonts\n019004l.afm
c:\windows\system32\fonts\n019004l.pfb
c:\windows\system32\fonts\n019004l.pfm
c:\windows\system32\fonts\n019023l.afm
c:\windows\system32\fonts\n019023l.pfb
c:\windows\system32\fonts\n019023l.pfm
c:\windows\system32\fonts\n019024l.afm
c:\windows\system32\fonts\n019024l.pfb
c:\windows\system32\fonts\n019024l.pfm
c:\windows\system32\fonts\n019043l.afm
c:\windows\system32\fonts\n019043l.pfb
c:\windows\system32\fonts\n019043l.pfm
c:\windows\system32\fonts\n019044l.afm
c:\windows\system32\fonts\n019044l.pfb
c:\windows\system32\fonts\n019044l.pfm
c:\windows\system32\fonts\n019063l.afm
c:\windows\system32\fonts\n019063l.pfb
c:\windows\system32\fonts\n019063l.pfm
c:\windows\system32\fonts\n019064l.afm
c:\windows\system32\fonts\n019064l.pfb
c:\windows\system32\fonts\n019064l.pfm
c:\windows\system32\fonts\n021003l.afm
c:\windows\system32\fonts\n021003l.pfb
c:\windows\system32\fonts\n021003l.pfm
c:\windows\system32\fonts\n021004l.afm
c:\windows\system32\fonts\n021004l.pfb
c:\windows\system32\fonts\n021004l.pfm
c:\windows\system32\fonts\n021023l.afm
c:\windows\system32\fonts\n021023l.pfb
c:\windows\system32\fonts\n021023l.pfm
c:\windows\system32\fonts\n021024l.afm
c:\windows\system32\fonts\n021024l.pfb
c:\windows\system32\fonts\n021024l.pfm
c:\windows\system32\fonts\n022003l.afm
c:\windows\system32\fonts\n022003l.pfb
c:\windows\system32\fonts\n022003l.pfm
c:\windows\system32\fonts\n022004l.afm
c:\windows\system32\fonts\n022004l.pfb
c:\windows\system32\fonts\n022004l.pfm
c:\windows\system32\fonts\n022023l.afm
c:\windows\system32\fonts\n022023l.pfb
c:\windows\system32\fonts\n022023l.pfm
c:\windows\system32\fonts\n022024l.afm
c:\windows\system32\fonts\n022024l.pfb
c:\windows\system32\fonts\n022024l.pfm
c:\windows\system32\fonts\p052003l.afm
c:\windows\system32\fonts\p052003l.pfb
c:\windows\system32\fonts\p052003l.pfm
c:\windows\system32\fonts\p052004l.afm
c:\windows\system32\fonts\p052004l.pfb
c:\windows\system32\fonts\p052004l.pfm
c:\windows\system32\fonts\p052023l.afm
c:\windows\system32\fonts\p052023l.pfb
c:\windows\system32\fonts\p052023l.pfm
c:\windows\system32\fonts\p052024l.afm
c:\windows\system32\fonts\p052024l.pfb
c:\windows\system32\fonts\p052024l.pfm
c:\windows\system32\fonts\s050000l.afm
c:\windows\system32\fonts\s050000l.pfb
c:\windows\system32\fonts\s050000l.pfm
c:\windows\system32\fonts\uninstal.txt
c:\windows\system32\fonts\z003034l.afm
c:\windows\system32\fonts\z003034l.pfb
c:\windows\system32\fonts\z003034l.pfm
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\tmp.reg
c:\windows\system32\tmpPrst.dll

Infected copy of c:\windows\system32\drivers\pci.sys was found and disinfected 
Restored copy from - Kitty had a snack  
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDRIVER
-------\Service_WinDriver
-------\Legacy_glaide32

((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-06 21:53 . 2010-09-06 22:00	--------	d-----w-	c:\windows\LastGood
2010-09-06 21:52 . 2010-09-06 22:07	0	----a-w-	c:\windows\system32\lsprst7.dll
2010-09-06 21:52 . 2010-09-06 21:52	73	----a-w-	c:\windows\system32\nsprs.dll
2010-09-06 21:52 . 2010-09-06 21:52	0	----a-w-	c:\windows\system32\tmpPrst.dll
2010-09-06 20:15 . 2010-09-06 21:11	--------	d-----w-	C:\KomboFix
2010-09-06 07:09 . 2010-09-06 07:09	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2010-09-06 03:11 . 2010-05-21 21:14	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-09-06 03:00 . 2010-09-06 03:00	--------	d-----w-	c:\program files\Windows Defender
2010-09-04 06:58 . 2010-08-12 12:15	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-09-04 04:20 . 2010-08-12 12:15	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-09-04 04:19 . 2010-09-04 04:19	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-09-04 03:49 . 2010-09-04 03:49	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Sunbelt Software
2010-09-04 03:48 . 2010-09-04 03:48	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-02 22:59 . 2010-07-17 12:00	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-02 18:41 . 2010-09-02 18:41	--------	d-----w-	c:\program files\Trend Micro
2010-09-01 22:49 . 2010-09-01 22:49	--------	d-----w-	c:\windows\system32\wbem\Repository
2010-09-01 22:48 . 2010-09-01 22:48	--------	d-----w-	c:\program files\Realtek AC97
2010-08-27 16:11 . 2010-09-01 22:48	--------	d-----w-	c:\program files\Realtek AC97(2)
2010-08-14 07:09 . 2010-08-14 07:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\FLEXnet
2010-08-14 06:35 . 2010-08-14 06:35	--------	d-----w-	c:\program files\Adobe Media Player
2010-08-14 06:32 . 2010-08-14 06:32	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-08-14 06:25 . 2010-08-14 06:25	--------	d-----w-	c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 21:52 . 2005-05-02 22:45	342	----a-w-	c:\windows\system32\tablet.dat
2010-09-06 04:50 . 2008-05-15 02:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Google Updater
2010-09-06 02:34 . 2010-01-06 03:54	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Skype
2010-09-06 00:50 . 2010-01-06 03:56	--------	d-----w-	c:\documents and settings\Administrator\Application Data\skypePM
2010-09-06 00:50 . 2009-09-15 07:23	0	----a-w-	c:\windows\system32\drivers\lvuvc.hs
2010-09-06 00:49 . 2009-09-15 07:23	0	----a-w-	c:\windows\system32\drivers\logiflt.iad
2010-09-04 18:49 . 2006-06-14 07:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-04 03:48 . 2008-12-26 03:10	--------	d-----w-	c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-04 03:48 . 2006-06-14 07:13	--------	d-----w-	c:\program files\Lavasoft
2010-09-04 03:48 . 2005-01-20 19:50	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-09-03 02:19 . 2009-09-17 07:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Nero
2010-09-03 02:19 . 2009-09-17 07:18	--------	d-----w-	c:\program files\Common Files\Nero
2010-09-03 02:12 . 2009-09-17 07:18	--------	d-----w-	c:\program files\Nero
2010-09-03 02:10 . 2009-08-27 07:13	--------	d-----w-	c:\program files\EA Games
2010-09-02 22:59 . 2005-10-03 20:10	--------	d-----w-	c:\program files\Common Files\Java
2010-09-02 22:59 . 2005-10-03 20:11	--------	d-----w-	c:\program files\Java
2010-09-02 19:53 . 2008-12-26 03:12	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-02 18:38 . 2005-05-03 23:10	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Media Player Classic
2010-09-02 18:35 . 2008-12-20 07:38	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-09-02 05:22 . 2006-06-14 07:28	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-08-24 07:03 . 2005-04-23 15:29	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-08-19 01:38 . 2009-12-06 06:55	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Sony Online Entertainment
2010-08-14 07:10 . 2005-01-20 19:47	56192	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-14 06:48 . 2005-04-29 21:05	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-12 03:59 . 2009-05-15 04:08	--------	d-----w-	c:\program files\PAP40
2010-07-23 14:55 . 2009-09-17 07:33	--------	d-----w-	c:\program files\YouTube Downloader
2010-07-15 15:36 . 2009-08-25 05:04	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:36 . 2010-07-15 15:36	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-07-15 15:35 . 2009-08-25 05:04	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2003-05-08 16:16 . 2005-12-18 03:44	811520	----a-w-	c:\program files\mayaNetRenderClent.exe
2003-05-08 14:32 . 2005-12-18 03:44	869376	----a-w-	c:\program files\mayaNetRenderServer.exe
2006-10-31 15:58 . 2006-10-31 15:58	13386	----a-w-	c:\program files\mozilla firefox\plugins\atgpcdec.dll
2006-10-31 15:58 . 2006-10-31 15:58	92746	----a-w-	c:\program files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-04 7204864]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Alias SketchBook Snapshot.lnk - c:\program files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe [2005-1-17 225280]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-9-1 114688]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-12-4 77824]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-9-17 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 15:36	12536	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.sys

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alias SketchBook Snapshot.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk
backup=c:\windows\pss\Alias SketchBook Snapshot.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-04 08:49	318096	----a-w-	c:\program files\Carbonite\CarbonitePreinstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-04 22:28	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-30 17:47	289064	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-11-04 16:38	7204864	----a-w-	c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-11-04 16:38	86016	----a-w-	c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-11-04 16:38	1519616	----a-w-	c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-06-03 07:52	36975	----a-w-	c:\program files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2005-05-26 17:59	100056	----a-w-	c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Flash MX\\Flash.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\NDRServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Next Limit\\RealFlow4\\realflow.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Autodesk\\Maya2009\\bin\\maya.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\UT2004\\System\\UT2004.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Sony Online Entertainment\\Installed Games\\Clone Wars\\CloneWars.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [1/20/2005 12:52 PM 27648]
R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [1/20/2005 12:53 PM 29696]
R0 AMDEIDE;AMD EIDE Driver;c:\windows\system32\drivers\AmdEide.sys [1/20/2005 12:53 PM 38400]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/3/2010 9:20 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/23/2009 12:42 PM 207280]
R0 si3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\si3114.sys [9/3/2003 5:05 AM 54872]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [6/9/2003 10:56 AM 10112]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/24/2009 10:04 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/24/2009 10:04 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 8:36 AM 308136]
R2 IPMI_Driver;IPMI_Driver;c:\windows\system32\drivers\ipmidrv.sys [1/20/2005 2:00 PM 8064]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/23/2009 12:42 PM 358600]
R2 SentinelLM;SentinelLM;c:\program files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe [2/23/2007 12:12 PM 675840]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 5:46 AM 92008]
R2 TSMDataEngine;TSMDataEngine;c:\program files\Tyan Computer Corp\Tyan System Monitor Server Agent\TSMDataEngine.exe [1/20/2005 2:00 PM 98304]
R2 tyansmb;tyansmb;c:\windows\system32\drivers\tyansmb.sys [1/20/2005 2:00 PM 15103]
S1 7f3bf97f;7f3bf97f;c:\windows\system32\drivers\7f3bf97f.sys --> c:\windows\system32\drivers\7f3bf97f.sys [?]
S1 a6e0d940;a6e0d940;c:\windows\system32\drivers\a6e0d940.sys --> c:\windows\system32\drivers\a6e0d940.sys [?]
S1 af97b5c1;af97b5c1;c:\windows\system32\drivers\af97b5c1.sys --> c:\windows\system32\drivers\af97b5c1.sys [?]
S1 cf5dd7fd;cf5dd7fd;c:\windows\system32\drivers\cf5dd7fd.sys --> c:\windows\system32\drivers\cf5dd7fd.sys [?]
S2 gupdate1c98a5597189556;Google Update Service (gupdate1c98a5597189556);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2009 6:27 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 5:15 AM 1355928]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 5:15 AM 15008]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [8/7/2007 9:17 AM 49377]
.
Contents of the 'Scheduled Tasks' folder

2010-09-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 04:19]

2010-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-15 15:52]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 01:27]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 01:27]

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-372829268-496393314-3364022493-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:09]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-372829268-496393314-3364022493-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKLM-Run-AVG7_CC - (no file)
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 15:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,4f,13,f6,d5,90,e4,42,a1,8f,c5,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,4f,13,f6,d5,90,e4,42,a1,8f,c5,\

[HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_19_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_21_0_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{60778762-8BE2-5BE8-74B1F534DECE7DD7}\{033814D8-F5F0-69C3-B63A6822FA3F97AC}\{BB1878CD-9C66-F7AC-793F8981AF2E0354}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7FA7DB51-4296-4DCE-E915E900AF1A706F}\{6ECD6E35-CD02-B6E7-116E97829ECA1B77}\{2BCFFA55-7302-F76B-60625DCE35F7A6E2}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:9f,e6,84,5a,36,0c,ce,e2,39,27,d3,98,49,06,16,44,60,de,4d,bf,9b,
4a,d2,73,9f,a0,c7,cf,d8,e3,a1,53,0c,1a,4f,3f,6f,b8,66,74,47,6a,72,dc,45,2d,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"91A14B995DF7C0B42ABAA16065968F3A"="c:\\Program Files\\Alias\\Maya7.0\\presets\\Ashli\\"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"91A14B995DF7C0B42ABAA16065968F3A"="c:\\Program Files\\Alias\\Maya7.0\\presets\\Ashli\\"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9f,e6,84,5a,36,0c,ce,e2,39,27,d3,98,49,06,16,44,60,de,4d,bf,9b,
4a,d2,73,9f,a0,c7,cf,d8,e3,a1,53,0c,1a,4f,3f,6f,b8,66,74,47,6a,72,dc,45,2d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4300)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\Administrator\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\system32\tabhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Alias\Maya7.0\docs\wrapper.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alias\Maya7.0\docs\jre\bin\java.exe
c:\windows\system32\Tablet.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-06 15:18:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-06 22:18

Pre-Run: 4,620,435,456 bytes free
Post-Run: 4,153,688,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A1A62FCAB65F4A9ADF198F50E3835AF6


----------



## dvk01 (Dec 14, 2002)

I need to examine a couple of files

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press *SAVE * and choose desktop in the list of selections in that window & press save)
*Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished *
Close any open browsers 
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply

*Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum *

This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

or to 
http://www.bleepingcomputer.com/submit-malware.php?channel=38

then

Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

post back with its log


----------



## Clicksorhater (Sep 2, 2010)

The zip file has been uploaded to the forum you linked to. Here is the log from tdss killer:


2010/09/07 22:53:19.0828	TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/07 22:53:19.0828	================================================================================
2010/09/07 22:53:19.0828	SystemInfo:
2010/09/07 22:53:19.0828	
2010/09/07 22:53:19.0828	OS Version: 5.1.2600 ServicePack: 3.0
2010/09/07 22:53:19.0828	Product type: Workstation
2010/09/07 22:53:19.0828	ComputerName: GRUMPY
2010/09/07 22:53:19.0828	UserName: Administrator
2010/09/07 22:53:19.0828	Windows directory: C:\WINDOWS
2010/09/07 22:53:19.0828	System windows directory: C:\WINDOWS
2010/09/07 22:53:19.0828	Processor architecture: Intel x86
2010/09/07 22:53:19.0828	Number of processors: 2
2010/09/07 22:53:19.0828	Page size: 0x1000
2010/09/07 22:53:19.0828	Boot type: Normal boot
2010/09/07 22:53:19.0828	================================================================================
2010/09/07 22:53:20.0031	Initialize success
2010/09/07 22:53:23.0562	================================================================================
2010/09/07 22:53:23.0562	Scan started
2010/09/07 22:53:23.0562	Mode: Manual;
2010/09/07 22:53:23.0562	================================================================================
2010/09/07 22:53:24.0156	61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/09/07 22:53:24.0250	ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/07 22:53:24.0328	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/07 22:53:24.0375	adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2010/09/07 22:53:24.0437	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/07 22:53:24.0500	AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/07 22:53:24.0609	ALCXSENS (a9355a51698f6901b362ef738b15631d) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2010/09/07 22:53:24.0765	ALCXWDM (00696c0ab6aaba7fd4e64ab61be95f6a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/09/07 22:53:24.0984	amdagp8p (d5bcc5dd747fdd6ad1a5b3fa2bdbb5fa) C:\WINDOWS\system32\DRIVERS\amdagp8p.sys
2010/09/07 22:53:25.0031	amdbusdr (08f9104cf52a2d27449b389ce8f8e4d2) C:\WINDOWS\system32\DRIVERS\amdbusdr.sys
2010/09/07 22:53:25.0046	AMDEIDE (5164e59f34fb6284e58fb8331ba51a1d) C:\WINDOWS\system32\DRIVERS\AmdEide.sys
2010/09/07 22:53:25.0140	Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/07 22:53:25.0250	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/07 22:53:25.0296	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/07 22:53:25.0343	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/07 22:53:25.0421	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/07 22:53:25.0468	Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/09/07 22:53:25.0500	AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/09/07 22:53:25.0515	AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/09/07 22:53:25.0546	AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/09/07 22:53:25.0609	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/07 22:53:25.0687	CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\WINDOWS\system32\Drivers\SPCA561.SYS
2010/09/07 22:53:25.0796	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/07 22:53:25.0890	CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/07 22:53:25.0968	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/07 22:53:25.0984	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/07 22:53:26.0046	Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/07 22:53:26.0171	CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/09/07 22:53:26.0234	CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2010/09/07 22:53:26.0343	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/07 22:53:26.0406	dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/07 22:53:26.0453	dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/07 22:53:26.0484	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/07 22:53:26.0515	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/07 22:53:26.0562	DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/09/07 22:53:26.0671	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/07 22:53:26.0734	E1000 (73c0eef62ad50c7ff7a4b1ec9321af9f) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/09/07 22:53:26.0781	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/07 22:53:26.0796	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/07 22:53:26.0843	filterservice (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/09/07 22:53:26.0937	Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/07 22:53:26.0968	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/07 22:53:27.0031	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/07 22:53:27.0062	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/07 22:53:27.0093	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/07 22:53:27.0125	gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/09/07 22:53:27.0171	GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/07 22:53:27.0218	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/07 22:53:27.0281	Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
2010/09/07 22:53:27.0343	Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2010/09/07 22:53:27.0390	HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/07 22:53:27.0437	HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/07 22:53:27.0468	HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/07 22:53:27.0484	HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/07 22:53:27.0546	HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/07 22:53:27.0656	i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/07 22:53:27.0703	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/07 22:53:27.0812	Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/07 22:53:27.0859	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/07 22:53:27.0921	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/07 22:53:27.0953	IPMI_Driver (1d23e65416c9af39c0acbcbe4a5b21ff) C:\WINDOWS\system32\Drivers\ipmidrv.sys
2010/09/07 22:53:27.0984	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/07 22:53:28.0046	IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/07 22:53:28.0093	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/07 22:53:28.0109	isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/07 22:53:28.0140	Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/07 22:53:28.0203	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/07 22:53:28.0234	KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/07 22:53:28.0343	Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/09/07 22:53:28.0421	Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/09/07 22:53:28.0500	lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2010/09/07 22:53:28.0546	lvpr2mon (c57c48fb9ae3efb9848af594e3123a63) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/09/07 22:53:28.0578	lvrs (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/09/07 22:53:28.0781	lvuvc (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/09/07 22:53:29.0031	mamotou (bc5dc4e94494d72acf20f4fa64ea44bf) C:\WINDOWS\system32\DRIVERS\mamotou.sys
2010/09/07 22:53:29.0078	MaVctrl (8181ceb341cbb2f7f893f85b915d5e15) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2010/09/07 22:53:29.0125	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/07 22:53:29.0187	Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/07 22:53:29.0250	Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/07 22:53:29.0312	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/07 22:53:29.0328	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/07 22:53:29.0375	MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/07 22:53:29.0437	MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/07 22:53:29.0531	MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/09/07 22:53:29.0546	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/07 22:53:29.0609	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/07 22:53:29.0625	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/07 22:53:29.0640	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/07 22:53:29.0687	mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/07 22:53:29.0718	MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/07 22:53:29.0734	Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/07 22:53:29.0796	NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/07 22:53:29.0875	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/07 22:53:29.0906	NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/07 22:53:29.0937	NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/07 22:53:29.0984	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/07 22:53:30.0046	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/07 22:53:30.0078	NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/07 22:53:30.0156	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/07 22:53:30.0203	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/07 22:53:30.0250	NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/07 22:53:30.0281	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/07 22:53:30.0312	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/07 22:53:30.0359	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/07 22:53:30.0484	nv (6409cd0c7c89287778cde413232511f1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/07 22:53:30.0609	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/07 22:53:30.0640	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/07 22:53:30.0687	NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/09/07 22:53:30.0718	NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/09/07 22:53:30.0734	NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/09/07 22:53:30.0796	NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2010/09/07 22:53:30.0875	ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/07 22:53:30.0921	Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/07 22:53:31.0015	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/07 22:53:31.0046	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/07 22:53:31.0078	PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/07 22:53:31.0125	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/07 22:53:31.0156	Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/07 22:53:31.0187	PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/09/07 22:53:31.0312	PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\penclass.sys
2010/09/07 22:53:31.0406	pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/09/07 22:53:31.0484	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/07 22:53:31.0515	Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/07 22:53:31.0531	PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/07 22:53:31.0562	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/07 22:53:31.0578	PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/09/07 22:53:31.0703	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/07 22:53:31.0734	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/07 22:53:31.0750	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/07 22:53:31.0796	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/07 22:53:31.0843	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/07 22:53:31.0875	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/07 22:53:31.0906	rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/07 22:53:31.0937	RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/07 22:53:31.0984	redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/07 22:53:32.0031	sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2010/09/07 22:53:32.0093	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/07 22:53:32.0171	Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2010/09/07 22:53:32.0234	serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/07 22:53:32.0296	Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/07 22:53:32.0359	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/07 22:53:32.0390	si3114 (9c67403714df81c8bdf177ce440c9d84) C:\WINDOWS\system32\drivers\si3114.sys
2010/09/07 22:53:32.0421	SiFilter (77add99b502354b5f8ee6cb55d8982e5) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2010/09/07 22:53:32.0500	SiWinAcc (77add99b502354b5f8ee6cb55d8982e5) C:\WINDOWS\system32\drivers\SiWinAcc.sys
2010/09/07 22:53:32.0531	SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/07 22:53:32.0578	Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
2010/09/07 22:53:32.0609	SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/09/07 22:53:32.0671	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/07 22:53:32.0718	sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/07 22:53:32.0796	Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/07 22:53:32.0859	streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/07 22:53:32.0890	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/07 22:53:32.0953	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/07 22:53:33.0093	SYMDNS (1f0a3f93fecba6e873e75ac34538708b) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2010/09/07 22:53:33.0156	SymEvent (84ddd3d1aee15466b38195c4d22a8194) C:\Program Files\Symantec\SYMEVENT.SYS
2010/09/07 22:53:33.0218	SYMFW (ca212638c07f7a1736667319589f416e) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2010/09/07 22:53:33.0250	SYMIDS (83a0415ab669afe9f2b7fccc52f23153) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2010/09/07 22:53:33.0281	SYMNDIS (2a8ebb694d702d91d8046b31c3da2220) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2010/09/07 22:53:33.0312	SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/09/07 22:53:33.0343	SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/09/07 22:53:33.0437	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/07 22:53:33.0515	Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/07 22:53:33.0562	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/07 22:53:33.0609	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/07 22:53:33.0640	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/07 22:53:33.0718	tyansmb (f6b5eaa93d25c4d08c384210d1863c5b) C:\WINDOWS\system32\Drivers\tyansmb.sys
2010/09/07 22:53:33.0734	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/07 22:53:33.0796	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/07 22:53:33.0859	usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/07 22:53:33.0937	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/07 22:53:33.0984	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/07 22:53:34.0015	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/07 22:53:34.0046	usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/07 22:53:34.0062	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/07 22:53:34.0093	usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/07 22:53:34.0109	USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/07 22:53:34.0125	usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/07 22:53:34.0187	usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/09/07 22:53:34.0234	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/07 22:53:34.0281	VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/07 22:53:34.0390	vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2010/09/07 22:53:34.0453	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/07 22:53:34.0546	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/07 22:53:34.0640	WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/07 22:53:34.0687	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/07 22:53:34.0718	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/07 22:53:34.0781	================================================================================
2010/09/07 22:53:34.0781	Scan finished
2010/09/07 22:53:34.0781	================================================================================


----------



## dvk01 (Dec 14, 2002)

I can't see any malware there 
What makes you think clicksor is causing your trouble

Clicksor is a website ad service that is very similar to google ads. It displays inline ads that are targetted to the content of the page you are visiting and doesn't cause pop ups or any problems 

can you tell us exactly what problems you are having 

post a new HJT log so I can check somethintg please


----------



## Clicksorhater (Sep 2, 2010)

I don;t get the Clicksor ads anytime I view pages form my machine at work, but when I'm home, the same websites have their ads replaced with Clicksor ads. They have ads with embedded movies that play automatically with audio. You can't mute them, and you can't stop them. There's also a green tab that appears to the right of the page that says "Connect". This allows you to share the page on Facebook or Twitter or whatever, but the thing is form Clicksor as well. Again, this is not a feature of the page, but only appears to me when I surf those pages from my home computers. Some pages that I'm seeing the Clicksor ads on are:

http://www.cgtalk.com

http://www.10news.com

I would guess that if you are not seeing them, then it is my machines and not the pages themselves.

Thanks so much for your efforts.

Here is my latest HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:07:22 AM, on 9/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Tyan Computer Corp\Tyan System Monitor Server Agent\TSMDataEngine.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283758294515
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18) - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98a5597189556) (gupdate1c98a5597189556) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (lvprcsrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (nero backitup scheduler 4.0) - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: SentinelLM - Rainbow Technologies, Inc. - C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TSMDataEngine - Tyan Computer Corp - C:\Program Files\Tyan Computer Corp\Tyan System Monitor Server Agent\TSMDataEngine.exe

--
End of file - 11558 bytes


----------



## dvk01 (Dec 14, 2002)

sometimes a corrupt cookie can cause this

The adverts I see on those sites come from an alternative content delivery network, but at some time in teh past, I had a simialr problem with google ads where a stuck cookie kept giving me ads from a "partner" network & not google when standard google ads should have shown up

delete all cookies & then

Download  Temp File Cleaner to your desktop
Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

If you are using Vista or Windows 7 then right click the TFC.exe & select run as Admin to allow it to work.


----------



## Clicksorhater (Sep 2, 2010)

I followed the directions to the letter, and I'm still seeing the exact same thing: Clicksor ads where there are none on my work machine (different physical location and network), and "connect" tab down the right side of the screen on many sites, including this one.

I thought it was a cookie issue at first, prior to my posting here. The usual purge did nothing.


----------



## dvk01 (Dec 14, 2002)

see if this tells us anything

download  Sunbelt Counterspy Free trial 

Save the install file to desktop and double click it to install counterspy

Once it has installed, follow the set up wizard which will automatically start, allow it to update itself

It will take a few minutes to update to the latest definitions file versions

run a full scan & when it finishes a window will open with all items found

They should all be marked as quarantine or delete by default so scroll down & check that nothing you know to be good or want to keep is detected.  Just in case of an error select Quarantine for everything rather than delete.Then just press the take action button & follow any prompts ( set anything you want to keep as ignore)

post back with it's report ( on the scan page, press view details & copy that report & paste it back here )


----------



## Clicksorhater (Sep 2, 2010)

OK. Counterspy had me download and install something form the same company called "Vipre". It looks like this is some kind of replacement product. 

I scanned with that, and it found a risk named "LooksLike.Win32.PatchedDriver!A (v)", which it has "Virus.W32" as the Risk Category. I told it to remove the risk, which it says it did. I was unable to copy paste the text from the scan.

It didn't find anything else. I'm still seeing the same issues with Clicksor instead of the normal ads I should be seeing.

Any other ideas/suggestions? Thanks in advance!


----------



## dvk01 (Dec 14, 2002)

I haven't got any real ideas but try this 
http://bugbopper.com/Wuzzup/Default.asp

it is a new program that is supposed to be much beter at detecting new & unknown malware. it won't fix anything, just detects

post back if it does find anythiung


----------



## Clicksorhater (Sep 2, 2010)

No malware found. Problems still happening with no change from when we started.


----------



## dvk01 (Dec 14, 2002)

I have absolutely no idea 

clicksor adverts should only appear on sites that specifically use them not every site 

can you post a screen shot of what is happening here so I can try & work out the cause

which browser does this happen in 

IE or firefox or only Chrome


----------



## Clicksorhater (Sep 2, 2010)

Here you go:



There's a really annoying overlay of the weather if you mouse over the Clicksor name:



Sometimes the smaller box ad in the right side plays a movie with audio that you cannot stop, mute, or skip:


Check out this last one:


ARGH!!


----------



## Clicksorhater (Sep 2, 2010)

This doesn't happen in IE, I don't have Firefox installed. Maybe I should uninstall Chrome and reinstall?


----------



## Clicksorhater (Sep 2, 2010)

Uninstall/reinstall didn't fix it, either.


----------



## dvk01 (Dec 14, 2002)

definitely something is replacing google ads with clicksor ads but only in chrome

I don't know any hijackers capable of doing that 
none of the commonly used tools, even look inside the chrome folders or settings

have you installed any extensions in chrome

lets see if this shiows us anything

have you definitely cleared all chrome cookies

Download *OTS.exe *to your Desktop 

Close any open browsers.
Double-click on *OTS.exe* to start the program.
If your Real protection or Antivirus intervenes with OTS, allow it to run.
In the *Processes * group click *ALL*
In the *modules * group click *ALL* 
In the * Services * group click *Safe List* 
In the *Drivers* group click *Safe List* 
In the *Registry * group click *ALL*
In the *Files Age* drop down box click *90 days* 
Make sure use company name white list and skip Microsoft files boxes are checked
 In the Files created and Files modified groups select *whitelist/file age *
in the *Additional scans sections* please select * Everything *and make sure safe list box is checked
Now on the toolbar at the top select "Scan all users" then click the *Run Scan* button
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file 
Use the * Reply* button and *attach the notepad file here*. I will review it when it comes in. 

It will be much too big so you will need to zip the file before it will be able to be uploaded


----------



## Clicksorhater (Sep 2, 2010)

```
OTS logfile created on: 9/10/2010 1:23:19 PM - Run 1
OTS by OldTimer - Version 3.1.36.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 2.43 Gb Free Space | 3.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GRUMPY
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
 
[Processes - All]
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/09/10 13:11:11 | 000,641,024 | ---- | M] (OldTimer Tools)
googlecrashhandler.exe -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe -> [2010/09/04 11:22:06 | 000,134,808 | ---- | M] (Google Inc.)
sbamtray.exe -> C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe -> [2010/08/20 09:24:14 | 001,348,944 | ---- | M] (Sunbelt Software)
sbamsvc.exe -> C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -> [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software)
sbpimsvc.exe -> C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -> [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2010/07/17 05:00:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
avgtray.exe -> C:\Program Files\AVG\AVG9\avgtray.exe -> [2010/07/15 08:36:13 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Program Files\AVG\AVG9\avgnsx.exe -> [2010/07/15 08:36:11 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG9\avgrsx.exe -> [2010/07/15 08:36:11 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2010/07/15 08:36:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcsrvx.exe -> C:\Program Files\AVG\AVG9\avgcsrvx.exe -> [2010/07/15 08:35:36 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgchsvx.exe -> C:\Program Files\AVG\AVG9\avgchsvx.exe -> [2010/07/15 08:35:35 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.)
jusched.exe -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.)
googlecrashhandler.exe -> C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe -> [2010/03/17 22:07:09 | 000,136,176 | ---- | M] (Google Inc.)
pnkbstra.exe -> C:\WINDOWS\system32\PnkBstrA.exe -> [2010/01/15 23:35:48 | 000,075,064 | ---- | M] ()
pctsauxs.exe -> C:\Program Files\Spyware Doctor\pctsAuxs.exe -> [2009/09/23 12:17:22 | 000,358,600 | ---- | M] (PC Tools)
tomtomhomeservice.exe -> C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -> [2009/06/03 05:46:36 | 000,092,008 | ---- | M] (TomTom)
tomtomhomerunner.exe -> C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe -> [2009/06/03 05:46:34 | 000,251,240 | ---- | M] (TomTom)
lws.exe -> C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe -> [2009/05/08 10:35:50 | 002,780,432 | ---- | M] ()
cocimanager.exe -> C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe -> [2009/05/08 10:34:08 | 000,559,888 | ---- | M] ()
lvprcsrv.exe -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.)
flvsrvc.exe -> C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe -> [2009/03/09 18:29:41 | 000,156,672 | ---- | M] (Applian Technologies, Inc.)
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
services.exe -> C:\WINDOWS\system32\services.exe -> [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2008/07/30 10:47:56 | 000,289,064 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/07/30 10:47:48 | 000,532,264 | ---- | M] (Apple Inc.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/07/22 20:42:12 | 000,116,040 | ---- | M] (Apple Inc.)
winlogon.exe -> C:\WINDOWS\system32\winlogon.exe -> [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation)
spoolsv.exe -> C:\WINDOWS\system32\spoolsv.exe -> [2008/04/13 17:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation)
smss.exe -> C:\WINDOWS\system32\smss.exe -> [2008/04/13 17:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [RPCSS] -> [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\rpcss.dll [RpcSs] -> [2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [NETWORKSERVICE] -> [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\dnsrslvr.dll [Dnscache] -> [2008/04/13 17:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [NETSVCS] -> [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\appmgmts.dll [AppMgmt] -> [2008/04/13 17:11:49 | 000,167,936 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\audiosrv.dll [AudioSrv] -> [2008/04/13 17:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\qmgr.dll [BITS] -> [2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\browser.dll [Browser] -> [2008/04/13 17:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\cryptsvc.dll [CryptSvc] -> [2008/04/13 17:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\dhcpcsvc.dll [Dhcp] -> [2008/04/13 17:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\dmserver.dll [dmserver] -> [2008/04/13 17:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.)
-> C:\WINDOWS\system32\ersvc.dll [ERSvc] -> [2008/04/13 17:11:53 | 000,023,040 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\es.dll [EventSystem] -> [2008/07/07 13:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\shsvcs.dll [FastUserSwitchingCompatibility] -> [2008/04/13 17:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [helpsvc] -> [2008/04/13 17:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\System32\hidserv.dll [HidServ] -> File not found
-> C:\WINDOWS\system32\kmsvc.dll [hkmsvc] -> [2008/04/13 17:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\srvsvc.dll [lanmanserver] -> [2008/04/13 17:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wkssvc.dll [lanmanworkstation] -> [2009/06/09 23:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\msgsvc.dll [Messenger] -> [2008/04/13 17:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\qagentrt.dll [napagent] -> [2008/04/13 17:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\netman.dll [Netman] -> [2008/04/13 17:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\mswsock.dll [Nla] -> [2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\ntmssvc.dll [NtmsSvc] -> [2008/04/13 17:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\nwwks.dll [NWCWorkstation] -> [2008/04/13 17:12:02 | 000,065,536 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\rasauto.dll [RasAuto] -> [2008/04/13 17:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\rasmans.dll [RasMan] -> [2008/04/13 17:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\mprdim.dll [RemoteAccess] -> [2008/04/13 17:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\schedsvc.dll [Schedule] -> [2008/04/13 17:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\seclogon.dll [seclogon] -> [2008/04/13 17:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\sens.dll [SENS] -> [2008/04/13 17:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\ipnathlp.dll [SharedAccess] -> [2008/04/13 17:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\shsvcs.dll [ShellHWDetection] -> [2008/04/13 17:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\srsvc.dll [srservice] -> [2008/04/13 17:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\tapisrv.dll [TapiSrv] -> [2008/04/13 17:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\shsvcs.dll [Themes] -> [2008/04/13 17:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\trkwks.dll [TrkWks] -> [2008/04/13 17:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\w32time.dll [W32Time] -> [2008/04/13 17:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wbem\wmisvc.dll [winmgmt] -> [2008/04/13 17:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\mspmsnsv.dll [WmdmPmSN] -> [2006/10/18 21:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\advapi32.dll [Wmi] -> [2009/02/09 05:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wscsvc.dll [wscsvc] -> [2008/04/13 17:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wuauserv.dll [wuauserv] -> [2008/04/13 17:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wzcsvc.dll [WZCSVC] -> [2008/04/13 17:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\xmlprov.dll [xmlprov] -> [2008/04/13 17:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE] -> [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\alrsvc.dll [Alerter] -> [2008/04/13 17:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\lmhsvc.dll [LmHosts] -> [2008/04/13 17:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\regsvc.dll [RemoteRegistry] -> [2008/04/13 17:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\ssdpsrv.dll [SSDPSRV] -> [2008/04/13 17:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\upnphost.dll [upnphost] -> [2008/04/13 17:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\webclnt.dll [WebClient] -> [2008/04/13 17:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE] -> [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\alrsvc.dll [Alerter] -> [2008/04/13 17:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\lmhsvc.dll [LmHosts] -> [2008/04/13 17:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\regsvc.dll [RemoteRegistry] -> [2008/04/13 17:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\ssdpsrv.dll [SSDPSRV] -> [2008/04/13 17:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\upnphost.dll [upnphost] -> [2008/04/13 17:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\webclnt.dll [WebClient] -> [2008/04/13 17:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [IMGSVC] -> [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wiaservc.dll [stisvc] -> [2008/04/13 17:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [DCOMLAUNCH] -> [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\rpcss.dll [DcomLaunch] -> [2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\termsrv.dll [TermService] -> [2008/04/13 17:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation)
lsass.exe -> C:\WINDOWS\system32\lsass.exe -> [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
ctfmon.exe -> C:\WINDOWS\system32\ctfmon.exe -> [2008/04/13 17:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
csrss.exe -> C:\WINDOWS\system32\csrss.exe -> [2008/04/13 17:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation)
alg.exe -> C:\WINDOWS\system32\alg.exe -> [2008/04/13 17:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation)
cvpnd.exe -> C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -> [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.)
soundman.exe -> C:\WINDOWS\soundman.exe -> [2006/11/17 03:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.)
sd monitor.exe -> C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe -> [2006/01/05 10:57:00 | 000,114,688 | ---- | M] (SanDisk)
nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> [2005/11/04 09:38:00 | 000,143,427 | ---- | M] (NVIDIA Corporation)
aliassketchsnap.exe -> C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe -> [2005/01/17 11:22:34 | 000,225,280 | ---- | M] (Alias Systems)
tsmdataengine.exe -> C:\Program Files\Tyan Computer Corp\Tyan System Monitor Server Agent\TSMDataEngine.exe -> [2004/10/12 13:23:00 | 000,098,304 | ---- | M] (Tyan Computer Corp)
wrapper.exe -> C:\Program Files\Alias\Maya7.0\docs\wrapper.exe -> [2004/07/16 20:26:44 | 000,126,976 | ---- | M] ()
java.exe -> C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe -> [2004/05/07 07:20:52 | 000,024,681 | ---- | M] ()
tablet.exe -> C:\WINDOWS\system32\Tablet.exe -> [2003/12/04 10:00:34 | 000,634,880 | ---- | M] (Wacom Technology, Corp.)
tabuserw.exe -> C:\WINDOWS\system32\Wtablet\TabUserW.exe -> [2003/12/04 09:48:40 | 000,077,824 | ---- | M] (Wacom Technology, Corp.)
lservnt.exe -> C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe -> [2002/04/08 05:20:00 | 000,675,840 | ---- | M] (Rainbow Technologies, Inc.)
 
[Modules - All]
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/09/10 13:11:11 | 000,641,024 | ---- | M] (OldTimer Tools)
flvsrvlib.dll -> C:\Documents and Settings\Administrator\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> [2010/09/10 13:00:52 | 000,012,800 | ---- | M] (Applian Technologies, Inc.)
shell32.dll -> C:\WINDOWS\system32\shell32.dll -> [2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
shlwapi.dll -> C:\WINDOWS\system32\shlwapi.dll -> [2009/12/08 02:23:28 | 000,474,112 | ---- | M] (Microsoft Corporation)
secur32.dll -> C:\WINDOWS\system32\secur32.dll -> [2009/06/25 01:25:26 | 000,056,832 | ---- | M] (Microsoft Corporation)
rpcrt4.dll -> C:\WINDOWS\system32\rpcrt4.dll -> [2009/04/15 07:51:25 | 000,585,216 | ---- | M] (Microsoft Corporation)
kernel32.dll -> C:\WINDOWS\system32\kernel32.dll -> [2009/03/21 07:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation)
msctfime.ime -> C:\WINDOWS\system32\msctfime.ime -> [2009/02/26 21:56:38 | 000,177,152 | ---- | M] (Microsoft Corporation)
ntdll.dll -> C:\WINDOWS\system32\ntdll.dll -> [2009/02/09 05:10:48 | 000,714,752 | ---- | M] (Microsoft Corporation)
advapi32.dll -> C:\WINDOWS\system32\advapi32.dll -> [2009/02/09 05:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation)
gdi32.dll -> C:\WINDOWS\system32\gdi32.dll -> [2008/10/23 05:36:14 | 000,286,720 | ---- | M] (Microsoft Corporation)
ieframe.dll -> C:\WINDOWS\system32\ieframe.dll -> [2008/08/22 04:10:34 | 011,985,408 | ---- | M] (Microsoft Corporation)
urlmon.dll -> C:\WINDOWS\system32\urlmon.dll -> [2008/08/22 04:08:22 | 001,206,784 | ---- | M] (Microsoft Corporation)
iertutil.dll -> C:\WINDOWS\system32\iertutil.dll -> [2008/08/22 04:06:02 | 001,778,688 | ---- | M] (Microsoft Corporation)
setupapi.dll -> C:\WINDOWS\system32\setupapi.dll -> [2008/04/14 05:42:06 | 000,985,088 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll -> [2008/04/13 17:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation)
winspool.drv -> C:\WINDOWS\system32\winspool.drv -> [2008/04/13 17:12:45 | 000,146,432 | ---- | M] (Microsoft Corporation)
winmm.dll -> C:\WINDOWS\system32\winmm.dll -> [2008/04/13 17:12:09 | 000,176,128 | ---- | M] (Microsoft Corporation)
wldap32.dll -> C:\WINDOWS\system32\wldap32.dll -> [2008/04/13 17:12:09 | 000,172,032 | ---- | M] (Microsoft Corporation)
userenv.dll -> C:\WINDOWS\system32\userenv.dll -> [2008/04/13 17:12:08 | 000,727,040 | ---- | M] (Microsoft Corporation)
user32.dll -> C:\WINDOWS\system32\user32.dll -> [2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation)
uxtheme.dll -> C:\WINDOWS\system32\uxtheme.dll -> [2008/04/13 17:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation)
version.dll -> C:\WINDOWS\system32\version.dll -> [2008/04/13 17:12:08 | 000,018,944 | ---- | M] (Microsoft Corporation)
srclient.dll -> C:\WINDOWS\system32\srclient.dll -> [2008/04/13 17:12:07 | 000,067,584 | ---- | M] (Microsoft Corporation)
samlib.dll -> C:\WINDOWS\system32\samlib.dll -> [2008/04/13 17:12:04 | 000,064,000 | ---- | M] (Microsoft Corporation)
psapi.dll -> C:\WINDOWS\system32\psapi.dll -> [2008/04/13 17:12:03 | 000,023,040 | ---- | M] (Microsoft Corporation)
ole32.dll -> C:\WINDOWS\system32\ole32.dll -> [2008/04/13 17:12:02 | 001,287,168 | ---- | M] (Microsoft Corporation)
oleaut32.dll -> C:\WINDOWS\system32\oleaut32.dll -> [2008/04/13 17:12:02 | 000,551,936 | ---- | M] (Microsoft Corporation)
ntmarta.dll -> C:\WINDOWS\system32\ntmarta.dll -> [2008/04/13 17:12:02 | 000,118,784 | ---- | M] (Microsoft Corporation)
olepro32.dll -> C:\WINDOWS\system32\olepro32.dll -> [2008/04/13 17:12:02 | 000,084,992 | ---- | M] (Microsoft Corporation)
msvcrt.dll -> C:\WINDOWS\system32\msvcrt.dll -> [2008/04/13 17:12:01 | 000,343,040 | ---- | M] (Microsoft Corporation)
mslbui.dll -> C:\WINDOWS\system32\mslbui.dll -> [2008/04/13 17:12:00 | 000,025,088 | ---- | M] (Microsoft Corporation)
msimg32.dll -> C:\WINDOWS\system32\msimg32.dll -> [2008/04/13 17:11:59 | 000,004,608 | ---- | M] (Microsoft Corporation)
msctf.dll -> C:\WINDOWS\system32\msctf.dll -> [2008/04/13 17:11:58 | 000,297,984 | ---- | M] (Microsoft Corporation)
mpr.dll -> C:\WINDOWS\system32\mpr.dll -> [2008/04/13 17:11:57 | 000,059,904 | ---- | M] (Microsoft Corporation)
imm32.dll -> C:\WINDOWS\system32\imm32.dll -> [2008/04/13 17:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation)
framedyn.dll -> C:\WINDOWS\system32\wbem\framedyn.dll -> [2008/04/13 17:11:53 | 000,185,344 | ---- | M] (Microsoft Corporation)
comres.dll -> C:\WINDOWS\system32\comres.dll -> [2008/04/13 17:11:51 | 000,792,064 | ---- | M] (Microsoft Corporation)
comdlg32.dll -> C:\WINDOWS\system32\comdlg32.dll -> [2008/04/13 17:11:51 | 000,276,992 | ---- | M] (Microsoft Corporation)
clbcatq.dll -> C:\WINDOWS\system32\clbcatq.dll -> [2008/04/13 17:11:50 | 000,498,688 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation)
tabhook.dll -> C:\WINDOWS\system32\TabHook.dll -> [2003/12/04 09:46:48 | 000,044,544 | ---- | M] (Wacom Technology, Corp.)
 
[Win32 Services - Safe List]
(nero backitup scheduler 4.0) nero backitup scheduler 4.0 [Auto | Stopped] -> C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -> File not found
(HidServ) Human Interface Device Access [Disabled | Stopped] -> C:\WINDOWS\System32\hidserv.dll -> File not found
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [On_Demand | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/09/03 21:19:55 | 001,355,928 | ---- | M] (Lavasoft)
(SBAMSvc) VIPRE Antivirus [Auto | Running] -> C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -> [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software)
(SBPIMSvc) SB Recovery Service [Auto | Running] -> C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -> [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2010/08/13 23:25:54 | 000,655,624 | ---- | M] (Acresso Software Inc.)
(avg9wd) AVG Free WatchDog [Auto | Running] -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2010/07/15 08:36:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.)
(sdAuxService) PC Tools Auxiliary Service [Auto | Running] -> C:\Program Files\Spyware Doctor\pctsAuxs.exe -> [2009/09/23 12:17:22 | 000,358,600 | ---- | M] (PC Tools)
(TomTomHOMEService) TomTomHOMEService [Auto | Running] -> C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -> [2009/06/03 05:46:36 | 000,092,008 | ---- | M] (TomTom)
(lvprcsrv) Process Monitor [Auto | Running] -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.)
(CVPND) Cisco Systems, Inc. VPN Service [Auto | Running] -> C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -> [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.)
(WinDefend) Windows Defender [Auto | Stopped] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
(SNDSrvc) Symantec Network Drivers Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> [2005/04/05 08:17:22 | 000,206,552 | ---- | M] (Symantec Corporation)
(TSMDataEngine) TSMDataEngine [Auto | Running] -> C:\Program Files\Tyan Computer Corp\Tyan System Monitor Server Agent\TSMDataEngine.exe -> [2004/10/12 13:23:00 | 000,098,304 | ---- | M] (Tyan Computer Corp)
(Pml Driver HPZ12) Pml Driver HPZ12 [On_Demand | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2004/09/29 10:14:36 | 000,069,632 | ---- | M] (HP)
(maya70docserver) Maya 7.0 Documentation Server [Auto | Running] -> C:\Program Files\Alias\Maya7.0\docs\wrapper.exe -> [2004/07/16 20:26:44 | 000,126,976 | ---- | M] ()
(TabletService) TabletService [Auto | Running] -> C:\WINDOWS\system32\Tablet.exe -> [2003/12/04 10:00:34 | 000,634,880 | ---- | M] (Wacom Technology, Corp.)
(SentinelLM) SentinelLM [Auto | Running] -> C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe -> [2002/04/08 05:20:00 | 000,675,840 | ---- | M] (Rainbow Technologies, Inc.)
 
[Driver Services - Safe List]
(DS1410D) DS1410D [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\drivers\ds1410d.sys -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -> File not found
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2010/08/12 05:15:20 | 000,064,288 | ---- | M] (Lavasoft AB)
(Lavasoft Kernexplorer) Lavasoft helper driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -> [2010/08/12 05:15:19 | 000,015,008 | ---- | M] ()
(SbTis) SbTis [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\sbtis.sys -> [2010/07/27 04:48:30 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.)
(AvgTdiX) AVG Free Network Redirector [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avgtdix.sys -> [2010/07/15 08:36:13 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avgldx86.sys -> [2010/07/15 08:35:36 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.)
(sbapifs) sbapifs [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\sbapifs.sys -> [2010/06/14 14:54:30 | 000,069,976 | ---- | M] (Sunbelt Software)
(sbaphd) sbaphd [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\sbaphd.sys -> [2010/06/14 14:54:30 | 000,021,464 | ---- | M] (Sunbelt Software)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\system32\drivers\avgmfx86.sys -> [2010/06/06 14:09:54 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.)
(SBRE) SBRE [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\SBREDrv.sys -> [2010/05/13 07:56:22 | 000,098,392 | ---- | M] (Sunbelt Software)
(PCTCore) PCTools KDS [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\PCTCore.sys -> [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools)
(filterservice) UVC Filter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lvuvcflt.sys -> [2009/04/30 16:03:30 | 000,023,832 | R--- | M] (Logitech Inc.)
(lvuvc) Logitech Webcam 250(UVC) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lvuvc.sys -> [2009/04/30 16:03:08 | 006,754,712 | R--- | M] (Logitech Inc.)
(lvrs) Logitech RightSound Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lvrs.sys -> [2009/04/30 16:01:36 | 000,265,496 | R--- | M] (Logitech Inc.)
(lvpr2mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\LVPr2Mon.sys -> [2009/04/30 16:00:12 | 000,025,624 | ---- | M] ()
(lvpopflt) Logitech POP Suppression Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lvpopflt.sys -> [2009/04/30 16:00:00 | 000,114,712 | R--- | M] (Logitech Inc.)
(adfs) adfs [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\adfs.sys -> [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.)
(NwlnkIpx) NWLink IPX/SPX/NetBIOS Compatible Transport Protocol [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\nwlnkipx.sys -> [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation)
(61883) 61883 Unit Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\61883.sys -> [2008/04/13 11:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation)
(Avc) AVC Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\avc.sys -> [2008/04/13 11:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation)
(MSDV) Microsoft DV Camera and VCR [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\msdv.sys -> [2008/04/13 11:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation)
(CVPNDRVA) Cisco Systems Inc. IPSec Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\CVPNDRVA.sys -> [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.)
(Haspnt) Haspnt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\Haspnt.sys -> [2007/02/04 20:55:06 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems)
(mamotou) mamotou [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mamotou.sys -> [2007/02/02 16:57:16 | 000,049,377 | ---- | M] (Mobile Action Technology Inc.)
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\dne2000.sys -> [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\alcxwdm.sys -> [2007/01/25 14:37:16 | 004,027,456 | R--- | M] (Realtek Semiconductor Corp.)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CVirtA.sys -> [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.)
(MaVctrl) MaVctrl [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\MaVc2K.sys -> [2007/01/16 11:44:46 | 000,011,986 | ---- | M] (Mobile Action Technology Inc.)
(Hardlock) Hardlock [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\hardlock.sys -> [2006/11/22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Program Files\Symantec\SYMEVENT.SYS -> [2006/01/03 13:31:44 | 000,117,408 | ---- | M] (Symantec Corporation)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2005/11/04 09:38:00 | 003,519,360 | ---- | M] (NVIDIA Corporation)
(SYMTDI) SYMTDI [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS -> [2005/04/05 08:17:02 | 000,267,192 | ---- | M] (Symantec Corporation)
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -> [2005/04/05 08:17:00 | 000,017,976 | ---- | M] (Symantec Corporation)
(SYMIDS) SYMIDS [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\SYMIDS.SYS -> [2005/04/05 08:16:58 | 000,036,984 | ---- | M] (Symantec Corporation)
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -> [2005/04/05 08:16:56 | 000,047,192 | ---- | M] (Symantec Corporation)
(SYMFW) SYMFW [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\SYMFW.SYS -> [2005/04/05 08:16:54 | 000,173,208 | ---- | M] (Symantec Corporation)
(SYMDNS) SYMDNS [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\SYMDNS.SYS -> [2005/04/05 08:16:52 | 000,011,512 | ---- | M] (Symantec Corporation)
(vsdatant) vsdatant [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\vsdatant.sys -> [2005/01/26 09:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC)
(tyansmb) tyansmb [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tyansmb.sys -> [2004/09/13 14:10:24 | 000,015,103 | ---- | M] (Tyan Computer Corp)
(NwlnkNb) NWLink NetBIOS [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\nwlnknb.sys -> [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation)
(NwlnkSpx) NWLink SPX/SPXII Protocol [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\nwlnkspx.sys -> [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation)
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pfc.sys -> [2004/04/01 14:30:46 | 000,010,368 | ---- | M] (Padus, Inc.)
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ALCXSENS.SYS -> [2004/01/07 23:46:42 | 000,404,736 | ---- | M] (Sensaura Ltd)
(si3114) SiI-3114 SATALink Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\si3114.sys -> [2003/09/03 05:05:32 | 000,054,872 | ---- | M] (Silicon Image, Inc.)
(amdagp8p) AMD NB AGP Bus Filter [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\amdagp8p.sys -> [2003/08/22 14:25:16 | 000,027,648 | ---- | M] (Advanced Micro Devices, Inc.)
(amdbusdr) amdbusdr [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\amdbusdr.sys -> [2003/07/02 10:42:04 | 000,029,696 | ---- | M] (AMD)
(AMDEIDE) AMD EIDE Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\AmdEide.sys -> [2003/07/02 10:42:02 | 000,038,400 | ---- | M] (AMD)
(SiWinAcc) SiWinAcc [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\SiWinAcc.sys -> [2003/06/09 10:56:40 | 000,010,112 | ---- | M] (Silicon Image, Inc.)
(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -> [2003/06/09 10:56:40 | 000,010,112 | ---- | M] (Silicon Image, Inc.)
(IPMI_Driver) IPMI_Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\ipmidrv.sys -> [2002/10/09 17:27:48 | 000,008,064 | ---- | M] (Tyan Computer Co.)
(CA561) ICatch (VI) PC Camera [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SPCA561.SYS -> [2002/10/01 15:43:32 | 000,119,798 | ---- | M] (SP)
(Sentinel) Sentinel [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\Drivers\SENTINEL.SYS -> [2001/06/21 19:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.)
(Sntnlusb) Rainbow USB SuperPro [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -> [2001/06/21 19:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.)
(PenClass) Pen Class [Kernel | Boot | Running] -> C:\WINDOWS\system32\Drivers\penclass.sys -> [2001/04/09 06:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation)
 
[Registry - All]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\] > -> -> 
HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\: Main\\"Page_Transitions" -> 1 -> 
HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\system32\ieframe.dll [Microsoft Url Search Hook] -> [2008/08/22 04:10:34 | 011,985,408 | ---- | M] (Microsoft Corporation)
HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2010/09/06 16:53:27 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8} -> C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\] -> [2010/03/05 20:07:31 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\extensions\\[email protected] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/12/27 20:39:01 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions ->  -> 
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components -> C:\Program Files\Mozilla Thunderbird\components [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2010/04/23 19:24:50 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins -> C:\Program Files\Mozilla Thunderbird\plugins [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS] -> [2010/04/23 19:24:50 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions -> [2010/01/27 00:02:08 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected] -> [2009/06/19 20:09:04 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/01/22 18:16:42 | 000,000,000 | ---D | M]
No name found   -> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2010/01/26 08:51:51 | 000,000,000 | ---D | M]
Skype extension for Firefox   -> C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} -> [2010/01/05 20:54:31 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/09/07 09:38:11 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/01/12 18:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2010/07/23 08:03:28 | 001,619,296 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/12 15:09:42 | 000,222,448 | ---- | M] (Yahoo! Inc.)
{9030d464-4c02-4abf-8ecc-5164760863c6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/03/24 08:53:00 | 000,668,656 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2010/08/04 15:37:18 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [Google Gears Helper] -> [2010/02/23 06:51:18 | 002,121,728 | ---- | M] (Google Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2010/08/04 15:37:18 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [&Address] -> [2008/04/13 17:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
ShellBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [&Links] -> [2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [&Address] -> [2008/04/13 17:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [&Links] -> [2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AdobeCS4ServiceManager" -> C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe ["C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin] -> [2008/08/14 07:58:34 | 000,611,712 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2008/07/22 20:42:24 | 000,116,040 | ---- | M] (Apple Inc.)
"Ask and Record FLV Service" -> C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe ["C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run] -> [2009/03/09 18:29:41 | 000,156,672 | ---- | M] (Applian Technologies, Inc.)
"AVG9_TRAY" -> C:\Program Files\AVG\AVG9\avgtray.exe [C:\PROGRA~1\AVG\AVG9\avgtray.exe] -> [2010/07/15 08:36:13 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/07/30 10:47:56 | 000,289,064 | ---- | M] (Apple Inc.)
"LogitechQuickCamRibbon" -> C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ["C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide] -> [2009/05/08 10:35:50 | 002,780,432 | ---- | M] ()
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2005/11/04 09:38:00 | 007,204,864 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2010/03/17 21:53:36 | 000,421,888 | ---- | M] (Apple Inc.)
"SBAMTray" -> C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe ["C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe"] -> [2010/08/20 09:24:14 | 001,348,944 | ---- | M] (Sunbelt Software)
"SoundMan" -> C:\WINDOWS\soundman.exe [SOUNDMAN.EXE] -> [2006/11/17 03:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Common Files\Java\Java Update\jusched.exe ["C:\Program Files\Common Files\Java\Java Update\jusched.exe"] -> [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"RunNarrator" -> C:\WINDOWS\System32\narrator.exe [Narrator.exe] -> [2008/04/13 17:12:29 | 000,053,760 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"RunNarrator" -> C:\WINDOWS\System32\narrator.exe [Narrator.exe] -> [2008/04/13 17:12:29 | 000,053,760 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ctfmon.exe" -> C:\WINDOWS\system32\ctfmon.exe [C:\WINDOWS\system32\ctfmon.exe] -> [2008/04/13 17:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Google Update" -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008/09/03 01:09:45 | 000,133,104 | ---- | M] (Google Inc.)
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
"TomTomHOME.exe" -> C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe ["C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"] -> [2009/06/03 05:46:34 | 000,251,240 | ---- | M] (TomTom)
"updateMgr" -> C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1] -> [2006/03/30 14:45:08 | 000,313,472 | ---- | M] (Adobe Systems Incorporated)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 23:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk -> C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe -> [2005/01/17 11:22:34 | 000,225,280 | ---- | M] (Alias Systems)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk -> C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe -> [2006/01/05 10:57:00 | 000,114,688 | ---- | M] (SanDisk)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk -> C:\WINDOWS\system32\Wtablet\TabUserW.exe -> [2003/12/04 09:48:40 | 000,077,824 | ---- | M] (Wacom Technology, Corp.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk -> C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico -> [2008/09/17 20:01:39 | 000,006,144 | R--- | M] ()
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2010/06/23 17:14:32 | 010,354,000 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2010/06/23 17:14:32 | 010,354,000 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2010/06/23 17:14:32 | 010,354,000 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}:{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [Menu: &Gears Settings] -> [2010/02/23 06:51:18 | 002,121,728 | ---- | M] (Google Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2007/12/12 15:09:42 | 000,222,448 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 15:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/12 15:09:42 | 000,222,448 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/12 15:09:42 | 000,222,448 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{09c04da7-5b76-4ebc-bbee-b25eac5965f5}" [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [&Gears Settings] -> [2010/02/23 06:51:18 | 002,121,728 | ---- | M] (Google Inc.)
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/12 15:09:42 | 000,222,448 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6730 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6731 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6731 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4177 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4177 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 9281 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} [HKLM] -> http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab [SonyOnlineInstallerX] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283758294515 [WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{A8A09142-6C0F-4B7D-8828-F3691D4923E8}\\DhcpNameServer -> 213.109.68.247 213.109.73.249 1.1.1.1   (Intel(R) PRO/1000 MT Desktop Adapter) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> C:\WINDOWS\System32\logonui.exe -> [2008/04/13 17:12:24 | 000,514,560 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> C:\WINDOWS\System32\shell32.dll -> [2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
Control_RunDLL "sysdm.cpl" -> C:\WINDOWS\System32\sysdm.cpl -> [2008/04/13 17:12:41 | 000,300,544 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2010/07/15 08:36:11 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.)
crypt32chain -> C:\WINDOWS\System32\crypt32.dll -> [2008/04/13 17:11:51 | 000,599,040 | ---- | M] (Microsoft Corporation)
cryptnet -> C:\WINDOWS\System32\cryptnet.dll -> [2008/04/13 17:11:51 | 000,064,512 | ---- | M] (Microsoft Corporation)
cscdll -> C:\WINDOWS\System32\cscdll.dll -> [2008/04/13 17:11:51 | 000,101,888 | ---- | M] (Microsoft Corporation)
dimsntfy -> C:\WINDOWS\system32\dimsntfy.dll -> [2008/04/13 17:11:52 | 000,019,456 | ---- | M] (Microsoft Corporation)
ScCertProp -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 17:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
Schedule -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 17:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
sclgntfy -> C:\WINDOWS\System32\sclgntfy.dll -> [2008/04/13 17:12:05 | 000,020,480 | ---- | M] (Microsoft Corporation)
SensLogn -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 17:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
termsrv -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 17:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
WgaLogon -> C:\WINDOWS\System32\WgaLogon.dll -> [2009/03/10 22:18:00 | 000,239,496 | ---- | M] (Microsoft Corporation)
wlballoon -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 17:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [CDBurn] -> [2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
"{7849596a-48ea-486e-8937-a2a3009f31a9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [PostBootReminder] -> [2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
"{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\system32\stobject.dll [SysTray] -> [2008/04/13 17:12:07 | 000,121,856 | ---- | M] (Microsoft Corporation)
"{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKLM] -> C:\WINDOWS\system32\upnpui.dll [UPnPMonitor] -> [2008/04/13 17:12:08 | 000,239,616 | ---- | M] (Microsoft Corporation)
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> C:\WINDOWS\system32\webcheck.dll [WebCheck] -> [2008/08/22 04:08:08 | 000,236,544 | ---- | M] (Microsoft Corporation)
"{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> C:\WINDOWS\system32\WPDShServiceObj.dll [WPDShServiceObj] -> [2006/10/18 21:47:22 | 000,133,632 | ---- | M] (Microsoft Corporation)
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Browseui preloader] -> [2008/04/13 17:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Component Categories cache daemon] -> [2008/04/13 17:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation)
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> C:\WINDOWS\System32\shell32.dll [] -> [2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
msapsspc.dll -> C:\WINDOWS\System32\msapsspc.dll -> [2008/04/13 17:11:58 | 000,086,016 | ---- | M] (Microsoft Corporation)
schannel.dll -> C:\WINDOWS\System32\schannel.dll -> [2010/06/30 05:31:35 | 000,149,504 | ---- | M] (Microsoft Corporation)
digest.dll -> C:\WINDOWS\System32\digest.dll -> [2008/04/13 17:11:52 | 000,068,608 | ---- | M] (Microsoft Corporation)
msnsspc.dll -> C:\WINDOWS\System32\msnsspc.dll -> [2008/04/13 17:12:00 | 000,290,816 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 07:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation)
nwprovau -> C:\WINDOWS\System32\nwprovau.dll -> [2008/04/13 17:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> C:\WINDOWS\System32\kerberos.dll -> [2009/06/25 01:25:26 | 000,301,568 | ---- | M] (Microsoft Corporation)
msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 07:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation)
schannel -> C:\WINDOWS\System32\schannel.dll -> [2010/06/30 05:31:35 | 000,149,504 | ---- | M] (Microsoft Corporation)
wdigest -> C:\WINDOWS\System32\wdigest.dll -> [2009/06/25 01:25:26 | 000,054,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msncall.exe" -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\Administrator\Application Data\Sony Online Entertainment\Installed Games\Clone Wars\CloneWars.exe" -> C:\Documents and Settings\Administrator\Application Data\Sony Online Entertainment\Installed Games\Clone Wars\CloneWars.exe [C:\Documents and Settings\Administrator\Application Data\Sony Online Entertainment\Installed Games\Clone Wars\CloneWars.exe:*:Enabled:CloneWars] -> [2010/08/25 18:45:20 | 020,066,304 | ---- | M] ()
"C:\Documents and Settings\Administrator\Desktop\NDRServer.exe" -> C:\Documents and Settings\Administrator\Desktop\NDRServer.exe [C:\Documents and Settings\Administrator\Desktop\NDRServer.exe:*:Enabled:NDRServer] -> [2005/02/17 17:51:02 | 000,098,304 | ---- | M] ()
"C:\Program Files\Alias\Maya7.0\bin\maya.exe" -> C:\Program Files\Alias\Maya7.0\bin\maya.exe [C:\Program Files\Alias\Maya7.0\bin\maya.exe:LocalSubNet:Enabled:Maya] -> [2005/11/20 12:07:30 | 000,196,608 | ---- | M] (Alias)
"C:\Program Files\Autodesk\Maya2008\bin\maya.exe" -> C:\Program Files\Autodesk\Maya2008\bin\maya.exe [C:\Program Files\Autodesk\Maya2008\bin\maya.exe:*:Enabled:Maya] -> [2007/08/03 07:12:08 | 000,274,432 | ---- | M] (Autodesk)
"C:\Program Files\Autodesk\Maya2009\bin\maya.exe" -> C:\Program Files\Autodesk\Maya2009\bin\maya.exe [C:\Program Files\Autodesk\Maya2009\bin\maya.exe:*:Disabled:Maya] -> [2008/09/11 04:15:14 | 000,278,528 | ---- | M] (Autodesk)
"C:\Program Files\AVG\AVG9\avgnsx.exe" -> C:\Program Files\AVG\AVG9\avgnsx.exe [C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2010/07/15 08:36:11 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" -> C:\Program Files\AVG\AVG9\avgupd.exe [C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe] -> [2010/07/15 08:34:54 | 001,054,880 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -> C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4] -> [2008/08/14 07:58:34 | 000,611,712 | ---- | M] (Adobe Systems Incorporated)
"C:\Program Files\Flash MX\Flash.exe" -> C:\Program Files\Flash MX\Flash.exe [C:\Program Files\Flash MX\Flash.exe:*:Disabled:Flash 6.0 r25] -> [2002/03/07 19:20:34 | 012,107,776 | ---- | M] (Macromedia, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2004/02/26 17:23:44 | 000,081,920 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2005/05/10 19:07:26 | 001,081,344 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2005/05/10 19:50:34 | 000,200,704 | ---- | M] ()
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/07/30 10:47:50 | 020,252,968 | ---- | M] (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2010/07/17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\mayaNetRenderServer.exe" -> C:\Program Files\mayaNetRenderServer.exe [C:\Program Files\mayaNetRenderServer.exe:LocalSubNet:Enabled:mayaNetRenderServer] -> [2003/05/08 07:32:58 | 000,869,376 | ---- | M] ()
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Next Limit\RealFlow4\realflow.exe" -> C:\Program Files\Next Limit\RealFlow4\realflow.exe [C:\Program Files\Next Limit\RealFlow4\realflow.exe:*:Enabled:realflow] -> [2007/09/04 18:01:14 | 000,151,552 | ---- | M] ()
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2009/10/09 14:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" -> C:\Program Files\Skype\Plugin Manager\skypePM.exe [C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager] -> [2009/10/09 14:11:12 | 000,078,008 | R--- | M] (Skype Technologies)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" -> C:\Program Files\SmartFTP Client\SmartFTP.exe [C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0] -> [2008/11/23 18:33:58 | 008,389,408 | ---- | M] (SmartSoft Ltd.)
"C:\Program Files\SmartFTP\SmartFTP.exe" -> C:\Program Files\SmartFTP\SmartFTP.exe [C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP] -> [2005/03/23 18:08:32 | 001,593,344 | ---- | M] (SmartFTP)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2008/10/16 22:57:52 | 004,347,120 | ---- | M] (Yahoo! Inc.)
"C:\UT2004\System\UT2004.exe" -> C:\UT2004\System\UT2004.exe [C:\UT2004\System\UT2004.exe:*:Enabled:UT2004] -> [2006/02/02 14:10:40 | 000,208,896 | ---- | M] ()
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\System32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/13 17:12:18 | 000,083,456 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2005/01/20 12:17:12 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{0291E591-EA41-4c82-8106-3DC6CE7F7664} [HKLM] -> C:\Program Files\Yahoo!\Common\YInstHelper.dll [HKLM: Installation Support; IsInstalled: 1] -> [2007/11/28 14:55:58 | 000,211,744 | ---- | M] (Yahoo! Inc.)
{03F998B2-0E00-11D3-A498-00104B6EB52E} [HKLM] -> Reg Error: Key error. [(default): Viewpoint Media Player; IsInstalled: 01 00 00 00  [binary data]] -> File not found
{10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKLM] -> Reg Error: Key error. [(default): Vector Graphics Rendering (VML); IsInstalled: 01 00 00 00  [binary data]] -> File not found
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Director\SwDir.dll [(default): Macromedia Shockwave Director 10.1; IsInstalled: 01 00 00 00  [binary data]] -> [2006/02/08 09:52:02 | 000,054,976 | ---- | M] (Macromedia, Inc.)
{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKLM] -> Reg Error: Key error. [(default): Viewpoint Media Player; IsInstalled: 01 00 00 00  [binary data]] -> File not found
{1B78DAC9-1292-E39B-2B3B-29AA4B030C5E} [HKLM] -> Reg Error: Key error. [(default): Browser Customizations; IsInstalled: 1] -> File not found
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] ->  [ComponentID: NetShow; IsInstalled: 1] -> 
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] ->  [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] -> 
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Macromed\Director\SwDir.dll [(default): Macromedia Shockwave Director 10.1.1; IsInstalled: 01 00 00 00  [binary data]] -> [2006/02/08 09:52:02 | 000,054,976 | ---- | M] (Macromedia, Inc.)
{283807B5-2C60-11D0-A31D-00AA00B92C03} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation; IsInstalled: 1] -> File not found
{2A202491-F00D-11cf-87CC-0020AFEECF20} [HKLM] -> Reg Error: Key error. [(default): Macromedia Shockwave Director 10.1.1; IsInstalled: 01 00 00 00  [binary data]] -> File not found
{2A3320D6-C805-4280-B423-B665BDE33D8F} [HKLM] -> Reg Error: Key error. [(default): Microsoft .NET Framework 1.1 Security Update (KB979906); IsInstalled: 1] -> File not found
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] -> 
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [HKLM] -> C:\Program Files\Yahoo!\Common\YInstHelper.dll [HKLM: Installation Support; IsInstalled: 1] -> [2007/11/28 14:55:58 | 000,211,744 | ---- | M] (Yahoo! Inc.)
{347B0667-C7ED-429B-BDE3-CC8D3BACAA31} [HKLM] -> C:\Program Files\Yahoo!\Common\YInstHelper.dll [HKLM: Installation Support; IsInstalled: 1] -> [2007/11/28 14:55:58 | 000,211,744 | ---- | M] (Yahoo! Inc.)
{36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding for Java; IsInstalled: 1] -> File not found
{3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found
{3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Uniscribe; IsInstalled: 1] -> File not found
{411EDCF7-755D-414E-A74B-3DCD6583F589} [HKLM] -> Reg Error: Key error. [(default): Microsoft .NET Framework 1.1 Service Pack 1 (KB867460); IsInstalled: 1] -> File not found
{4278c270-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Advanced Authoring; IsInstalled: 1] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00  [binary data]] -> 
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(default): DirectShow; IsInstalled: 1] -> File not found
{44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found
{45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found
{4f216970-c90c-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation Java Classes; IsInstalled: 1] -> File not found
{4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.8; IsInstalled: 1] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] -> 
{5A8D6EE0-3E18-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [ComponentID: ICW; IsInstalled: 1] -> File not found
{5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] -> 
{6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [StubPath] ->  [(default): Web Folders; IsInstalled: 1] -> 
{7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Address Book 6; IsInstalled: 1] -> 
{89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop Update; IsInstalled: 1] -> 
{89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] -> 
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] -> 
{9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found
{A17E30C4-A9BA-11D4-8673-60DB54C10000} [HKLM] -> C:\Program Files\Yahoo!\Common\YMMAPI.dll [HKLM: Yahoo! MailTo; IsInstalled: 1] -> [2007/06/28 14:41:00 | 000,285,464 | ---- | M] (Yahoo! Inc.)
{AA218328-0EA8-4D70-8972-E987A9190FF4} [HKLM] -> C:\Program Files\Yahoo!\Common\YMMAPI.dll [HKLM: Yahoo! Mail Attachment Control; IsInstalled: 1] -> [2007/06/28 14:41:00 | 000,285,464 | ---- | M] (Yahoo! Inc.)
{B508B3F1-A24A-32C0-B310-85786919EF28} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{B6C275FE-D23F-4F40-9851-290CA110D58E} [HKLM] -> Reg Error: Key error. [(default): Browser Customizations; IsInstalled: 1] -> File not found
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{CC2A9BA0-3BDD-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [(default): Task Scheduler; IsInstalled: 1] -> File not found
{CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKLM] -> Reg Error: Key error. [ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00  [binary data]] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [(default): Adobe Flash Player; IsInstalled: 01 00 00 00  [binary data]] -> [2010/01/26 17:58:36 | 003,981,080 | R--- | M] (Adobe Systems, Inc.)
{de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [ComponentID: Yahoo! Messenger; IsInstalled: 1] -> [2008/10/16 22:57:52 | 004,347,120 | ---- | M] (Yahoo! Inc.)
{E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00  [binary data]] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): IE7 Uninstall Stub; IsInstalled: 1] -> 
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player; IsInstalled: 0] -> 
>{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [(default): Internet Explorer; IsInstalled: 1] -> 
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> 
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> 
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 1] -> 
< ActiveX StubPath [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{4b218e3e-bc98-4770-93d3-2731b9329278} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
InitiallyClear [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> 
AcroRd32.exe -> C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe] -> [2006/05/16 20:15:09 | 000,071,288 | ---- | M] (Adobe Systems Incorporated)
Adobe Premiere Pro.exe -> C:\Program Files\Adobe\Adobe Premiere Pro CS4\Adobe Premiere Pro.exe ["C:\Program Files\Adobe\Adobe Premiere Pro CS4\Adobe Premiere Pro.exe"] -> [2008/09/09 17:08:38 | 001,018,232 | ---- | M] (Adobe Systems, Incorporated)
Adobe Premiere.exe -> C:\Program Files\Adobe\Premiere Pro 1.5\Adobe Premiere Pro.exe [C:\Program Files\Adobe\Premiere Pro 1.5\Adobe Premiere Pro.exe] -> [2004/05/07 16:04:38 | 000,458,752 | ---- | M] ()
AfterFX.exe -> C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe [C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe] -> [2008/09/03 02:17:26 | 001,012,088 | ---- | M] (Adobe Systems Incorporated)
AVGSE.DLL -> C:\Program Files\AVG\AVG9\avgse.dll [C:\PROGRA~1\AVG\AVG9\avgse.dll] -> [2010/07/15 08:36:09 | 000,125,280 | ---- | M] (AVG Technologies CZ, s.r.o.)
bckgzm.exe -> C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe [C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe] -> [2004/08/04 05:00:00 | 000,042,577 | ---- | M] (Microsoft Corporation)
bridge.exe -> C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe [C:\Program Files\Adobe\Adobe Bridge CS4\bridge.exe] -> [2008/08/28 19:34:14 | 013,145,448 | ---- | M] (Adobe Systems, Inc.)
cammenumaker.exe -> C:\Program Files\TechSmith\Camtasia Studio 3\CamMenuMaker.exe [C:\Program Files\TechSmith\Camtasia Studio 3\CamMenuMaker.exe] -> [2006/06/15 03:12:00 | 001,236,992 | ---- | M] (TechSmith Corporation)
camplay.exe -> C:\Program Files\TechSmith\Camtasia Studio 3\CamPlay.exe [C:\Program Files\TechSmith\Camtasia Studio 3\CamPlay.exe] -> [2006/06/15 03:12:00 | 000,479,232 | ---- | M] (TechSmith Corporation)
camrecorder.exe -> C:\Program Files\TechSmith\Camtasia Studio 3\CamRecorder.exe [C:\Program Files\TechSmith\Camtasia Studio 3\CamRecorder.exe] -> [2006/06/15 03:12:00 | 002,224,128 | ---- | M] (TechSmith Corporation)
camtasiastudio.exe -> C:\Program Files\TechSmith\Camtasia Studio 3\CamtasiaStudio.exe [C:\Program Files\TechSmith\Camtasia Studio 3\CamtasiaStudio.exe] -> [2006/06/15 03:12:00 | 006,025,216 | ---- | M] (TechSmith Corporation)
camtheater.exe -> C:\Program Files\TechSmith\Camtasia Studio 3\CamTheater.exe [C:\Program Files\TechSmith\Camtasia Studio 3\CamTheater.exe] -> [2006/06/15 03:12:00 | 000,602,112 | ---- | M] (TechSmith Corporation)
chkrzm.exe -> C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe [C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe] -> [2004/08/04 05:00:00 | 000,042,575 | ---- | M] (Microsoft Corporation)
chrome.exe -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] -> [2010/09/02 17:58:56 | 000,975,928 | ---- | M] (Google Inc.)
combofix.exe -> C:\Documents and Settings\Administrator\Desktop\KomboFix.exe [C:\Documents and Settings\Administrator\Desktop\KomboFix.exe] -> [2010/09/07 08:46:50 | 003,839,284 | R--- | M] ()
CONF.EXE -> C:\Program Files\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe] -> [2008/04/13 17:12:15 | 001,032,192 | ---- | M] (Microsoft Corporation)
dellvideochat.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
dialer.exe -> C:\Program Files\Windows NT\dialer.exe [C:\Program Files\Windows NT\dialer.exe] -> [2008/04/13 17:12:17 | 000,539,136 | ---- | M] (Microsoft Corporation)
EncoreDVD.exe -> C:\Program Files\Adobe\Encore DVD 1.5\EncoreDVD.exe [C:\Program Files\Adobe\Encore DVD 1.5\EncoreDVD.exe] -> [2004/11/18 12:34:08 | 005,033,984 | ---- | M] (Adobe Systems, Inc.)
Extension Manager.exe -> C:\Program Files\Macromedia\Extension Manager\Extension Manager.exe [C:\Program Files\Macromedia\Extension Manager\Extension Manager.exe] -> [2000/11/18 11:52:24 | 000,069,632 | ---- | M] (Macromedia Inc.)
findkey.exe ->  [findkey.exe] -> File not found
HELPCTR.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe [%Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2008/04/13 17:12:21 | 000,769,024 | ---- | M] (Microsoft Corporation)
HijackThis.exe -> C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe [C:\Program Files\Trend Micro\HiJackThis\hijackthis.exe] -> [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.)
hrtzzm.exe -> C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2004/08/04 05:00:00 | 000,042,573 | ---- | M] (Microsoft Corporation)
hypertrm.exe -> C:\Program Files\Windows NT\hypertrm.exe ["C:\Program Files\Windows NT\hypertrm.exe"] -> [2004/08/04 05:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.)
ICWCONN1.EXE -> C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE ["C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"] -> [2008/04/13 17:12:22 | 000,214,528 | ---- | M] (Microsoft Corporation)
ICWCONN2.EXE -> C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE ["C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"] -> [2008/04/13 17:12:22 | 000,086,016 | ---- | M] (Microsoft Corporation)
ieakwiz.exe -> C:\Program Files\IEAK\ieakwiz.exe [C:\Program Files\IEAK\IEAKWIZ.EXE] -> [2000/02/25 17:41:14 | 000,236,944 | ---- | M] (Microsoft Corporation)
ImageReady.exe -> C:\Program Files\Adobe\Photoshop CS\ImageReady.exe [C:\Program Files\Adobe\Photoshop CS\ImageReady.exe] -> [2003/10/14 23:10:50 | 019,648,512 | ---- | M] (Adobe Systems Incorporated)
INETWIZ.EXE -> C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE ["C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"] -> [2008/04/13 17:12:22 | 000,020,480 | ---- | M] (Microsoft Corporation)
install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
ISIGNUP.EXE -> C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE ["C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"] -> [2004/08/04 05:00:00 | 000,016,384 | ---- | M] (Microsoft Corporation)
iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe] -> [2008/07/30 10:47:50 | 020,252,968 | ---- | M] (Apple Inc.)
javaws.exe -> C:\Program Files\Java\jre6\bin\javaws.exe [C:\Program Files\Java\jre6\bin\javaws.exe] -> [2010/07/17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
LaunchPad.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
lmgrd.exe ->  [lmgrd.exe] -> File not found
lws.exe -> C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe] -> [2009/05/08 10:35:50 | 002,780,432 | ---- | M] ()
mbam.exe -> C:\Program Files\Malwarebytes' Anti-Malware\test.exe [C:\PROGRA~1\MALWAR~1\test.exe] -> [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation)
migwiz.exe -> C:\WINDOWS\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2008/04/13 17:12:25 | 000,245,248 | ---- | M] (Microsoft Corporation)
modelfilehandler.exe -> C:\Program Files\Common Files\LogiShrd\LQCVFX\ModelFileHandler.exe [C:\Program Files\Common Files\Logishrd\LQCVFX\ModelFileHandler.exe] -> [2009/05/08 10:36:48 | 000,527,120 | ---- | M] ()
moviemk.exe -> C:\Program Files\Movie Maker\moviemk.exe [C:\Program Files\Movie Maker\moviemk.exe] -> [2010/06/18 06:36:12 | 003,558,912 | ---- | M] (Microsoft Corporation)
mplayer2.exe -> C:\Program Files\Windows Media Player\mplayer2.exe ["C:\Program Files\Windows Media Player\mplayer2.exe"] -> [2008/04/13 17:12:27 | 000,004,639 | ---- | M] (Microsoft Corporation)
MSCONFIG.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe [%systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE] -> [2008/04/13 17:12:27 | 000,169,984 | ---- | M] (Microsoft Corporation)
msimn.exe -> C:\Program Files\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2008/04/13 17:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation)
msinfo32.exe -> C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe [C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe] -> [2004/08/04 05:00:00 | 000,039,936 | ---- | M] (Microsoft Corporation)
MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
msoxmled.exe -> C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE] -> [2007/03/22 20:13:38 | 000,058,720 | ---- | M] (Microsoft Corporation)
mspview.exe -> C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [C:\PROGRA~1\COMMON~1\MICROS~1\MODI\11.0\MSPVIEW.EXE] -> [2007/04/09 14:24:00 | 000,367,496 | ---- | M] (Microsoft Corporation)
ois.exe -> C:\Program Files\Microsoft Office\OFFICE11\OIS.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\OIS.EXE] -> [2007/03/22 20:06:22 | 000,287,576 | ---- | M] (Microsoft Corporation)
OUTLOOK.EXE -> C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE] -> [2010/05/20 15:19:06 | 000,196,440 | ---- | M] (Microsoft Corporation)
particleIllusion.exe -> C:\Program Files\particleIllusion_3\particleIllusion.exe [C:\Program Files\particleIllusion_3\particleIllusion.exe] -> [2004/01/29 10:29:12 | 002,068,480 | ---- | M] (wondertouch, LLC)
pbrush.exe -> C:\WINDOWS\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2009/12/16 11:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation)
Photoshop.exe -> C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe [C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe] -> [2008/09/19 11:14:08 | 050,840,880 | ---- | M] (Adobe Systems, Incorporated)
PictureViewer.exe -> C:\Program Files\QuickTime\PictureViewer.exe [C:\Program Files\QuickTime\PictureViewer.exe] -> [2010/03/17 21:53:32 | 000,557,056 | ---- | M] (Apple Inc.)
pinball.exe -> C:\Program Files\Windows NT\Pinball\pinball.exe [C:\Program Files\Windows NT\Pinball\pinball.exe] -> [2008/04/13 17:12:31 | 000,281,088 | ---- | M] (Cinematronics)
powerpnt.exe -> C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\POWERPNT.EXE] -> [2010/04/17 00:14:14 | 006,418,776 | ---- | M] (Microsoft Corporation)
PPMusicTransfer.exe -> C:\Program Files\Sony\Sony Picture Utility\Music Transfer\PPMusicTransfer.exe [C:\Program Files\Sony\Sony Picture Utility\Music Transfer\PPMusicTransfer.exe] -> [2008/11/13 11:33:02 | 000,335,360 | ---- | M] (Sony Corporation)
pspVideo9.exe -> C:\Program Files\pspvideo9\pspVideo9.exe [C:\Program Files\pspvideo9\pspVideo9.exe] -> [2005/10/29 17:56:04 | 000,606,208 | ---- | M] ( )
QuickTimePlayer.exe -> C:\Program Files\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\QuickTimePlayer.exe] -> [2010/03/17 23:28:24 | 001,230,128 | ---- | M] (Apple Inc.)
rvsezm.exe -> C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe [C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe] -> [2004/08/04 05:00:00 | 000,042,574 | ---- | M] (Microsoft Corporation)
SanDisk TransferMate.exe -> C:\Program Files\SanDisk\SanDisk TransferMate\SanDisk TransferMate.exe [C:\Program Files\SanDisk\SanDisk TransferMate\SanDisk TransferMate.exe] -> [2005/12/23 11:33:38 | 000,344,064 | ---- | M] (SanDisk)
sgiawd.exe ->  [sgiawd.exe] -> File not found
shvlzm.exe -> C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe [C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe] -> [2004/08/04 05:00:00 | 000,042,573 | ---- | M] (Microsoft Corporation)
sightspeed.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
soundman.exe -> C:\WINDOWS\soundman.exe [C:\WINDOWS\soundman.exe] -> [2006/11/17 03:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.)
SPUG4Accessor.exe -> C:\Program Files\Sony\Sony Picture Utility\Accessor\G4\SPUG4Accessor.exe [C:\Program Files\Sony\Sony Picture Utility\Accessor\G4\SPUG4Accessor.exe] -> [2008/12/04 10:51:06 | 003,742,720 | ---- | M] (Sony Corporation)
table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
thunderbird.exe -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe [C:\Program Files\Mozilla Thunderbird\thunderbird.exe] -> [2010/04/04 20:15:46 | 008,319,560 | ---- | M] (Mozilla Corporation)
TyanSM.exe -> C:\Program Files\Tyan Computer Corp\Tyan System Monitor Console\TyanSM.exe [C:\Program Files\Tyan Computer Corp\Tyan System Monitor Console\TyanSM.exe] -> [2004/10/12 13:46:40 | 002,301,952 | ---- | M] (Tyan Computer Corp)
UltraDev.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
vid.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
vpngui.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
wab.exe -> C:\Program Files\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2008/04/13 17:12:38 | 000,046,080 | ---- | M] (Microsoft Corporation)
wabmig.exe -> C:\Program Files\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2008/04/13 17:12:39 | 000,030,208 | ---- | M] (Microsoft Corporation)
webcamsnapshot.exe -> C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe] -> [2009/05/08 10:35:50 | 002,780,432 | ---- | M] ()
winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
WinRAR.exe -> C:\Program Files\WinRAR\WinRAR.exe [C:\Program Files\WinRAR\WinRAR.exe] -> [2010/03/15 11:26:37 | 001,039,360 | ---- | M] ()
Winword.exe -> C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE] -> [2010/06/23 17:07:02 | 012,315,992 | ---- | M] (Microsoft Corporation)
winzip.exe -> C:\Program Files\WinZip\WINZIP32.EXE [C:\PROGRA~1\WINZIP\winzip32.exe] -> [2004/12/17 07:00:00 | 002,822,144 | ---- | M] (WinZip Computing, Inc.)
winzip32.exe -> C:\Program Files\WinZip\WINZIP32.EXE [C:\PROGRA~1\WINZIP\winzip32.exe] -> [2004/12/17 07:00:00 | 002,822,144 | ---- | M] (WinZip Computing, Inc.)
wmenc.exe -> C:\Program Files\Windows Media Components\Encoder\WMEnc.exe [C:\Program Files\Windows Media Components\Encoder\WMEnc.exe] -> [2001/05/09 15:04:52 | 000,364,544 | ---- | M] (Microsoft Corporation)
wmplayer.exe -> C:\Program Files\Windows Media Player\wmplayer.exe [C:\Program Files\Windows Media Player\wmplayer.exe] -> [2006/10/18 21:46:20 | 000,064,000 | ---- | M] (Microsoft Corporation)
WORDPAD.EXE -> C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2008/04/21 05:08:15 | 000,215,552 | ---- | M] (Microsoft Corporation)
WRITE.EXE -> C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2008/04/21 05:08:15 | 000,215,552 | ---- | M] (Microsoft Corporation)
XPSViewer.exe -> C:\WINDOWS\System32\XPSViewer\XPSViewer.exe ["c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"] -> [2008/07/29 21:26:06 | 000,301,568 | ---- | M] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> 
"{00020D75-0000-0000-C000-000000000046}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL [Microsoft Office Outlook Desktop Icon Handler] -> [2007/03/22 20:06:46 | 000,033,120 | ---- | M] (Microsoft Corporation)
"{0006F045-0000-0000-C000-000000000046}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL [Microsoft Office Outlook Custom Icon Handler] -> [2007/03/22 20:08:34 | 000,236,384 | ---- | M] (Microsoft Corporation)
"{119310E6-5FB7-4eeb-BEDB-9E229E76B9B4}" [HKLM] -> C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll [SmartFTP MultiUpload Shell Namespace Extension] -> [2008/11/23 18:34:28 | 003,891,512 | ---- | M] (SmartSoft Ltd.)
"{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}" [HKLM] -> C:\WINDOWS\system32\B4FM.dll [ShellPlusContextMenu] -> [2009/08/21 12:15:28 | 000,557,568 | ---- | M] (Ikysasoft s.r.l. uninominale)
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" [HKLM] -> C:\WINDOWS\system32\nvshell.dll [Desktop Explorer] -> [2005/11/04 09:38:00 | 000,466,944 | ---- | M] ()
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" [HKLM] -> C:\WINDOWS\system32\nvshell.dll [Desktop Explorer Menu] -> [2005/11/04 09:38:00 | 000,466,944 | ---- | M] ()
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" [HKLM] -> C:\WINDOWS\system32\nvshell.dll [nView Desktop Context Menu] -> [2005/11/04 09:38:00 | 000,466,944 | ---- | M] ()
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Program Files\Common Files\System\Ole DB\oledb32.dll [Microsoft Data Link] -> [2008/04/13 17:12:02 | 000,487,424 | ---- | M] (Microsoft Corporation)
"{2ED7FD81-CBA6-45E5-A49A-5E84889A94E2}" [HKLM] -> C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll [SmartFTP Drop Handler] -> [2008/11/23 18:34:28 | 003,891,512 | ---- | M] (SmartSoft Ltd.)
"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Program Files\Outlook Express\wabfind.dll [For &People...] -> [2008/04/13 17:12:08 | 000,032,768 | ---- | M] (Microsoft Corporation)
"{39DD67E0-73B6-4a11-AF55-49E1EBBF72BE}" [HKLM] -> C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll [SmartFTP Favorites Namespace] -> [2008/11/23 18:34:08 | 000,531,784 | ---- | M] (SmartSoft Ltd.)
"{3B164627-7060-47BB-A1BE-DF5540B02821}" [HKLM] -> C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll [SmartFTP MultiUpload Shell Namespace Extension] -> [2008/11/23 18:34:28 | 003,891,512 | ---- | M] (SmartSoft Ltd.)
"{40FDFA48-5F4E-4627-A78E-6A49A3D4492F}" [HKLM] -> C:\Program Files\SmartFTP Client\sfShellTools.dll [SmartFTP ShellDropHandler] -> [2008/11/23 18:34:12 | 000,379,192 | ---- | M] (SmartSoft Ltd)
"{42042206-2D85-11D3-8CFF-005004838597}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL [Microsoft Office HTML Icon Handler] -> [2003/07/14 20:52:58 | 000,067,128 | ---- | M] (Microsoft Corporation)
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] ->  [Display Panning CPL Extension] -> File not found
"{52c68510-09a0-11cf-8daa-00aa004a5691}" [HKLM] -> C:\WINDOWS\System32\nwprovau.dll [Shell extensions for NetWare] -> [2008/04/13 17:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation)
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" [HKLM] -> C:\Program Files\Yahoo!\Common\YMMAPI.dll [Yahoo! Mail] -> [2007/06/28 14:41:00 | 000,285,464 | ---- | M] (Yahoo! Inc.)
"{764BF0E1-F219-11ce-972D-00AA00A14F56}" [HKLM] -> Reg Error: Key error. [Shell extensions for file compression] -> File not found
"{82AA9188-44E0-40B9-B956-43A10C315B4F}" [HKLM] -> C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll [SmartFTP Shell Namespace Extension] -> [2008/11/23 18:34:28 | 003,891,512 | ---- | M] (SmartSoft Ltd.)
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" [HKLM] -> Reg Error: Key error. [Encryption Context Menu] -> File not found
"{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> [2004/08/04 05:00:00 | 000,044,544 | ---- | M] (Hilgraeve, Inc.)
"{8e9d6600-f84a-11ce-8daa-00aa004a5691}" [HKLM] -> C:\WINDOWS\System32\nwprovau.dll [Shell extensions for NetWare] -> [2008/04/13 17:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation)
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" [HKLM] -> C:\Program Files\WinAce\arcext.dll [WinAce Archiver 2.6 Context Menu Shell Extension] -> [2005/08/08 23:06:00 | 000,166,912 | ---- | M] (e-merge GmbH)
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" [HKLM] -> C:\Program Files\WinAce\arcext.dll [WinAce Archiver 2.6 Property Sheet Shell Extension] -> [2005/08/08 23:06:00 | 000,166,912 | ---- | M] (e-merge GmbH)
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" [HKLM] -> C:\Program Files\WinAce\arcext.dll [WinAce Archiver 2.6 DragDrop Shell Extension] -> [2005/08/08 23:06:00 | 000,166,912 | ---- | M] (e-merge GmbH)
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" [HKLM] -> C:\Program Files\WinAce\arcext.dll [WinAce Archiver 2.6 Context Menu Shell Extension] -> [2005/08/08 23:06:00 | 000,166,912 | ---- | M] (e-merge GmbH)
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" [HKLM] -> C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [NeroCoverEd Live Icons] -> [2009/05/08 16:30:16 | 002,241,832 | ---- | M] (Nero AG)
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\msoshext.dll [Microsoft Office Metadata Handler] -> [2008/11/21 00:02:30 | 000,988,040 | ---- | M] (Microsoft Corporation)
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" [HKLM] -> C:\Program Files\AVG\AVG9\avgse.dll [AVG Shell Extension] -> [2010/07/15 08:36:09 | 000,125,280 | ---- | M] (AVG Technologies CZ, s.r.o.)
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" [HKLM] -> Reg Error: Key error. [AVG Find Extension] -> File not found
"{A70C977A-BF00-412C-90B7-034C51DA2439}" [HKLM] -> C:\WINDOWS\system32\nvcpl.dll [NvCpl DesktopContext Class] -> [2005/11/04 09:38:00 | 007,204,864 | ---- | M] (NVIDIA Corporation)
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [2010/03/15 11:28:22 | 000,141,824 | ---- | M] ()
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" [HKLM] -> Reg Error: Key error. [SmartFTP Shell Extension DLL] -> File not found
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" [HKLM] -> C:\Program Files\iTunes\iTunesMiniPlayer.dll [iTunes] -> [2008/07/30 10:47:56 | 000,132,392 | ---- | M] (Apple Inc.)
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> [2005/09/20 13:33:08 | 001,293,008 | ---- | M] (Microsoft Corporation)
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\msoshext.dll [Microsoft Office Thumbnail Handler] -> [2008/11/21 00:02:30 | 000,988,040 | ---- | M] (Microsoft Corporation)
"{E0D79304-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> [2004/12/17 07:00:00 | 000,005,120 | ---- | M] (WinZip Computing, Inc.)
"{E0D79305-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> [2004/12/17 07:00:00 | 000,005,120 | ---- | M] (WinZip Computing, Inc.)
"{E0D79306-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> [2004/12/17 07:00:00 | 000,005,120 | ---- | M] (WinZip Computing, Inc.)
"{E0D79307-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> [2004/12/17 07:00:00 | 000,005,120 | ---- | M] (WinZip Computing, Inc.)
"{e3f2bac0-099f-11cf-8daa-00aa004a5691}" [HKLM] -> C:\WINDOWS\System32\nwprovau.dll [Shell extensions for NetWare] -> [2008/04/13 17:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation)
"{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}" [HKLM] -> C:\Program Files\SmartFTP Client\sfShellTools.dll [SmartFTP Drop ShellIconOverlayHandler] -> [2008/11/23 18:34:12 | 000,379,192 | ---- | M] (SmartSoft Ltd)
"{EB5EE1F3-041A-4c03-9D51-2BEC6715FB00}" [HKLM] -> C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll [SmartFTP Search Shell Namespace Extension] -> [2008/11/23 18:34:28 | 003,891,512 | ---- | M] (SmartSoft Ltd.)
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" [HKLM] -> Reg Error: Key error. [Shell Extensions for RealOne Player] -> File not found
"{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}" [HKLM] -> C:\Program Files\SmartFTP Client\sfShellTools.dll [SmartFTP ContextMenu] -> [2008/11/23 18:34:12 | 000,379,192 | ---- | M] (SmartSoft Ltd)
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" [HKLM] -> C:\WINDOWS\system32\nvcpl.dll [Play on my TV helper] -> [2005/11/04 09:38:00 | 007,204,864 | ---- | M] (NVIDIA Corporation)
< Approved Shell Extensions [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ -> 
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> [2005/09/20 13:33:08 | 001,293,008 | ---- | M] (Microsoft Corporation)
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 13:06:48 | 000,113,664 | ---- | M] (Adobe Systems, Inc.)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 23:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alias SketchBook Snapshot.lnk -> C:\PROGRA~1\Alias\ALIASS~1.0\ALIASS~1.EXE -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE -> [2004/12/17 07:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
CarboniteSetupLite hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Carbonite\CarbonitePreinstaller.exe -> [2009/08/04 01:49:00 | 000,318,096 | ---- | M] (Carbonite, Inc.)
HP Software Update hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\HP Software Update\HPWuSchd.exe -> [2003/08/04 15:28:18 | 000,049,152 | ---- | M] (Hewlett-Packard)
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2008/07/30 10:47:56 | 000,289,064 | ---- | M] (Apple Inc.)
MSMSGS hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Messenger\msmsgs.exe -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
NvCplDaemon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
NvMediaCenter hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
nwiz hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2010/03/17 21:53:36 | 000,421,888 | ---- | M] (Apple Inc.)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe -> [2005/06/03 00:52:54 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.)
Symantec NetDriver Monitor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\SymNetDrv\SNDMon.exe -> [2005/05/26 10:59:06 | 000,100,056 | ---- | M] (Symantec Corporation)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> 
"aux2" ->  [wdmaud.sys] -> File not found
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 17:12:42 | 000,199,680 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010/01/29 07:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.siren" -> C:\WINDOWS\System32\sirenacm.dll [sirenacm.dll] -> [2009/07/26 16:44:56 | 000,048,448 | ---- | M] (Microsoft Corporation)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 17:10:50 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/04 05:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"msacm.voxacm160" -> C:\WINDOWS\System32\vct3216.acm [vct3216.acm] -> [2001/03/02 17:46:18 | 000,082,944 | ---- | M] (Voxware, Inc.)
"MSVideo" -> C:\WINDOWS\System32\vfwwdm32.dll [vfwwdm32.dll] -> [2008/04/13 16:12:08 | 000,053,760 | ---- | M] (Microsoft Corporation)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/13 16:12:08 | 000,053,760 | ---- | M] (Microsoft Corporation)
"SENTINEL" -> C:\WINDOWS\System32\SNTI386.DLL [snti386.dll] -> [2001/06/21 19:39:02 | 000,049,664 | ---- | M] (Rainbow Technologies, Inc.)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2010/06/17 07:03:00 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.DIVX" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2007/10/19 17:54:10 | 000,739,840 | ---- | M] (DivX, Inc.)
"VIDC.HFYU" -> C:\WINDOWS\System32\HUFFYUV.DLL [huffyuv.dll] -> [2001/12/08 18:20:20 | 000,038,912 | ---- | M] (Disappearing Inc.)
"VIDC.I420" -> C:\WINDOWS\System32\lvcodec2.dll [lvcodec2.dll] -> [2009/04/30 15:57:10 | 000,416,280 | R--- | M] (Logitech Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 17:12:42 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 17:11:55 | 000,755,200 | ---- | M] (Intel Corporation)
"VIDC.MFZ0" -> C:\WINDOWS\System32\MyFlashZip0.ax [MyFlashZip0.ax] -> [2007/10/09 12:04:12 | 000,053,248 | ---- | M] (Moyea Inc.)
"VIDC.VIFP" -> C:\WINDOWS\System32\VFCodec.dll [VFCodec.dll] -> [2000/07/22 14:49:46 | 000,431,104 | ---- | M] ()
"vidc.XVID" -> C:\WINDOWS\System32\xvidvfw.dll [xvidvfw.dll] -> [2008/12/04 21:46:08 | 000,180,224 | ---- | M] ()
"vidc.yv12" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2007/10/19 17:54:10 | 000,739,840 | ---- | M] (DivX, Inc.)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ -> 
{0291E591-EA41-4c82-8106-3DC6CE7F7664} [HKLM] -> C:\Program Files\Yahoo!\Common\YInstHelper.dll [Installation Support] -> [2007/11/28 14:55:58 | 000,211,744 | ---- | M] (Yahoo! Inc.)
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M] (Apple Inc.)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Director\SwDir.dll [Shockwave ActiveX Control] -> [2006/02/08 09:52:02 | 000,054,976 | ---- | M] (Macromedia, Inc.)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Macromed\Director\SwDir.dll [Shockwave ActiveX Control] -> [2006/02/08 09:52:02 | 000,054,976 | ---- | M] (Macromedia, Inc.)
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [HKLM] -> C:\Program Files\Yahoo!\Common\YInstHelper.dll [Installation Support] -> [2007/11/28 14:55:58 | 000,211,744 | ---- | M] (Yahoo! Inc.)
{347B0667-C7ED-429B-BDE3-CC8D3BACAA31} [HKLM] -> C:\Program Files\Yahoo!\Common\YInstHelper.dll [Installation Support] -> [2007/11/28 14:55:58 | 000,211,744 | ---- | M] (Yahoo! Inc.)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M] (Apple Inc.)
{444785F1-DE89-4295-863A-D46C3A781394} [HKLM] -> C:\Program Files\Unity\WebPlayer\loader\UnityWebPluginAX.ocx [UnityWebPlayer Control] -> [2008/11/11 11:59:10 | 000,503,808 | ---- | M] (Unity Technologies ApS)
{4F07F79F-087F-42cf-8B36-7A88D06088E9} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/07/17 05:00:08 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_21.dll [Java Plug-in 1.6.0_21] -> [2010/07/17 05:00:06 | 000,141,088 | ---- | M] (Sun Microsystems, Inc.)
{A17E30C4-A9BA-11D4-8673-60DB54C10000} [HKLM] -> C:\Program Files\Yahoo!\Common\YMMAPI.dll [Yahoo! MailTo] -> [2007/06/28 14:41:00 | 000,285,464 | ---- | M] (Yahoo! Inc.)
{B345F37E-6763-433b-BC53-9B526A9B7B8B} [HKLM] -> C:\Program Files\Yahoo!\Common\YVerInfo.dll [Yahoo! VersionInfo2] -> [2007/08/30 17:17:46 | 000,079,128 | ---- | M] (Yahoo! Inc.)
{c2828995-4a83-4100-a212-3024ba117356} [HKLM] -> C:\Program Files\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll [Windows Live Upload Tool] -> [2008/10/29 11:46:56 | 000,245,112 | ---- | M] (Microsoft Corporation)
{C93A7319-17B3-4504-87CD-03EFC6103E6E} [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [Google Gears Factory] -> [2010/02/23 06:51:18 | 002,121,728 | ---- | M] (Google Inc.)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2006/05/16 19:31:20 | 000,296,584 | ---- | M] (Adobe Systems, Inc.)
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_21.dll [Java Plug-in 1.6.0_21] -> [2010/07/17 05:00:06 | 000,141,088 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_21.dll [Java Plug-in 1.6.0_21] -> [2010/07/17 05:00:06 | 000,141,088 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_21.dll [Java Plug-in 1.6.0_21] -> [2010/07/17 05:00:06 | 000,141,088 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M] (Apple Inc.)
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [Shockwave Flash Object] -> [2010/01/26 17:58:36 | 003,981,080 | R--- | M] (Adobe Systems, Inc.)
{D5184A39-CBDF-4A4F-AC1A-7A45A852C883} [HKLM] -> C:\Program Files\Yahoo!\Common\YVerInfo.dll [Yahoo! VersionInfo] -> [2007/08/30 17:17:46 | 000,079,128 | ---- | M] (Yahoo! Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2008/07/30 10:47:48 | 000,116,008 | ---- | M] (Apple Computer, Inc.)
{D742F4EC-5D39-4294-8A17-11969A294512} [HKLM] -> C:\Program Files\Google\Google Updater\2.4.1536.6592\ci.dll [Google Updater Class] -> [2009/03/24 08:52:56 | 001,204,208 | ---- | M] (Google)
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} [HKLM] -> C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll [MessengerChecker Class] -> [2008/10/16 22:57:54 | 000,103,664 | ---- | M] (Yahoo! Inc.)
{DFEAF541-F3E1-4c24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\3.0.50611.0\npctrl.dll [Microsoft Silverlight] -> [2010/06/10 21:35:16 | 000,876,872 | ---- | M] ( Microsoft Corporation)
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)
{F9152AEC-3462-4632-8087-EEE3C3CDDA24} [HKLM] -> C:\Program Files\Google\Google Earth\plugin\ie\5.2.0.5932\plugin_ax.dll [GEPluginCoClass Object] -> [2010/05/05 23:36:43 | 005,102,064 | ---- | M] (Google)
{FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} [HKLM] -> C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll [Google Update Plugin] -> [2010/03/17 22:07:09 | 000,220,656 | ---- | M] (Google Inc.)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/01/12 18:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2010/07/23 08:03:28 | 001,619,296 | ---- | M] (AVG Technologies CZ, s.r.o.)
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/12 15:09:42 | 000,222,448 | ---- | M] (Yahoo! Inc.)
{754FF233-5D4E-11D2-875B-00A0C93C09B3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{a3bc75a2-1f87-4686-aa43-5347d756017c} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/03/24 08:53:00 | 000,668,656 | ---- | M] (Google Inc.)
{B1549E58-3894-11D2-BB7F-00A0C999C4C1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C533ADF1-0C80-11D1-8C54-00A02468F316} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D187A56B-A33F-4CBE-9D77-459FC0BAE012} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [Google Gears Helper] -> [2010/02/23 06:51:18 | 002,121,728 | ---- | M] (Google Inc.)
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M] (Apple Inc.)
{052DF14F-6F28-44A0-9130-294FDA6176EB} [HKLM] -> C:\WINDOWS\DOWNLO~1\ActiveGS.ocx [ActiveGS Control] -> [2004/03/08 22:44:42 | 000,860,160 | ---- | M] ()
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/01/12 18:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Macromed\Director\SwDir.dll [Shockwave ActiveX Control] -> [2006/02/08 09:52:02 | 000,054,976 | ---- | M] (Macromedia, Inc.)
{38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} [HKLM] -> C:\Program Files\Sony Online Entertainment\npsoe.dll [SonyOnlineInstallerX] -> [2009/10/19 20:15:30 | 000,127,800 | ---- | M] ()
{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2010/07/23 08:03:28 | 001,619,296 | ---- | M] (AVG Technologies CZ, s.r.o.)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M] (Apple Inc.)
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/12 15:09:42 | 000,222,448 | ---- | M] (Yahoo! Inc.)
{5c255c8a-e604-49b4-9d64-90988571cecb} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [DivXBrowserPlugin Object] -> [2007/11/20 12:37:22 | 001,334,576 | ---- | M] (DivX,Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{a3bc75a2-1f87-4686-aa43-5347d756017c} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/03/24 08:53:00 | 000,668,656 | ---- | M] (Google Inc.)
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C93A7319-17B3-4504-87CD-03EFC6103E6E} [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [Google Gears Factory] -> [2010/02/23 06:51:18 | 002,121,728 | ---- | M] (Google Inc.)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2006/05/16 19:31:20 | 000,296,584 | ---- | M] (Adobe Systems, Inc.)
{D187A56B-A33F-4CBE-9D77-459FC0BAE012} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [Shockwave Flash Object] -> [2010/01/26 17:58:36 | 003,981,080 | R--- | M] (Adobe Systems, Inc.)
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [HKLM] -> C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx [QuickTimeCheck Class] -> [2010/03/17 23:28:24 | 000,136,496 | ---- | M] (Apple Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\3.0.50611.0\npctrl.dll [Microsoft Silverlight] -> [2010/06/10 21:35:16 | 000,876,872 | ---- | M] ( Microsoft Corporation)
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [Google Gears Helper] -> [2010/02/23 06:51:18 | 002,121,728 | ---- | M] (Google Inc.)
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E9DA06F1-632C-462F-98B3-AF74B47DA727} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Classes\<extension>\ -> 
.html [@ = ChromeHTML] -> Reg Error: Key error. -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
HidServ -> C:\WINDOWS\System32\hidserv.dll -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKLM] -> No CLSID value
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM] -> C:\Program Files\AVG\AVG9\avgpp.dll[XPLPPFilter Class] -> [2010/07/15 08:36:11 | 000,091,488 | ---- | M] (AVG Technologies CZ, s.r.o.)
msdaipp: [HKLM] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> C:\Program Files\Common Files\Skype\Skype4COM.dll[IEProtocolHandler Class] -> [2009/10/09 14:11:14 | 001,959,208 | R--- | M] (Skype Technologies)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
aawservice -> Reg Error: Value error.
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
Lavasoft Ad-Aware Service -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/09/03 21:19:55 | 001,355,928 | ---- | M] (Lavasoft)
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
PSEXESVC -> Reg Error: Value error.
SBAMSvc -> C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -> [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software)
SBPIMSvc -> C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -> [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software)
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
WinDefend -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
aawservice -> Reg Error: Value error.
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
Lavasoft Ad-Aware Service -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/09/03 21:19:55 | 001,355,928 | ---- | M] (Lavasoft)
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
nm ->  -> File not found
nm.sys ->  -> File not found
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
PSEXESVC -> Reg Error: Value error.
SBAMSvc -> C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -> [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software)
SBPIMSvc -> C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -> [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software)
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
WinDefend -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" ->  [1] -> File not found
\\"AntiVirusDisableNotify" ->  [0] -> File not found
\\"UpdatesDisableNotify" ->  [0] -> File not found
\\"AntiVirusOverride" ->  [0] -> File not found
\\"FirewallOverride" ->  [0] -> File not found
\\"FirewallDisableNotify" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" ->  [1] -> File not found
\\"DoNotAllowExceptions" ->  [0] -> File not found
\\"DisableNotifications" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> 
*BootExecute* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\BootExecute -> 
autocheck autochk * ->  -> File not found
lsdelete -> C:\WINDOWS\System32\lsdelete.exe -> [2010/08/12 05:15:20 | 000,015,880 | ---- | M] ()
*MultiFile Done* -> -> 
"ExcludeFromKnownDlls" ->  [binary data] -> 
*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories -> 
\Windows -> \Windows -> [2010/09/09 00:01:11 | 000,000,000 | ---D | M]
\RPC Control ->  -> File not found
*MultiFile Done* -> -> 
*PendingFileRenameOperations* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations -> 
\??\C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll [\??\C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll]  -> C:\WINDOWS\temp\logishrd\LVPrcInj01.dll [C:\WINDOWS\temp\logishrd\LVPrcInj01.dll] -> [2009/04/30 16:01:00 | 000,109,080 | ---- | M] (Logitech Inc.)
*MultiFile Done* -> -> 
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> 
"ComSpec" -> C:\WINDOWS\system32\cmd.exe -> [2008/04/13 17:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation)
"TEMP" -> C:\WINDOWS\temp -> [2010/09/10 13:11:38 | 000,000,000 | ---D | M]
"TMP" -> C:\WINDOWS\temp -> [2010/09/10 13:11:38 | 000,000,000 | ---D | M]
"windir" -> C:\WINDOWS -> [2010/09/09 00:01:11 | 000,000,000 | ---D | M]
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> 
%SystemRoot%\system32 -> C:\WINDOWS\system32 -> [2010/09/10 13:11:37 | 000,000,000 | ---D | M]
%SystemRoot% -> C:\WINDOWS -> [2010/09/09 00:01:11 | 000,000,000 | ---D | M]
%SystemRoot%\system32\wbem -> C:\WINDOWS\system32\wbem -> [2010/09/01 15:49:21 | 000,000,000 | ---D | M]
C:\Program Files\Autodesk\Maya2009\bin -> C:\Program Files\Autodesk\Maya2009\bin -> [2010/04/23 20:28:24 | 000,000,000 | ---D | M]
C:\Program Files\Autodesk\Maya2008\bin -> C:\Program Files\Autodesk\Maya2008\bin -> [2009/12/22 22:03:02 | 000,000,000 | ---D | M]
C:\Program Files\Alias\Maya7.0\bin -> C:\Program Files\Alias\Maya7.0\bin -> [2010/05/01 21:31:23 | 000,000,000 | ---D | M]
C:\Program Files\Alias\Maya6.5\bin -> C:\Program Files\Alias\Maya6.5\bin -> [2008/05/18 16:35:00 | 000,000,000 | ---D | M]
C:\Program Files\Intel\DMIX -> C:\Program Files\Intel\DMIX -> [2005/01/20 13:30:47 | 000,000,000 | ---D | M]
C:\Program Files\QuickTime\QTSystem -> C:\Program Files\QuickTime\QTSystem -> [2010/04/23 19:24:40 | 000,000,000 | ---D | M]
C:\Program Files\TomTom Media Center\mplayer\codecs -> C:\Program Files\TomTom Media Center\mplayer\codecs -> [2009/06/20 22:11:50 | 000,000,000 | ---D | M]
*MultiFile Done* -> -> 
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> 
.COM ->  -> File not found
.EXE ->  -> File not found
.BAT ->  -> File not found
.CMD ->  -> File not found
.VBS ->  -> File not found
.VBE ->  -> File not found
.JS ->  -> File not found
.JSE ->  -> File not found
.WSF ->  -> File not found
.WSH ->  -> File not found
*MultiFile Done* -> -> 
< Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations -> 
< Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls -> 
"advapi32" -> C:\WINDOWS\System32\advapi32.dll -> [2009/02/09 05:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation)
"comdlg32" -> C:\WINDOWS\System32\comdlg32.dll -> [2008/04/13 17:11:51 | 000,276,992 | ---- | M] (Microsoft Corporation)
"DllDirectory" -> C:\WINDOWS\system32 -> [2010/09/10 13:11:37 | 000,000,000 | ---D | M]
"gdi32" -> C:\WINDOWS\System32\gdi32.dll -> [2008/10/23 05:36:14 | 000,286,720 | ---- | M] (Microsoft Corporation)
"imagehlp" -> C:\WINDOWS\System32\imagehlp.dll -> [2008/04/13 17:11:54 | 000,144,384 | ---- | M] (Microsoft Corporation)
"kernel32" -> C:\WINDOWS\System32\kernel32.dll -> [2009/03/21 07:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation)
"lz32" -> C:\WINDOWS\System32\lz32.dll -> [2004/08/04 05:00:00 | 000,002,560 | ---- | M] (Microsoft Corporation)
"ole32" -> C:\WINDOWS\System32\ole32.dll -> [2008/04/13 17:12:02 | 001,287,168 | ---- | M] (Microsoft Corporation)
"oleaut32" -> C:\WINDOWS\System32\oleaut32.dll -> [2008/04/13 17:12:02 | 000,551,936 | ---- | M] (Microsoft Corporation)
"olecli32" -> C:\WINDOWS\System32\olecli32.dll -> [2008/04/13 17:12:02 | 000,074,752 | ---- | M] (Microsoft Corporation)
"olecnv32" -> C:\WINDOWS\System32\olecnv32.dll -> [2008/04/13 17:12:02 | 000,037,376 | ---- | M] (Microsoft Corporation)
"olesvr32" -> C:\WINDOWS\System32\olesvr32.dll -> [2004/08/04 05:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation)
"olethk32" -> C:\WINDOWS\System32\olethk32.dll -> [2004/08/04 05:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation)
"rpcrt4" -> C:\WINDOWS\System32\rpcrt4.dll -> [2009/04/15 07:51:25 | 000,585,216 | ---- | M] (Microsoft Corporation)
"shell32" -> C:\WINDOWS\System32\shell32.dll -> [2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
"url" -> C:\WINDOWS\System32\url.dll -> [2008/08/22 04:07:58 | 000,105,984 | ---- | M] (Microsoft Corporation)
"urlmon" -> C:\WINDOWS\System32\urlmon.dll -> [2008/08/22 04:08:22 | 001,206,784 | ---- | M] (Microsoft Corporation)
"user32" -> C:\WINDOWS\System32\user32.dll -> [2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation)
"version" -> C:\WINDOWS\System32\version.dll -> [2008/04/13 17:12:08 | 000,018,944 | ---- | M] (Microsoft Corporation)
"wininet" -> C:\WINDOWS\System32\wininet.dll -> [2008/08/22 04:08:06 | 000,878,592 | ---- | M] (Microsoft Corporation)
"wldap32" -> C:\WINDOWS\System32\wldap32.dll -> [2008/04/13 17:12:09 | 000,172,032 | ---- | M] (Microsoft Corporation)
< Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC -> 
"CommonFilesDir" -> C:\Program Files\Common Files -> [2010/09/07 09:14:30 | 000,000,000 | ---D | M]
"ProgramFilesDir" -> C:\Program Files -> [2010/09/09 17:47:37 | 000,000,000 | R--D | M]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 15:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* -> 
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 17:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> 
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -> C:\WINDOWS\system32\nwprovau.dll -> [2008/04/13 17:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} -> Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
{00ADFB20-AE75-46F4-AD2C-F48B15AC3100} -> Adobe Color NA Recommended Settings CS4
{05308C4E-7285-4066-BAE3-6B50DA6ED755} -> Adobe Update Manager CS4
{054EFA56-2AC1-48F4-A883-0AB89874B972} -> Adobe Extension Manager CS4
{055C2180-3B03-11D4-A707-00600805AABA} -> SentinelLM 7.2.0 Server
{098727E1-775A-4450-B573-3F441F1CA243} -> kuler
{0B33B738-AD79-4E32-90C5-E67BFB10BBFF} -> AiO_Scan
{0D6013AB-A0C7-41DC-973C-E93129C9A29F} -> Adobe Color JA Extra Settings CS4
{0F723FC1-7606-4867-866C-CE80AD292DAF} -> Adobe CSI CS4
{11C762F9-95EA-486A-A8E7-683A50C231C1} -> SmartFTP
{121634b0-2f4b-11d3-ada3-00c04f52dd52} -> Windows Installer Clean Up
{130fa2d4-e5b3-4ba8-9c4a-70b615655319} -> Jing
{13ca4073-a66b-4f07-9491-b933018e63d2}_is1 ->  Moyea SWF to Video Converter Pro version  2.4.1.0
{14291118-0C19-45EA-A4FA-5C1C0F5FDE09} -> Primo
{14C03D20-0507-419A-9E2A-3C17CDB10527} -> Tyan System Monitor Server Agent
{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E} -> Cisco Systems VPN Client 5.0.01.0600
{1618734A-3957-4ADD-8199-F973763109A8} -> Adobe Anchor Service CS4
{16E16F01-2E2D-4248-A42F-76261C147B6C} -> Adobe Drive CS4
{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} -> AdobeColorCommonSetRGB
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate
{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} -> Adobe AIR
{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} -> YouTube Downloader 2.5.1
{205c6bdd-7b73-42de-8505-9a093f35a238} -> Windows Live Upload Tool
{22b775e7-6c42-4fc5-8e10-9a5e3257bd94} -> MSVCRT
{26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 21
{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} -> QuickTime
{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A} -> Maya 2009
{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD} -> Google Gears
{3248F0A8-6813-11D6-A77B-00B0D0150040} -> J2SE Runtime Environment 5.0 Update 4
{34957B51-9676-41CE-9E52-44AE91B73F1C} -> HP Software Update
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23} -> Autodesk DirectConnect 2009
{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} -> PDF Settings CS4
{366D8827-238B-419F-B1CB-9E2783EC71B3} -> Maya 7.0 Bonus Tools
{36BD0774-6CD6-4FF9-A148-83CA09AC123E} -> Intel(R) PROSafe for Wired Connections
{39F6E2B4-CFE8-C30A-66E8-489651F0F34C} -> Adobe Media Player
{3A4E8896-C2E7-4084-A4A4-B8FD1894E739} -> Adobe XMP Panels CS4
{3AC1CE12-756E-412A-B144-1F3707ECC56F} -> AMD SMBus 2.0 Controller
{3b4e636e-9d65-4d67-ba61-189800823f52} -> Windows Live Communications Platform
{3D2C9DE6-9ADE-4252-A241-E43723B0CE02} -> Adobe Color - Photoshop Specific CS4
{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF} -> Adobe WinSoft Linguistics Plugin
{3DE0053C-FD9A-483E-B7C9-B06E4392206E} -> iTunes
{403EF592-953B-4794-BCEF-ECAB835C2095} -> Intel(R) PROSafe for Wired Connections
{40BB3EDE-56CB-467E-ADEE-F6C57552F528} -> Maya Shader Library for Maya
{43509E18-076E-40FE-AF38-CA5ED400A5A9} -> Pixel Bender Toolkit
{43DCF766-6838-4F9A-8C91-D92DA586DFA7} -> Microsoft Windows Journal Viewer
{44E240EC-2224-4078-A88B-2CEE0D3016EF} -> Adobe After Effects CS4 Presets
{45338b07-a236-4270-9a77-ebb4115517b5} -> Windows Live Sign-in Assistant
{45A66726-69BC-466B-A7A4-12FCBA4883D7} -> HiJackThis
{45EC816C-0771-4C14-AE6D-72D1B578F4C8} -> Adobe After Effects CS4
{47DAC891-3058-4713-AC22-553A7BA1E1D8} -> Tyan System Monitor Console
{4943EFF5-229F-435D-BEA9-BE3CAEA783A7} -> Adobe Service Manager Extension
{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} -> Apple Mobile Device Support
{49FB31C1-26EC-44c6-AB47-73C66E2BC41E} -> HP PSC & OfficeJet 5.3.B
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} -> Skype web features
{553255F3-78FD-40F1-A6F8-6882140265FE} -> Apple Application Support
{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} -> Adobe Color EU Extra Settings CS4
{56c049be-79e9-4502-bea7-9754a3e60f9b} -> neroxml
{5AFDA63F-D659-4991-81B1-57B4311E5C82} -> Pen Tablet
{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88} -> SanDisk TransferMate
{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D} -> Adobe Dynamiclink Support
{61CEB2D7-8D3B-4247-B75E-A95F6699B90A} -> Adobe After Effects 6.5
{63C24A08-70F3-4C8E-B9FB-9F21A903801D} -> Adobe Color Video Profiles CS CS4
{63E5CDBF-8214-4F03-84F8-CD3CE48639AD} -> Adobe Photoshop CS4 Support
{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E} -> Adobe After Effects CS4 Third Party Content
{67F0E67A-8E93-4C2C-B29D-47C48262738A} -> Adobe Device Central CS4
{68243FF8-83CA-466B-B2B8-9F99DA5479C4} -> AdobeColorCommonSetCMYK
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6BD31B80-7E9E-4FAF-B911-0AC31FB94BF6} -> Adobe Encore DVD 1.5
{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD} -> Maya 2008 Documentation (en_US)
{6F23C1A3-9F62-470C-BD12-B83F04E67865} -> SmartFTP Client
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec
{7D1D6A24-65D4-454C-8815-4F08A5FFF12C} -> Macromedia Shockwave Player
{7F2AB5FA-6BD5-4C4F-8BB3-F700389EFD19} -> Alias MotionBuilder Personal Learning Edition 7
{81128ee8-8ead-4db0-85c6-17c2ce50ff71} -> Windows Live Essentials
{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} -> Adobe Type Support CS4
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable
{83877DB1-8B77-45BC-AB43-2BAC22E093E0} -> Adobe Bridge CS4
{842B4B72-9E8F-4962-B3C1-1C422A5C4434} -> Suite Shared Configuration CS4
{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF} -> Adobe Audition 1.5
{8795CBED-55E2-4693-9F14-84EC446935BE} -> SpeechRedist
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player
{8EB8E60B-315D-44EB-A896-10D88602EE46} -> Adobe Setup
{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} -> TomTom HOME Visual Studio Merge Modules
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{91120409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Standard Edition 2003
{931AB7EA-3656-4BB7-864D-022B09E3DD67} -> Adobe Linguistics CS4
{94118D5F-2D5D-4BF5-9F84-11FB8A97B566} -> 2d3 SteadyMove for Adobe Premiere Pro
{94D398EB-D2FD-4FD1-B8C4-592635E8A191} -> Adobe CMaps CS4
{95120000-00b9-0409-0000-0000000ff1ce} -> Microsoft Application Error Reporting
{97C4F970-C753-443F-B61C-525C739BBC3D} -> Maya 2009 Documentation (en_US)
{9966A5DB-8BB0-4D89-A701-386ED84E79B8} -> Adobe Creative Suite 4 Master Collection
{99B41A19-7FD5-4B0C-A2AB-1A065669F8A3} -> Maya 7.0
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A06275F4-324B-4E85-95E6-87B2CD729401} -> Windows Defender
{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7} -> Quake Live Mozilla Plugin
{A14F7508-B784-40B8-B11A-E0E2EEB7229F} -> Adobe Premiere Pro 1.5
{a1f66fc9-11ee-4f2f-98c9-16f8d1e69fb7} -> Segoe UI
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{A5BA14E0-7384-11D4-BAE7-00409631A2C8} -> Macromedia Extension Manager
{a85fd55b-891b-4314-97a5-ea96c0bd80b5} -> Windows Live Messenger
{a8f2089b-1f79-4bf6-b385-a2c2b0b9a74d} -> ImagXpress
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{AC76BA86-7AD7-1033-7B44-A70000000000} -> Adobe Reader 7.0.8
{AC76BA86-7AD7-5760-0000-705000000001} -> Adobe Reader Japanese Fonts
{ac96671c-2001-432c-9826-5266d84ef1dc} -> Logitech Webcam Software
{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15} -> Adobe MotionPicture Color Files CS4
{B13A7C41581B411290FBC0395694E2A9} -> DivX Converter
{B15381DD-FF97-4FCD-A881-ED4DB0975500} -> Adobe Color Video Profiles AE CS4
{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7} -> Adobe Premiere Pro CS4 Functional Content
{B2544A03-10D0-4E5E-BA69-0362FFC20D18} -> OGA Notifier 2.0.0048.0
{B29AD377-CC12-490A-A480-1452337C618D} -> Connect
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494} -> Adobe Photoshop CS4
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player
{BB4E33EC-8181-4685-96F7-8554293DEC6A} -> Adobe Output Module
{BCEEDC10-441F-4E4E-8590-0955C4C6B3F6} -> Adobe Setup
{BE9CEAAA-F069-4331-BF2F-8D350F6504F4} -> Adobe Media Encoder CS4 Additional Exporter
{BFF7D03E-3502-4D5A-95B3-01C45E0BF980} -> AMD EIDE Driver
{C033BF6E-9D82-4E0B-A46E-ABC746D6F431} -> Autodesk DirectConnect 2.0
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{C506A18C-1469-4678-B094-F4EC9DAE6DB7} -> Scan
{C52E3EC1-048C-45E1-8D53-10B0C6509683} -> Adobe Default Language CS4
{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B} -> Acrobat.com
{CA0A1E54-CE0F-4366-B09C-A87B61DC5633} -> Symantec Network Drivers Update
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CC75AB5C-2110-4A7F-AF52-708680D22FE8} -> Photoshop Camera Raw
{CE2121C6-C94D-4A73-8EA4-6943F33EE335} -> Music Transfer
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{CE8BD372-993B-4573-A13F-74807C7835A2} -> Egg Timer
{D050D7362D214723AD585B541FFB6C11} -> DivX Content Uploader
{D103C4BA-F905-437A-8049-DB24763BBE36} -> Skype&#8482; 4.1
{D499F8DE-3F31-4900-9157-61061613704B} -> Adobe Premiere Pro CS4
{D5068583-D569-468B-9755-5FBF5848F46F} -> Sony Picture Utility
{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B} -> Maya 2008
{DABF43D9-1104-4764-927B-5BED1274A3B0} -> Runtime
{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E} -> Adobe Media Encoder CS4
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
{E2BE1618-AF5F-4F7D-8484-42E080EDF609} -> AGEIA PhysX v7.01.12
{E693459B-8BDD-4534-95E5-CD8147268715} -> Alias SketchBook Pro 1.1.1
{ECB5F4EA-D7DD-4423-B1E5-CD14A30A3732} -> RealFlow
{EE353798-E875-42E0-B58D-7E6696182EA8} -> Adobe Media Encoder CS4 Dolby
{ef5f8554-0001-11d2-92f2-00104bc947f0} -> Microsoft Office 2000 Resource Kit Tools and Utilities
{EFB21DE7-8C19-4A88-BB28-A766E16493BC} -> Adobe Photoshop CS
{f0e12bba-ad66-4022-a453-a1c8a0c4d570} -> Microsoft Choice Guard
{F0E64E2E-3A60-40D8-A55D-92F6831875DA} -> Adobe Search for Help
{F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
{F48C6EA5-3B43-11D6-86A6-0050BA0259A2} -> Philips PC Camera
{F600CCF3-9C88-4A22-B0B4-DDA82E997118} -> Adobe After Effects CS4 Template Projects & Footage
{f6bd194c-4190-4d73-b1b1-c48c99921bfe} -> Windows Live Call
{F7B0939E-58DF-11DF-B3A6-005056806466} -> Google Earth
{F7DD9951-AB04-4163-86EF-1DAD5136133F} -> AMD System Management Driver
{F8EF2B3F-C345-4F20-8FE4-791A20333CD5} -> Adobe ExtendScript Toolkit CS4
{F93C84A6-0DC6-42AF-89FA-776F7C377353} -> Adobe PDF Library Files CS4
{F9D06C1D-EEB6-443A-B5BE-63CE1A5C1290} -> VIPRE Antivirus
{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio
{FB536133-C822-4168-B6A2-DBE4B7960DD5} -> AMD High Precision Event Timer
{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} -> Adobe Fonts All
{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} -> HighMAT Extension to Microsoft Windows XP CD Writing Wizard
{FD7EE7A4-5096-4F97-8BEA-A34CE985B6FB} -> AMD AGP Driver
3DBOXX W5106 -> 3DBOXX W5106
ActiveTouchMeetingClient -> WebEx
Ad-Aware -> Ad-Aware
Adobe AIR -> Adobe AIR
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Adobe_5aab5a491a3a52ae624fd639f6aaa95 -> Adobe After Effects CS4 Third Party Content
Adobe_7e74552a59eaf9fafd13f90894ac9bd -> Adobe Creative Suite 4 Master Collection
Anzovin Rig Nodes for Maya 2008 -> Anzovin Rig Nodes for Maya 2008
Anzovin Rig Nodes for Maya 7 -> Anzovin Rig Nodes for Maya 7
ask & record toolbar4.01 -> Ask & Record Toolbar 4.01 
AVG9Uninstall -> AVG Free 9.0
Burn4Free -> Burn4Free CD and DVD
camtasia studio 3 -> Camtasia Studio 3
Carbonite Setup Lite -> Carbonite Online Backup Setup
com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Adobe Media Player
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com
dBpoweramp m4a Codec -> dBpoweramp m4a Codec
D'Fusion @Home Web Plug-In -> Total Immersion D'Fusion @Home Web Plug-In
Egg Timer -> Egg Timer
FLVPlayer -> FLV Player 1.3.3
Free Audio CD Burner_is1 -> Free Audio CD Burner version 1.2
Free PS Convert driver_is1 -> Free PS Convert driver
free wma to mp3 converter_is1 -> Free WMA to MP3 Converter 1.16
Free YouTube to MP3 Converter_is1 -> Free YouTube to MP3 Converter version 3.2
GIF Animator -> Microsoft GIF Animator
Google Updater -> Google Updater
HijackThis -> HijackThis 2.0.2
HUFFYUV -> Huffyuv AVI lossless video codec (Remove Only)
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie8 -> Windows Internet Explorer 8 Beta 2
ieak5 -> Microsoft Internet Explorer Administration Kit 5
InstallShield_{5AFDA63F-D659-4991-81B1-57B4311E5C82} -> Pen Tablet
InstallShield_{7F2AB5FA-6BD5-4C4F-8BB3-F700389EFD19} -> Alias MotionBuilder Personal Learning Edition 7
iwisoft flash swf to video converter_is1 -> iWisoft Flash SWF to Video Converter 3.3
jv16 PowerTools 2008_is1 -> jv16 PowerTools 2008
lvdrivers_12.0 -> Logitech Webcam Software Driver Package
Macromedia Shockwave Player -> Macromedia Shockwave Player
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
mfz0codec -> MFZ0 codec (Remove Only)
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
Mozilla Thunderbird (2.0.0.24) -> Mozilla Thunderbird (2.0.0.24)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
Nima_v1.02_for_Maya7_ -> Feeling Software Nima Maya 7.0 plugin
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
NVIDIA Drivers -> NVIDIA Drivers
PAP 4.0_is1 -> PAP 4.0
PAP project files_is1 -> PAP project files
particleIllusion 3.0 -> particleIllusion 3.0
PoxNora 1.4.7.0 -> PoxNora 1.4.7.0
PrimoPDF2.0 -> PrimoPDF
PROSetDX -> Intel(R) PRO Network Connections Software v9.2.4.9
punkbustersvc -> PunkBuster Services
Rainbow Sentinel Driver -> Sentinel System Driver
RealFlowMaya -> RealFlow Plugin for Maya
SmartFTP Client 2.0 Setup Files -> SmartFTP Client 2.0 Setup Files (remove only)
SmartFTP Client 3.0 Setup Files -> SmartFTP Client 3.0 Setup Files (remove only)
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.5.2.20
Spyware Doctor -> Spyware Doctor 7.0
SpywareBlaster_is1 -> SpywareBlaster 4.1
Switch -> Switch Sound File Converter
The Setup Machine -> The Setup Machine
Tomcat Cartoon Shader_is1 -> Tomcat Cartoon Shader 3.92
TomTom HOME -> TomTom HOME 2.6.4.1641
TomTom Media Center_is1 -> TomTom Media Center 4.3.0.4 DEMO
Uninstall_is1 -> Uninstall 1.0.0.1
UnityWebPlayer -> Unity Web Player
UT2004 -> Unreal Tournament 2004
WavePad -> WavePad Sound Editor
WIC -> Windows Imaging Component
Windows Media Encoder 7 -> Windows Media Encoder 7.1
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
winlivesuite_wave3 -> Windows Live Essentials
WinRAR archiver -> WinRAR archiver
WinZip -> WinZip
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Wuzzup_is1 -> Wuzzup
XpsEPSC -> XML Paper Specification Shared Components Pack 1.0
Yahoo! Extras -> Yahoo! Browser Services
Yahoo! Mail -> Yahoo! Internet Mail
Yahoo! Messenger -> Yahoo! Messenger
YInstHelper -> Yahoo! Install Manager
< Uninstall List [HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\] > -> HKEY_USERS\S-1-5-21-372829268-496393314-3364022493-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
Free Realms Installer -> Free Realms Installer
Google Chrome -> Google Chrome
SOE-Clone Wars -> Clone Wars
soe-free realms -> Free Realms
SOE-Free Realms QA -> Free Realms QA
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 9/4/2010 12:22:38 AM Computer Name = GRUMPY | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 9/4/2010 3:20:51 AM Computer Name = GRUMPY | Source = Application Hang | ID = 1002 -> Description = Hanging application OTL.scr, version 3.2.11.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 9/4/2010 5:19:30 AM Computer Name = GRUMPY | Source = Application Hang | ID = 1002 -> Description = Hanging application Ad-Aware.exe, version 8.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 9/4/2010 4:21:23 PM Computer Name = GRUMPY | Source = Application Hang | ID = 1002 -> Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 9/5/2010 11:09:46 PM Computer Name = GRUMPY | Source = MPSampleSubmission | ID = 5000 -> Description = EventType mptelemetry, P1 80070002, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Application [ Error ] 9/5/2010 11:09:49 PM Computer Name = GRUMPY | Source = MPSampleSubmission | ID = 5000 -> Description = EventType mptelemetry, P1 80070002, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Application [ Error ] 9/5/2010 11:12:05 PM Computer Name = GRUMPY | Source = MPSampleSubmission | ID = 5000 -> Description = EventType mptelemetry, P1 80070002, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Application [ Error ] 9/5/2010 11:13:10 PM Computer Name = GRUMPY | Source = MPSampleSubmission | ID = 5000 -> Description = EventType mptelemetry, P1 80070002, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Application [ Error ] 9/6/2010 3:09:34 AM Computer Name = GRUMPY | Source = MPSampleSubmission | ID = 5000 -> Description = EventType mptelemetry, P1 80070002, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Application [ Error ] 9/6/2010 3:09:38 AM Computer Name = GRUMPY | Source = MPSampleSubmission | ID = 5000 -> Description = EventType mptelemetry, P1 80070002, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
System [ Error ] 9/9/2010 11:13:27 AM Computer Name = GRUMPY | Source = Service Control Manager | ID = 7003 -> Description = The Sentinel service depends on the following nonexistent service: Parport
System [ Error ] 9/9/2010 11:13:27 AM Computer Name = GRUMPY | Source = Service Control Manager | ID = 7000 -> Description = The DS1410D service failed to start due to the following error:   %%2
System [ Error ] 9/9/2010 11:13:27 AM Computer Name = GRUMPY | Source = Service Control Manager | ID = 7000 -> Description = The nero backitup scheduler 4.0 service failed to start due to the following error:   %%2
System [ Error ] 9/9/2010 8:38:20 PM Computer Name = GRUMPY | Source = Service Control Manager | ID = 7003 -> Description = The Sentinel service depends on the following nonexistent service: Parport
System [ Error ] 9/9/2010 8:38:20 PM Computer Name = GRUMPY | Source = Service Control Manager | ID = 7000 -> Description = The DS1410D service failed to start due to the following error:   %%2
System [ Error ] 9/9/2010 8:38:20 PM Computer Name = GRUMPY | Source = Service Control Manager | ID = 7000 -> Description = The nero backitup scheduler 4.0 service failed to start due to the following error:   %%2
System [ Error ] 9/10/2010 3:59:12 PM Computer Name = GRUMPY | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.109 for the Network Card with network address 00E0812F1AE1 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 9/10/2010 3:59:41 PM Computer Name = GRUMPY | Source = Service Control Manager | ID = 7003 -> Description = The Sentinel service depends on the following nonexistent service: Parport
System [ Error ] 9/10/2010 3:59:41 PM Computer Name = GRUMPY | Source = Service Control Manager | ID = 7000 -> Description = The DS1410D service failed to start due to the following error:   %%2
System [ Error ] 9/10/2010 3:59:41 PM Computer Name = GRUMPY | Source = Service Control Manager | ID = 7000 -> Description = The nero backitup scheduler 4.0 service failed to start due to the following error:   %%2
 
[Files/Folders - Created Within 90 Days]
 OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/09/10 13:11:11 | 000,641,024 | ---- | C] (OldTimer Tools)
 BugBopper -> C:\Documents and Settings\All Users\Application Data\BugBopper -> [2010/09/09 17:47:51 | 000,000,000 | ---D | C]
 BugBopper -> C:\Program Files\BugBopper -> [2010/09/09 17:47:37 | 000,000,000 | ---D | C]
 sbtis.sys -> C:\WINDOWS\System32\drivers\sbtis.sys -> [2010/09/09 08:11:27 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.)
 sbapifs.sys -> C:\WINDOWS\System32\drivers\sbapifs.sys -> [2010/09/09 00:34:13 | 000,069,976 | ---- | C] (Sunbelt Software)
 sbaphd.sys -> C:\WINDOWS\System32\drivers\sbaphd.sys -> [2010/09/09 00:34:13 | 000,021,464 | ---- | C] (Sunbelt Software)
 Sunbelt -> C:\Documents and Settings\Administrator\Application Data\Sunbelt -> [2010/09/09 00:30:57 | 000,000,000 | ---D | C]
 Sunbelt -> C:\Documents and Settings\All Users\Application Data\Sunbelt -> [2010/09/09 00:30:56 | 000,000,000 | ---D | C]
 Sunbelt Software -> C:\Program Files\Sunbelt Software -> [2010/09/09 00:30:45 | 000,000,000 | ---D | C]
 counterspy-setup.exe -> C:\Documents and Settings\Administrator\Desktop\counterspy-setup.exe -> [2010/09/09 00:29:38 | 014,885,984 | ---- | C] (Sunbelt Software                                             )
 RECYCLER -> C:\RECYCLER -> [2010/09/08 02:39:33 | 000,000,000 | -HSD | C]
 TFC.exe -> C:\Documents and Settings\Administrator\Desktop\TFC.exe -> [2010/09/08 02:39:06 | 000,446,464 | ---- | C] (OldTimer Tools)
 TDS -> C:\TDS -> [2010/09/07 22:52:50 | 000,000,000 | ---D | C]
 cmdcons -> C:\cmdcons -> [2010/09/07 08:50:36 | 000,000,000 | RHSD | C]
 Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage -> [2010/09/06 20:28:02 | 000,000,000 | ---D | C]
 Office Genuine Advantage -> C:\Documents and Settings\Administrator\Application Data\Office Genuine Advantage -> [2010/09/06 20:27:59 | 000,000,000 | ---D | C]
 zh-TW -> C:\WINDOWS\System32\zh-TW -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 zh-HK -> C:\WINDOWS\System32\zh-HK -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 tr-TR -> C:\WINDOWS\System32\tr-TR -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 sv-SE -> C:\WINDOWS\System32\sv-SE -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 pt-BR -> C:\WINDOWS\System32\pt-BR -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 nl-NL -> C:\WINDOWS\System32\nl-NL -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 nb-NO -> C:\WINDOWS\System32\nb-NO -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 ko-KR -> C:\WINDOWS\System32\ko-KR -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 it-IT -> C:\WINDOWS\System32\it-IT -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 he-IL -> C:\WINDOWS\System32\he-IL -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 fr-FR -> C:\WINDOWS\System32\fr-FR -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 fi-FI -> C:\WINDOWS\System32\fi-FI -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 es-ES -> C:\WINDOWS\System32\es-ES -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 el-GR -> C:\WINDOWS\System32\el-GR -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 de-DE -> C:\WINDOWS\System32\de-DE -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 da-DK -> C:\WINDOWS\System32\da-DK -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 ar-SA -> C:\WINDOWS\System32\ar-SA -> [2010/09/06 20:00:36 | 000,000,000 | ---D | C]
 temp -> C:\WINDOWS\temp -> [2010/09/06 14:50:31 | 000,000,000 | ---D | C]
 KomboFix -> C:\KomboFix -> [2010/09/06 13:15:27 | 000,000,000 | ---D | C]
 PCHealth -> C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth -> [2010/09/06 00:09:34 | 000,000,000 | ---D | C]
 Windows Defender -> C:\Program Files\Windows Defender -> [2010/09/05 20:00:00 | 000,000,000 | ---D | C]
 Recent -> C:\Documents and Settings\Administrator\Recent -> [2010/09/04 11:49:31 | 000,000,000 | RH-D | C]
 OTL.scr -> C:\Documents and Settings\Administrator\Desktop\OTL.scr -> [2010/09/04 00:18:15 | 000,574,976 | ---- | C] (OldTimer Tools)
 Lbd.sys -> C:\WINDOWS\System32\drivers\Lbd.sys -> [2010/09/03 21:20:00 | 000,064,288 | ---- | C] (Lavasoft AB)
 Sunbelt Software -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Sunbelt Software -> [2010/09/03 20:49:34 | 000,000,000 | ---D | C]
 {ECC164E0-3133-4C70-A831-F08DB2940F70} -> C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} -> [2010/09/03 20:48:43 | 000,000,000 | -H-D | C]
 Avenger -> C:\Avenger -> [2010/09/03 20:33:54 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Program Files\Trend Micro -> [2010/09/02 11:41:25 | 000,000,000 | ---D | C]
 Realtek AC97 -> C:\Program Files\Realtek AC97 -> [2010/09/01 15:48:44 | 000,000,000 | ---D | C]
 Realtek AC97(2) -> C:\Program Files\Realtek AC97(2) -> [2010/08/27 09:11:08 | 000,000,000 | ---D | C]
 sbbd.exe -> C:\WINDOWS\System32\sbbd.exe -> [2010/08/20 09:18:40 | 000,027,984 | ---- | C] (Sunbelt Software)
 FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [2010/08/14 00:09:16 | 000,000,000 | ---D | C]
 Adobe Media Player -> C:\Program Files\Adobe Media Player -> [2010/08/13 23:35:22 | 000,000,000 | ---D | C]
 Adobe AIR -> C:\Program Files\Common Files\Adobe AIR -> [2010/08/13 23:32:57 | 000,000,000 | ---D | C]
 Macrovision Shared -> C:\Program Files\Common Files\Macrovision Shared -> [2010/08/13 23:25:54 | 000,000,000 | ---D | C]
 avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2010/07/15 08:36:11 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.)
 AI -> C:\AI -> [2010/07/09 20:41:24 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 90 Days]
 GoogleUpdateTaskUserS-1-5-21-372829268-496393314-3364022493-500UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-372829268-496393314-3364022493-500UA.job -> [2010/09/10 13:27:03 | 000,001,010 | ---- | M] ()
 Default.rdp -> C:\Documents and Settings\Administrator\My Documents\Default.rdp -> [2010/09/10 13:23:07 | 000,001,722 | -H-- | M] ()
 ntuser.dat -> C:\Documents and Settings\Administrator\ntuser.dat -> [2010/09/10 13:21:31 | 015,990,784 | ---- | M] ()
 tmpPrst.dll -> C:\WINDOWS\System32\tmpPrst.dll -> [2010/09/10 13:14:45 | 000,000,000 | ---- | M] ()
 lsprst7.dll -> C:\WINDOWS\System32\lsprst7.dll -> [2010/09/10 13:14:45 | 000,000,000 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/09/10 13:12:01 | 000,000,886 | ---- | M] ()
 OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/09/10 13:11:11 | 000,641,024 | ---- | M] (OldTimer Tools)
 incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2010/09/10 13:05:43 | 064,510,518 | ---- | M] ()
 VPN Client.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk -> [2010/09/10 13:01:06 | 000,002,447 | ---- | M] ()
 nvwsapps.xml -> C:\WINDOWS\System32\nvwsapps.xml -> [2010/09/10 13:00:54 | 000,061,187 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/09/10 13:00:28 | 000,012,702 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/09/10 13:00:25 | 000,000,882 | ---- | M] ()
 nsprs.tgz -> C:\WINDOWS\System32\nsprs.tgz -> [2010/09/10 12:59:40 | 000,000,087 | ---- | M] ()
 tablet.dat -> C:\WINDOWS\System32\tablet.dat -> [2010/09/10 12:59:39 | 000,000,343 | ---- | M] ()
 nsprs.dll -> C:\WINDOWS\System32\nsprs.dll -> [2010/09/10 12:59:39 | 000,000,073 | ---- | M] ()
 Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2010/09/10 12:59:37 | 000,000,868 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/09/10 12:59:11 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/09/10 12:59:10 | 000,002,048 | --S- | M] ()
 ntuser.ini -> C:\Documents and Settings\Administrator\ntuser.ini -> [2010/09/10 02:02:33 | 000,000,278 | -HS- | M] ()
 Google Chrome.lnk -> C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk -> [2010/09/10 02:01:20 | 000,002,344 | ---- | M] ()
 Google Chrome.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2010/09/10 02:01:20 | 000,002,322 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/09/10 01:55:45 | 000,000,815 | ---- | M] ()
 yellowmap -> C:\yellowmap -> [2010/09/10 00:47:54 | 003,844,984 | ---- | M] ()
 redmap -> C:\redmap -> [2010/09/10 00:47:54 | 003,844,984 | ---- | M] ()
 greenmap -> C:\greenmap -> [2010/09/10 00:47:53 | 003,844,984 | ---- | M] ()
 bluemap -> C:\bluemap -> [2010/09/10 00:47:53 | 003,844,984 | ---- | M] ()
 amazinggrace -> C:\amazinggrace -> [2010/09/09 22:57:20 | 003,844,984 | ---- | M] ()
 floydcheck.jpg -> C:\Documents and Settings\Administrator\Desktop\floydcheck.jpg -> [2010/09/09 21:15:42 | 001,407,860 | ---- | M] ()
 ORC_pose2.pdf -> C:\Documents and Settings\Administrator\Desktop\ORC_pose2.pdf -> [2010/09/09 20:15:27 | 001,182,456 | ---- | M] ()
 Wuzzup.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Wuzzup.lnk -> [2010/09/09 17:47:40 | 000,000,882 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-372829268-496393314-3364022493-500Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-372829268-496393314-3364022493-500Core.job -> [2010/09/09 11:27:01 | 000,000,958 | ---- | M] ()
 VIPRE.lnk -> C:\Documents and Settings\All Users\Desktop\VIPRE.lnk -> [2010/09/09 08:11:30 | 000,001,769 | ---- | M] ()
 viper_code.rtf -> C:\Documents and Settings\Administrator\Desktop\viper_code.rtf -> [2010/09/09 08:08:21 | 000,000,186 | ---- | M] ()
 counterspy-setup.exe -> C:\Documents and Settings\Administrator\Desktop\counterspy-setup.exe -> [2010/09/09 00:30:00 | 014,885,984 | ---- | M] (Sunbelt Software                                             )
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/09/09 00:02:10 | 000,444,028 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/09/09 00:02:10 | 000,071,904 | ---- | M] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/09/09 00:02:09 | 000,525,770 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/09/08 02:49:10 | 000,001,355 | ---- | M] ()
 TFC.exe -> C:\Documents and Settings\Administrator\Desktop\TFC.exe -> [2010/09/08 02:39:06 | 000,446,464 | ---- | M] (OldTimer Tools)
 system.ini -> C:\WINDOWS\system.ini -> [2010/09/07 09:38:19 | 000,000,246 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/09/07 09:38:11 | 000,000,027 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2010/09/07 08:50:40 | 000,000,327 | RHS- | M] ()
 KomboFix.exe -> C:\Documents and Settings\Administrator\Desktop\KomboFix.exe -> [2010/09/07 08:46:50 | 003,839,284 | R--- | M] ()
 Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/09/06 21:19:00 | 000,000,472 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/09/06 19:57:46 | 002,081,968 | ---- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2010/09/06 16:56:55 | 000,000,942 | ---- | M] ()
 Boot.bak -> C:\Boot.bak -> [2010/09/06 14:20:56 | 000,000,327 | ---- | M] ()
 Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2010/09/05 17:50:10 | 000,002,265 | ---- | M] ()
 lvuvc.hs -> C:\WINDOWS\System32\drivers\lvuvc.hs -> [2010/09/05 17:50:08 | 000,000,000 | ---- | M] ()
 logiflt.iad -> C:\WINDOWS\System32\drivers\logiflt.iad -> [2010/09/05 17:49:53 | 000,000,000 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/09/04 22:53:02 | 000,000,284 | ---- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk -> [2010/09/04 11:47:02 | 000,000,933 | ---- | M] ()
 OTL.scr -> C:\Documents and Settings\Administrator\Desktop\OTL.scr -> [2010/09/04 00:18:15 | 000,574,976 | ---- | M] (OldTimer Tools)
 Ad-Aware.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk -> [2010/09/03 20:48:41 | 000,000,885 | ---- | M] ()
 Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/09/03 20:48:41 | 000,000,867 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/09/03 20:38:39 | 000,000,696 | ---- | M] ()
 Irremote.ini -> C:\WINDOWS\Irremote.ini -> [2010/09/02 19:12:13 | 000,000,039 | ---- | M] ()
 cc_20100902_190855.reg -> C:\Documents and Settings\Administrator\My Documents\cc_20100902_190855.reg -> [2010/09/02 19:09:07 | 000,137,392 | ---- | M] ()
 gmer.ini -> C:\WINDOWS\gmer.ini -> [2010/09/02 16:33:14 | 000,000,250 | ---- | M] ()
 HiJackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk -> [2010/09/02 11:42:41 | 000,002,463 | ---- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2010/09/01 16:07:44 | 000,000,951 | ---- | M] ()
 ssprs.tgz -> C:\WINDOWS\System32\ssprs.tgz -> [2010/08/27 22:36:10 | 000,000,087 | ---- | M] ()
 sbbd.exe -> C:\WINDOWS\System32\sbbd.exe -> [2010/08/20 09:18:40 | 000,027,984 | ---- | M] (Sunbelt Software)
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/08/15 23:30:53 | 000,231,424 | ---- | M] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010/08/15 23:30:34 | 000,000,116 | ---- | M] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/08/14 00:10:37 | 000,056,192 | ---- | M] ()
 Lbd.sys -> C:\WINDOWS\System32\drivers\Lbd.sys -> [2010/08/12 05:15:20 | 000,064,288 | ---- | M] (Lavasoft AB)
 lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2010/08/12 05:15:20 | 000,015,880 | ---- | M] ()
 PAP4.lnk -> C:\Documents and Settings\Administrator\Desktop\PAP4.lnk -> [2010/08/11 20:59:11 | 000,001,476 | ---- | M] ()
 sbtis.sys -> C:\WINDOWS\System32\drivers\sbtis.sys -> [2010/07/27 04:48:30 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.)
 avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2010/07/15 08:36:13 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2010/07/15 08:36:11 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2010/07/15 08:35:36 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.)
 sbapifs.sys -> C:\WINDOWS\System32\drivers\sbapifs.sys -> [2010/06/14 14:54:30 | 000,069,976 | ---- | M] (Sunbelt Software)
 sbaphd.sys -> C:\WINDOWS\System32\drivers\sbaphd.sys -> [2010/06/14 14:54:30 | 000,021,464 | ---- | M] (Sunbelt Software)
 
[Files - No Company Name]
 Google Chrome.lnk -> C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk -> [2010/09/10 01:58:06 | 000,002,344 | ---- | C] ()
 Google Chrome.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2010/09/10 01:58:06 | 000,002,322 | ---- | C] ()
 yellowmap -> C:\yellowmap -> [2010/09/09 22:59:58 | 003,844,984 | ---- | C] ()
 redmap -> C:\redmap -> [2010/09/09 22:59:58 | 003,844,984 | ---- | C] ()
 greenmap -> C:\greenmap -> [2010/09/09 22:59:56 | 003,844,984 | ---- | C] ()
 bluemap -> C:\bluemap -> [2010/09/09 22:59:56 | 003,844,984 | ---- | C] ()
 floydcheck.jpg -> C:\Documents and Settings\Administrator\Desktop\floydcheck.jpg -> [2010/09/09 21:09:52 | 001,407,860 | ---- | C] ()
 ORC_pose2.pdf -> C:\Documents and Settings\Administrator\Desktop\ORC_pose2.pdf -> [2010/09/09 20:15:27 | 001,182,456 | ---- | C] ()
 Wuzzup.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Wuzzup.lnk -> [2010/09/09 17:47:40 | 000,000,882 | ---- | C] ()
 VIPRE.lnk -> C:\Documents and Settings\All Users\Desktop\VIPRE.lnk -> [2010/09/09 08:11:30 | 000,001,769 | ---- | C] ()
 viper_code.rtf -> C:\Documents and Settings\Administrator\Desktop\viper_code.rtf -> [2010/09/09 08:08:21 | 000,000,186 | ---- | C] ()
 nsprs.dll -> C:\WINDOWS\System32\nsprs.dll -> [2010/09/07 09:19:02 | 000,000,073 | ---- | C] ()
 tmpPrst.dll -> C:\WINDOWS\System32\tmpPrst.dll -> [2010/09/07 09:19:02 | 000,000,000 | ---- | C] ()
 lsprst7.dll -> C:\WINDOWS\System32\lsprst7.dll -> [2010/09/07 09:19:02 | 000,000,000 | ---- | C] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/09/06 16:41:36 | 000,001,355 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/09/06 13:15:54 | 000,256,512 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/09/06 13:15:54 | 000,077,312 | ---- | C] ()
 KomboFix.exe -> C:\Documents and Settings\Administrator\Desktop\KomboFix.exe -> [2010/09/06 13:14:51 | 003,839,284 | R--- | C] ()
 lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2010/09/03 23:58:43 | 000,015,880 | ---- | C] ()
 Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/09/03 21:20:32 | 000,000,472 | ---- | C] ()
 Ad-Aware.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk -> [2010/09/03 20:48:41 | 000,000,885 | ---- | C] ()
 Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/09/03 20:48:41 | 000,000,867 | ---- | C] ()
 cc_20100902_190855.reg -> C:\Documents and Settings\Administrator\My Documents\cc_20100902_190855.reg -> [2010/09/02 19:08:58 | 000,137,392 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/09/02 12:51:39 | 000,000,696 | ---- | C] ()
 HiJackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk -> [2010/09/02 11:41:25 | 000,002,463 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2010/09/01 16:07:44 | 000,000,951 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk -> [2010/09/01 16:07:44 | 000,000,933 | ---- | C] ()
 ntuser.dat -> C:\Documents and Settings\Administrator\ntuser.dat -> [2010/08/20 22:40:09 | 015,990,784 | ---- | C] ()
 PAP4.lnk -> C:\Documents and Settings\Administrator\Desktop\PAP4.lnk -> [2010/08/11 20:59:11 | 000,001,476 | ---- | C] ()
 default.rss -> C:\Documents and Settings\Administrator\Application Data\default.rss -> [2009/09/17 00:48:24 | 000,000,194 | ---- | C] ()
 Irremote.ini -> C:\WINDOWS\Irremote.ini -> [2009/09/17 00:29:39 | 000,000,039 | ---- | C] ()
 swf2avi.INI -> C:\WINDOWS\swf2avi.INI -> [2009/09/15 13:14:29 | 000,000,067 | ---- | C] ()
 xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/09/15 13:14:24 | 000,758,018 | ---- | C] ()
 xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/09/15 13:14:24 | 000,180,224 | ---- | C] ()
 lvcoinst.ini -> C:\WINDOWS\System32\lvcoinst.ini -> [2009/09/15 00:23:23 | 000,082,289 | R--- | C] ()
 PnkBstrK.sys -> C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys -> [2009/08/27 00:17:45 | 000,139,152 | ---- | C] ()
 PnkBstrK.sys -> C:\WINDOWS\System32\drivers\PnkBstrK.sys -> [2009/08/25 22:27:49 | 000,138,504 | ---- | C] ()
 serauth2.dll -> C:\WINDOWS\System32\serauth2.dll -> [2009/08/25 13:00:25 | 000,001,025 | ---- | C] ()
 serauth1.dll -> C:\WINDOWS\System32\serauth1.dll -> [2009/08/25 13:00:25 | 000,001,025 | ---- | C] ()
 OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 000,403,816 | ---- | C] ()
 iKeyLFT2.dll -> C:\WINDOWS\System32\drivers\iKeyLFT2.dll -> [2009/05/08 10:13:04 | 000,013,584 | ---- | C] ()
 LVPr2Mon.sys -> C:\WINDOWS\System32\drivers\LVPr2Mon.sys -> [2009/04/30 16:00:12 | 000,025,624 | ---- | C] ()
 gmer.ini -> C:\WINDOWS\gmer.ini -> [2008/12/31 12:19:46 | 000,000,250 | ---- | C] ()
 gmer.dll -> C:\WINDOWS\gmer.dll -> [2008/12/31 12:19:45 | 000,884,736 | ---- | C] ()
 Tw561a.ini -> C:\WINDOWS\Tw561a.ini -> [2008/11/02 18:24:29 | 000,014,385 | ---- | C] ()
 Setup8a.ini -> C:\WINDOWS\Setup8a.ini -> [2008/11/02 18:24:29 | 000,000,081 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2008/09/19 20:16:29 | 000,000,116 | ---- | C] ()
 qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2007/10/19 17:56:16 | 003,596,288 | ---- | C] ()
 dtu100.dll.manifest -> C:\WINDOWS\System32\dtu100.dll.manifest -> [2007/10/19 17:54:28 | 000,000,416 | ---- | C] ()
 dpl100.dll.manifest -> C:\WINDOWS\System32\dpl100.dll.manifest -> [2007/10/19 17:54:28 | 000,000,416 | ---- | C] ()
 DivXWMPExtType.dll -> C:\WINDOWS\System32\DivXWMPExtType.dll -> [2007/10/18 02:02:34 | 000,012,288 | ---- | C] ()
 vpnapi.dll -> C:\WINDOWS\System32\vpnapi.dll -> [2007/07/16 11:58:10 | 000,197,408 | ---- | C] ()
 CSGina.dll -> C:\WINDOWS\System32\CSGina.dll -> [2007/07/16 11:58:00 | 000,193,312 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2007/04/26 21:41:26 | 000,000,360 | ---- | C] ()
 pcfriend.INI -> C:\WINDOWS\pcfriend.INI -> [2007/03/31 23:44:22 | 000,000,000 | ---- | C] ()
 RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2007/02/20 20:20:49 | 000,147,456 | ---- | C] ()
 haspdos.sys -> C:\WINDOWS\System32\haspdos.sys -> [2007/02/04 20:55:06 | 000,000,383 | ---- | C] ()
 PhysXLoader.dll -> C:\WINDOWS\System32\PhysXLoader.dll -> [2007/01/12 16:48:16 | 000,071,208 | ---- | C] ()
 atid.ini -> C:\WINDOWS\atid.ini -> [2007/01/10 20:10:49 | 000,000,029 | ---- | C] ()
 AgCPanelTraditionalChinese.dll -> C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll -> [2007/01/05 22:23:06 | 000,058,920 | ---- | C] ()
 AgCPanelSwedish.dll -> C:\WINDOWS\System32\AgCPanelSwedish.dll -> [2007/01/05 22:23:06 | 000,058,920 | ---- | C] ()
 AgCPanelSpanish.dll -> C:\WINDOWS\System32\AgCPanelSpanish.dll -> [2007/01/05 22:23:04 | 000,058,920 | ---- | C] ()
 AgCPanelSimplifiedChinese.dll -> C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll -> [2007/01/05 22:23:04 | 000,058,920 | ---- | C] ()
 AgCPanelPortugese.dll -> C:\WINDOWS\System32\AgCPanelPortugese.dll -> [2007/01/05 22:23:02 | 000,058,920 | ---- | C] ()
 AgCPanelKorean.dll -> C:\WINDOWS\System32\AgCPanelKorean.dll -> [2007/01/05 22:23:02 | 000,058,920 | ---- | C] ()
 AgCPanelJapanese.dll -> C:\WINDOWS\System32\AgCPanelJapanese.dll -> [2007/01/05 22:23:02 | 000,058,920 | ---- | C] ()
 AgCPanelGerman.dll -> C:\WINDOWS\System32\AgCPanelGerman.dll -> [2007/01/05 22:23:02 | 000,058,920 | ---- | C] ()
 AgCPanelFrench.dll -> C:\WINDOWS\System32\AgCPanelFrench.dll -> [2007/01/05 22:23:02 | 000,058,920 | ---- | C] ()
 atnt40k.sys -> C:\WINDOWS\System32\drivers\atnt40k.sys -> [2006/10/31 08:59:41 | 000,051,304 | ---- | C] ()
 Rtcw.INI -> C:\WINDOWS\Rtcw.INI -> [2006/07/26 14:26:01 | 000,000,810 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
 mayaNetRenderServer.exe -> C:\Program Files\mayaNetRenderServer.exe -> [2005/12/17 20:44:41 | 000,869,376 | ---- | C] ()
 mayaNetRenderClent.exe -> C:\Program Files\mayaNetRenderClent.exe -> [2005/12/17 20:44:41 | 000,811,520 | ---- | C] ()
 Primomonnt.dll -> C:\WINDOWS\System32\Primomonnt.dll -> [2005/11/30 18:30:20 | 000,176,235 | ---- | C] ()
 primopdf.ini -> C:\WINDOWS\primopdf.ini -> [2005/11/30 18:30:20 | 000,000,129 | ---- | C] ()
 GSDLL32.dll -> C:\WINDOWS\System32\GSDLL32.dll -> [2005/11/30 15:09:41 | 002,768,896 | ---- | C] ()
 psparam.ini -> C:\WINDOWS\System32\psparam.ini -> [2005/11/30 15:09:41 | 000,000,137 | ---- | C] ()
 nvapi.dll -> C:\WINDOWS\System32\nvapi.dll -> [2005/11/04 09:38:00 | 000,086,016 | ---- | C] ()
 QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2005/11/01 09:54:01 | 000,002,150 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat -> [2005/07/19 12:48:14 | 000,000,136 | ---- | C] ()
 sysprs7.dll -> C:\WINDOWS\System32\sysprs7.dll -> [2005/06/08 11:09:17 | 000,002,048 | ---- | C] ()
 clauth2.dll -> C:\WINDOWS\System32\clauth2.dll -> [2005/06/08 11:09:17 | 000,001,025 | ---- | C] ()
 clauth1.dll -> C:\WINDOWS\System32\clauth1.dll -> [2005/06/08 11:09:17 | 000,001,025 | ---- | C] ()
 ssprs.dll -> C:\WINDOWS\System32\ssprs.dll -> [2005/06/08 11:09:17 | 000,000,073 | ---- | C] ()
 cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2005/05/03 12:14:13 | 000,000,150 | ---- | C] ()
 IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2005/05/03 12:01:19 | 006,428,666 | -H-- | C] ()
 hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2005/05/02 15:13:05 | 000,005,724 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2005/05/02 14:47:34 | 000,000,376 | ---- | C] ()
 PhotoSnapViewer.INI -> C:\WINDOWS\PhotoSnapViewer.INI -> [2005/04/27 14:38:24 | 000,000,151 | ---- | C] ()
 wiseftp.ini -> C:\WINDOWS\wiseftp.ini -> [2005/04/26 16:34:05 | 000,000,199 | ---- | C] ()
 CmdLineExt03.dll -> C:\WINDOWS\System32\CmdLineExt03.dll -> [2005/04/23 08:47:44 | 000,043,520 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2005/04/22 11:57:05 | 000,231,424 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2005/04/15 13:33:56 | 000,000,061 | ---- | C] ()
 nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2005/02/24 05:32:00 | 001,662,976 | ---- | C] ()
 nview.dll -> C:\WINDOWS\System32\nview.dll -> [2005/02/24 05:32:00 | 001,466,368 | ---- | C] ()
 nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2005/02/24 05:32:00 | 001,019,904 | ---- | C] ()
 nvhwvid.dll -> C:\WINDOWS\System32\nvhwvid.dll -> [2005/02/24 05:32:00 | 000,573,440 | ---- | C] ()
 nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2005/02/24 05:32:00 | 000,466,944 | ---- | C] ()
 nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2005/02/24 05:32:00 | 000,286,720 | ---- | C] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2005/01/20 12:47:08 | 000,056,192 | ---- | C] ()
 desktop.ini -> C:\Documents and Settings\Administrator\Application Data\desktop.ini -> [2005/01/20 12:22:04 | 000,000,062 | -HS- | C] ()
 desktop.ini -> C:\Documents and Settings\All Users\Application Data\desktop.ini -> [2005/01/20 06:07:41 | 000,000,062 | -HS- | C] ()
 Oeminfo.ini -> C:\WINDOWS\System32\Oeminfo.ini -> [2004/04/19 10:47:37 | 000,000,196 | ---- | C] ()
 OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 13:05:08 | 000,002,695 | ---- | C] ()
 prnmnt.dll -> C:\WINDOWS\System32\prnmnt.dll -> [2001/10/28 00:42:30 | 000,116,224 | ---- | C] ()
 VFCodec.dll -> C:\WINDOWS\System32\VFCodec.dll -> [2000/07/22 14:49:46 | 000,431,104 | ---- | C] ()
 wintab.dll -> C:\WINDOWS\System32\wintab.dll -> [1999/05/07 02:12:06 | 000,015,744 | ---- | C] ()
 tntlvr.dll -> C:\WINDOWS\System32\tntlvr.dll -> [1997/08/23 09:33:24 | 000,022,056 | ---- | C] ()
 
[File - Lop Check]
 Alias -> C:\Documents and Settings\Administrator\Application Data\Alias -> [2005/11/07 13:24:35 | 000,000,000 | ---D | M]
 Autodesk -> C:\Documents and Settings\Administrator\Application Data\Autodesk -> [2010/04/23 20:41:34 | 000,000,000 | ---D | M]
 BitTorrent -> C:\Documents and Settings\Administrator\Application Data\BitTorrent -> [2010/02/28 20:55:34 | 000,000,000 | ---D | M]
 FinalBurner Video DVD -> C:\Documents and Settings\Administrator\Application Data\FinalBurner Video DVD -> [2008/12/21 23:17:02 | 000,000,000 | ---D | M]
 GlobalSCAPE -> C:\Documents and Settings\Administrator\Application Data\GlobalSCAPE -> [2006/03/27 11:23:57 | 000,000,000 | ---D | M]
 id Software -> C:\Documents and Settings\Administrator\Application Data\id Software -> [2009/08/25 22:16:03 | 000,000,000 | ---D | M]
 ImTOO Software Studio -> C:\Documents and Settings\Administrator\Application Data\ImTOO Software Studio -> [2010/04/17 20:13:48 | 000,000,000 | ---D | M]
 Leadertech -> C:\Documents and Settings\Administrator\Application Data\Leadertech -> [2009/09/15 00:24:01 | 000,000,000 | ---D | M]
 MayaWebBrowser -> C:\Documents and Settings\Administrator\Application Data\MayaWebBrowser -> [2005/05/03 15:24:47 | 000,000,000 | ---D | M]
 Moyea -> C:\Documents and Settings\Administrator\Application Data\Moyea -> [2009/09/15 13:36:38 | 000,000,000 | ---D | M]
 NCH Swift Sound -> C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound -> [2009/05/27 21:56:54 | 000,000,000 | ---D | M]
 ProjectOverlord -> C:\Documents and Settings\Administrator\Application Data\ProjectOverlord -> [2008/01/21 17:26:37 | 000,000,000 | ---D | M]
 Sony Online Entertainment -> C:\Documents and Settings\Administrator\Application Data\Sony Online Entertainment -> [2010/08/18 18:38:28 | 000,000,000 | ---D | M]
 Thunderbird -> C:\Documents and Settings\Administrator\Application Data\Thunderbird -> [2005/04/23 08:29:49 | 000,000,000 | ---D | M]
 TomTom -> C:\Documents and Settings\Administrator\Application Data\TomTom -> [2009/06/19 20:09:00 | 000,000,000 | ---D | M]
 Unity -> C:\Documents and Settings\Administrator\Application Data\Unity -> [2008/11/16 21:37:26 | 000,000,000 | ---D | M]
 Viewpoint -> C:\Documents and Settings\Administrator\Application Data\Viewpoint -> [2007/01/29 17:52:11 | 000,000,000 | ---D | M]
 Wal-Mart Digital Photo Viewer -> C:\Documents and Settings\Administrator\Application Data\Wal-Mart Digital Photo Viewer -> [2007/09/21 09:00:19 | 000,000,000 | ---D | M]
 webex -> C:\Documents and Settings\Administrator\Application Data\webex -> [2006/10/31 09:00:05 | 000,000,000 | ---D | M]
 Alias -> C:\Documents and Settings\All Users\Application Data\Alias -> [2006/07/06 16:05:06 | 000,000,000 | ---D | M]
 Autodesk -> C:\Documents and Settings\All Users\Application Data\Autodesk -> [2010/04/23 20:41:34 | 000,000,000 | ---D | M]
 avg9 -> C:\Documents and Settings\All Users\Application Data\avg9 -> [2010/06/03 19:59:48 | 000,000,000 | ---D | M]
 BugBopper -> C:\Documents and Settings\All Users\Application Data\BugBopper -> [2010/09/09 17:54:52 | 000,000,000 | ---D | M]
 id Software -> C:\Documents and Settings\All Users\Application Data\id Software -> [2010/01/15 23:35:43 | 000,000,000 | ---D | M]
 Minnetonka Audio Software -> C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software -> [2005/06/08 11:09:16 | 000,000,000 | ---D | M]
 NCH Swift Sound -> C:\Documents and Settings\All Users\Application Data\NCH Swift Sound -> [2009/05/27 21:57:27 | 000,000,000 | ---D | M]
 PopCap Games -> C:\Documents and Settings\All Users\Application Data\PopCap Games -> [2009/05/23 16:38:32 | 000,000,000 | ---D | M]
 TechSmith -> C:\Documents and Settings\All Users\Application Data\TechSmith -> [2009/09/19 18:31:38 | 000,000,000 | ---D | M]
 TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2010/09/02 11:35:54 | 000,000,000 | ---D | M]
 TomTom -> C:\Documents and Settings\All Users\Application Data\TomTom -> [2009/06/19 20:09:13 | 000,000,000 | ---D | M]
 Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/01/29 17:52:10 | 000,000,000 | ---D | M]
 {ADBAE504-0A0C-46AE-BA00-E34BABE470F7} -> C:\Documents and Settings\All Users\Application Data\{ADBAE504-0A0C-46AE-BA00-E34BABE470F7} -> [2010/01/21 11:29:08 | 000,000,000 | ---D | M]
 {ECC164E0-3133-4C70-A831-F08DB2940F70} -> C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} -> [2010/09/03 20:48:44 | 000,000,000 | -H-D | M]
 Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2010/09/06 21:19:00 | 000,000,472 | ---- | M] ()
 
[File - Purity Scan]
 
 
[Alternate Data Streams]
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 21 bytes -> C:\Documents and Settings\Administrator\Application Data\Sony Online Entertainment\Installed Games\Clone Wars\CloneWars.exe:crc
< End of report >
```


----------



## Clicksorhater (Sep 2, 2010)

OK, after reading some more on the web, it looks like this is a hijack that uses Javascript. I turned off Javascript, and I'm not seeing any Clicksor stuff anymore. 

The problem is, I would like to have javascript on, since having it off kills the functionality on many sites. Does this new clue bring us any closer to a solution?


----------



## dvk01 (Dec 14, 2002)

It is a weird one as all the usual causses of this have been ruled out and it only affects your chrome browser, not any other browser.

I am still getting ideas & suggestions from others to see what we can come up with

I need to look at your chrome profiles to see if we can sort this one

can you please go to *C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data *, right click the user data folder & select send to compressed(zip) folders 
that will make a zipped copy of the quarantine folder
then 
please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file


----------



## dvk01 (Dec 14, 2002)

we think we have tracked down the cause, thanks to advice from a malwaree fighter with a nuch better pair of eyes than I have and it is a poisened /hijacked DNS server causing the diverts

cure is to change DNS servers

either

Now we need to reset your hijacked DNS settings

To set your DNS, you need to find the Internet Protocol window.

For Users on a Dial-up Connection:
Go to My Computer>Dialup Networking.
Right-click your internet connection and select Properties.
A window will open - click the Server Types tab. Click TCP/IP Settings.

For All Other Users:
Go to Control Panel>Network Connections and select your local network.
Click Properties, then select Internet Protocol (TCP/IP).
Click Properties.

You will see a window - this is the Internet Protocol window. Select "Obtain DNS server automatically" and press OK

now go to start/run & type cmd press OK

when the black screen opens type this exactly including all spaces

ipconfig /flushdns and press OK then close that black screen

reboot

or replace them with one of the safe public dns servers listed here http://hijack-this.co.uk/2010/09/list-of-public-dns-services/

let us know how it is after that

Whichever option you choose, you *MUST* do this step after changing DNS

*now go to start/run & type cmd press OK

when the black screen opens type this exactly including all spaces

ipconfig /flushdns and press OK then close that black screen

reboot *


----------



## Clicksorhater (Sep 2, 2010)

Fixed!

One note though, it was already set to "Obtain DNS server automatically". I did the "ipconfig /flushdns" command, rebooted, and this did NOT fix it.

I changed the DNS to the Google numbers you linked to, did the "ipconfig /flushdns" command, rebooted, and that DID fix the problem. No Clicksor to be found. 100% clean bill of health on the scan I did as well.

Thanks again for all your help! This has been bugging me for over a week now.


----------



## dvk01 (Dec 14, 2002)

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click *START* then * RUN*
* Now type *Combofix /Uninstall * in the runbox and click *OK*. Note the *space *between the *X* and the */U*, it needs to be there.









This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

then
Please double-click *OTScanIt.exe* to run it.

press cleanup & it will will delete/uninstall all the tools we have used to fix your problems and all their backup folders and then delete itself when you next reboot
then

go here* http://www.thespykiller.co.uk/index.php?page=3 *for info on how to tighten your security settings and how to help prevent future attacks.

and scan here* http://secunia.com/software_inspector/ * for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place


----------

