1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

browser hijcaked amoung other things.....

Discussion in 'Virus & Other Malware Removal' started by dustfae, Apr 11, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. dustfae

    dustfae Thread Starter

    Joined:
    Apr 11, 2010
    Messages:
    9
    Hello. All my problems started with the Vista Internet Security Virus. I was able to successfully remove that with Malawarbytes. Since then the Internet Security Virus has reappeared a few times, but Malawarbytes always gets rid of it. My new problem is what I think might be the google redirect virus. When I search for things in google or any search engine, I am often redirected. I am not sure if that is what it is though because I searched for the TDSSserv.sys file that I think is associated with it and could not find it on my computer.

    I am pretty computer illiterate, but I have read many forum posts as people are posting Hijackthis logs so I will do the same.

    Also, Firefox randomly crashes all the time, and many things on my computer go through the "not responding" phase multiple times a day.

    I work a lot in photoshop, and it is pure agony because my computer is SO SLOW

    I have a dell, windows vista.

    I also have spybot search and destroy, Ad-Aware, and Super Anti-Spyware, also McAfee. None of them are picking up much. Sometimes they will find cookies, and once a Trojan-Dropper. But my computer problems continue

    Thank you so much for reading all this, now I just tried to generate a Hijackthis log files and I am having a problem, Hijack this is telling me, "For Some Reason your system denied write access to host file. If hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens you need to edit the file yourself...." When I try to show the log file in notepad it says Cannot find the C:programfiles/TrendMicro/Hijackthislogfile.txt file, do you want to create a new file? I click yes and it shows nothing in notepad...ah! What do I do now?
     
  2. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Hello there :cool: Welcome to the TSG Forums.
    My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.


    Please note the following:
    • The fixes are specific to your problem and should only be used on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
    • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.



    Step 1

    Download OTS to your Desktop

    • Close ALL OTHER PROGRAMS.
    • Double-click on OTS.exe to start the program.
    • Check the box that says Scan All Users
    • Under Basic Scans please change the radio button under Registry from Safe List to All.
    • Under Additional Scans check the following:
      • Reg - Desktop Components
      • Reg - Disabled MS Config Items
      • Reg - NetSvcs
      • Reg - Shell Spawning
      • Reg - Uninstall List
      • File - Lop Check
      • File - Purity Scan
      • Evnt - EvtViewer (last 10)
    • Please paste the contents of the following codebox into the Custom Scans box at the bottom
    Code:
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Please attach the log in your next post. To do so click on the blue "Reply" button or "Go Advanced" and click on the "Manage Attachments" button

    Step 2

    [​IMG] GMER Rootkit Scanner
    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
    • Disconnect from the Internet and close all running programs. Make sure you disable your security programs as well, as they may interfere with the program.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

      [​IMG]
    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable your security programs when done.
     
  3. dustfae

    dustfae Thread Starter

    Joined:
    Apr 11, 2010
    Messages:
    9
    Thank you so much for agreeing to help me, now I am going to do the GMER scan
    here is my OTS scan:

    Code:
    OTS logfile created on: 4/11/2010 9:13:06 PM - Run 1
    OTS by OldTimer - Version 3.1.28.1     Folder = C:\Users\Kamille\Downloads
    Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18904)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1,023.00 Mb Total Physical Memory | 526.00 Mb Available Physical Memory | 51.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 42.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.09 Gb Total Space | 19.28 Gb Free Space | 18.70% Space Free | Partition Type: NTFS
    Drive D: | 8.69 Gb Total Space | 1.20 Gb Free Space | 13.75% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    F: Drive not present or media not loaded
    Drive G: | 74.50 Gb Total Space | 44.61 Gb Free Space | 59.87% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: KAMILLE-PC
    Current User Name: Kamille
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots(2).exe -> C:\Users\Kamille\Downloads\OTS(2).exe -> [2010/04/11 21:10:02 | 000,638,464 | ---- | M] (OldTimer Tools)
    aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2010/04/11 15:30:36 | 000,818,256 | ---- | M] (Lavasoft)
    aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/04/11 15:30:35 | 001,265,264 | ---- | M] (Lavasoft)
    superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2010/04/01 12:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com)
    mcagent.exe -> C:\Program Files\McAfee.com\Agent\mcagent.exe -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
    mpfsrv.exe -> C:\Program Files\McAfee\MPF\MpfSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
    mcods.exe -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.)
    mcvsshld.exe -> c:\Program Files\McAfee\VirusScan\mcvsshld.exe -> [2009/09/16 11:23:32 | 000,262,160 | ---- | M] (McAfee, Inc.)
    mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.)
    mcsysmon.exe -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
    wmplayer.exe -> C:\Program Files\Windows Media Player\wmplayer.exe -> [2009/09/10 11:29:33 | 000,168,960 | ---- | M] (Microsoft Corporation)
    ssscheduler.exe -> C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe -> [2009/07/27 20:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.)
    mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
    mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
    mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
    wg111v3.exe -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe -> [2008/06/13 16:26:54 | 002,498,560 | ---- | M] ()
    fnplicensingservice.exe -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/05/07 01:25:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)
    hpsysdrv.exe -> C:\hp\support\hpsysdrv.exe -> [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company)
    osd.exe -> C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe -> [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro)
    schtasks.exe -> C:\WINDOWS\System32\schtasks.exe -> [2006/11/02 05:45:39 | 000,150,016 | ---- | M] (Microsoft Corporation)
    acrotray.exe -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.)
     
    [Modules - Safe List]
    ots(2).exe -> C:\Users\Kamille\Downloads\OTS(2).exe -> [2010/04/11 21:10:02 | 000,638,464 | ---- | M] (OldTimer Tools)
    comctl32.dll -> C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll -> [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation)
     
    [Win32 Services - Safe List]
    (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/04/11 15:30:35 | 001,265,264 | ---- | M] (Lavasoft)
    (MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
    (McODS) McAfee Scanner [On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.)
    (McShield) McAfee Real-time Scanner [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.)
    (McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
    (mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
    (McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
    (McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
    (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Running] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/05/07 01:25:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)
    (WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2007/08/03 03:58:33 | 000,265,912 | ---- | M] (Microsoft Corporation)
    (Adobe Version Cue CS3) Adobe Version Cue CS3 [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated)
     
    [Driver Services - Safe List]
    (SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    (SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    (SASENUM) SASENUM [Kernel | On_Demand | Running] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    (Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB)
    (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\mfehidk.sys -> [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.)
    (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfeavfk.sys -> [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.)
    (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfesmfk.sys -> [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.)
    (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfebopk.sys -> [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.)
    (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\mferkdk.sys -> [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.)
    (sptd) sptd [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\sptd.sys -> [2009/08/11 06:23:23 | 000,721,904 | ---- | M] ()
    (MPFP) MPFP [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\Mpfp.sys -> [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.)
    (HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\HSXHWBS2.sys -> [2008/05/08 06:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.)
    (winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\HSX_CNXT.sys -> [2008/05/08 06:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.)
    (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\HSX_DP.sys -> [2008/05/08 06:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.)
    (R300) R300 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\atikmdag.sys -> [2008/03/29 02:24:16 | 003,544,064 | ---- | M] (ATI Technologies Inc.)
    (atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\atikmdag.sys -> [2008/03/29 02:24:16 | 003,544,064 | ---- | M] (ATI Technologies Inc.)
    (RTL8187B) NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\wg111v3.sys -> [2007/12/28 15:58:30 | 000,289,280 | ---- | M] (NETGEAR Inc.                           )
    (XAudio) XAudio [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\XAudio.sys -> [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.)
    (RtlProt) Realtke RtlProt WLAN Utility Protocol Driver [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\RtlProt.sys -> [2007/04/23 11:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
    (RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\Rtlh86.sys -> [2007/03/05 17:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            )
    (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation)
    (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.)
    (elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex)
    (adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.)
    (uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.)
    (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
    (adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.)
    (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.)
    (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
    (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)
    (UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.)
    (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.)
    (nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation)
    (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation)
    (iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
    (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems)
    (nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
    (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.)
    (arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.)
    (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic)
    (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
    (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company)
    (arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.)
    (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
    (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
    (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic)
    (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic)
    (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic)
    (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic)
    (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)
    (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic)
    (megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation)
    (viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.)
    (cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.)
    (aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.)
    (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)
    (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
    (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
    (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
    (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
    (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
    (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies)
    (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\E1G60I32.sys -> [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation)
    (UPATC) USBAT Controller Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\upatc.sys -> [2001/11/13 04:25:00 | 000,077,888 | ---- | M] (SCM Microsystems Inc.)
     
    [Registry - All]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
    HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
    HKEY_LOCAL_MACHINE\: Main\\"Page_Transitions" -> 1 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
    HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 1 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
    HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 1 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
    HKEY_USERS\S-1-5-19\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\System32\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/23 02:33:44 | 011,070,976 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
    HKEY_USERS\S-1-5-20\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\System32\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/23 02:33:44 | 011,070,976 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Page_Transitions" -> 1 -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Start Page" -> www.google.com -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/ -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> D9 95 E8 9C 13 51 CA 01  [binary data] -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\System32\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/23 02:33:44 | 011,070,976 | ---- | M] (Microsoft Corporation)
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: "ProxyEnable" -> 1 -> 
    < FireFox Settings [Prefs.js] > -> C:\Users\Kamille\AppData\Roaming\Mozilla\FireFox\Profiles\mptde1l3.default\prefs.js -> 
    extensions.enabledItems -> {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 ->
    extensions.enabledItems -> 6 ->
    extensions.enabledItems -> 2 ->
    extensions.enabledItems -> 48 ->
    extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
    extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3 ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/09/06 03:00:54 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/09 16:23:21 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/04/09 16:23:21 | 000,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > -> 
      -> C:\Users\Kamille\AppData\Roaming\Mozilla\Extensions -> [2009/02/03 18:19:24 | 000,000,000 | ---D | M]
    No name found   -> C:\Users\Kamille\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/02/03 18:19:24 | 000,000,000 | ---D | M]
      -> C:\Users\Kamille\AppData\Roaming\Mozilla\Firefox\Profiles\mptde1l3.default\extensions -> [2010/04/11 00:50:40 | 000,000,000 | ---D | M]
    Microsoft .NET Framework Assistant   -> C:\Users\Kamille\AppData\Roaming\Mozilla\Firefox\Profiles\mptde1l3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/07 17:36:06 | 000,000,000 | ---D | M]
    Adobe DLM (powered by getPlus(R))   -> C:\Users\Kamille\AppData\Roaming\Mozilla\Firefox\Profiles\mptde1l3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2009/10/02 18:02:23 | 000,000,000 | ---D | M]
    < FireFox SearchPlugins [User Folders] > -> 
     winamp-search.xml -> C:\Users\Kamille\AppData\Roaming\Mozilla\Firefox\Profiles\mptde1l3.default\searchplugins\winamp-search.xml -> [2007/06/12 01:08:04 | 000,001,196 | ---- | M] ()
    < FireFox Extensions [Program Folders] > -> 
      -> C:\Program Files\Mozilla Firefox\extensions -> [2008/05/07 15:50:05 | 000,000,000 | ---D | M]
    Default   -> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2010/04/09 16:23:21 | 000,000,000 | ---D | M]
      -> C:\Program Files\Mozilla Firefox\extensions\[email protected] -> [2009/02/03 18:19:12 | 000,000,000 | ---D | M]
    < HOSTS File > ([2010/02/20 13:52:15 | 000,000,743 | ---- | M] - 19 lines) -> C:\WINDOWS\System32\drivers\etc\hosts -> 
    Reset Hosts
    127.0.0.1     localhost
    ::1     localhost
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 16:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> [2007/04/07 05:56:44 | 000,501,400 | ---- | M] (Sun Microsystems, Inc.)
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 10:22:16 | 000,062,784 | ---- | M] (McAfee, Inc.)
    {AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2006/10/22 23:20:26 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/10/22 23:20:26 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/10/22 23:20:26 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
    WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "" ->  [] -> File not found
    "Acrobat Assistant 8.0" -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.)
    "Adobe_ID0EYTHM" -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE] -> [2007/03/20 16:40:44 | 001,884,160 | ---- | M] (Adobe Systems Incorporated)
    "HotKeysCmds" -> C:\Windows\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> File not found
    "HP Health Check Scheduler" -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2007/05/24 16:13:16 | 000,071,176 | ---- | M] (Hewlett-Packard)
    "HP Software Update" -> C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2006/12/10 21:52:38 | 000,049,152 | ---- | M] (Hewlett-Packard Co.)
    "hpsysdrv" -> c:\hp\support\hpsysdrv.exe [c:\hp\support\hpsysdrv.exe] -> [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company)
    "IgfxTray" -> C:\Windows\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> File not found
    "Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation)
    "mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
    "OsdMaestro" -> C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe ["C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"] -> [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro)
    "Persistence" -> C:\Windows\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> File not found
    "StartCCC" -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] -> [2008/01/21 12:17:18 | 000,061,440 | ---- | M] (Advanced Micro Devices, Inc.)
    "SunJavaUpdateReg" -> C:\Windows\System32\jureg.exe ["C:\Windows\system32\jureg.exe"] -> [2007/04/07 05:56:47 | 000,054,936 | ---- | M] (Sun Microsystems, Inc.)
    < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Sidebar" -> C:\Program Files\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/05/07 09:01:37 | 001,232,896 | ---- | M] (Microsoft Corporation)
    "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2006/11/02 08:34:50 | 002,159,104 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Sidebar" -> C:\Program Files\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/05/07 09:01:37 | 001,232,896 | ---- | M] (Microsoft Corporation)
    "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2006/11/02 08:34:50 | 002,159,104 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Aim6" ->  [] -> File not found
    "EA Core" -> C:\Program Files\Electronic Arts\EADM\Core.exe ["C:\Program Files\Electronic Arts\EADM\Core.exe" -silent] -> File not found
    "SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
    "SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/04/01 12:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com)
    "WMPNSCFG" -> C:\Program Files\Windows Media Player\wmpnscfg.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2006/11/02 08:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation)
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
    \\"ConsentPromptBehaviorUser" ->  [1] -> File not found
    \\"EnableInstallerDetection" ->  [1] -> File not found
    \\"EnableLUA" ->  [1] -> File not found
    \\"EnableSecureUIAPaths" ->  [1] -> File not found
    \\"EnableVirtualization" ->  [1] -> File not found
    \\"PromptOnSecureDesktop" ->  [1] -> File not found
    \\"ValidateAdminCodeSignatures" ->  [0] -> File not found
    \\"dontdisplaylastusername" ->  [0] -> File not found
    \\"legalnoticecaption" ->  [] -> File not found
    \\"legalnoticetext" ->  [] -> File not found
    \\"scforceoption" ->  [0] -> File not found
    \\"shutdownwithoutlogon" ->  [1] -> File not found
    \\"undockwithoutlogon" ->  [1] -> File not found
    \\"FilterAdministratorToken" ->  [0] -> File not found
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
    \UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 19:47:50 | 003,604,480 | ---- | M] (Google Inc.)
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 19:47:50 | 003,604,480 | ---- | M] (Google Inc.)
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 19:47:50 | 003,604,480 | ---- | M] (Google Inc.)
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [Menu: Sun Java Console] -> [2007/04/07 05:56:44 | 000,501,400 | ---- | M] (Sun Microsystems, Inc.)
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2003/07/14 18:57:08 | 000,040,512 | ---- | M] (Microsoft Corporation)
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 16:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
    Range1 [:Range = 127.0.0.1] -> http = Local intranet |  -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
    Range1 [:Range = 127.0.0.1] -> http = Local intranet |  -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> http://download.divx.com/player/DivXBrowserPlugin.cab [Reg Error: Key error.] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 192.168.1.1 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {09BBFB6E-FF15-4A8A-88A4-3BF990DEAB2E}\\DhcpNameServer -> 192.168.1.1   (NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter) -> 
    {DC20AA77-DE12-402A-930A-794FF61ECAA1}\\DhcpNameServer -> 204.186.110.76 216.144.187.37 216.144.187.199   (Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)) -> 
    IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
    "MaxScriptStatements" -> Reg Error: Invalid data type.
    "Use My Stylesheet" -> Reg Error: Invalid data type.
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    C:\Windows\system32\userinit.exe -> C:\WINDOWS\System32\userinit.exe -> [2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
    rundll32 shell32 -> C:\Windows\System32\shell32.dll -> [2008/11/06 08:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
    Control_RunDLL "sysdm.cpl" -> C:\Windows\System32\sysdm.cpl -> [2006/11/02 05:44:42 | 000,238,080 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    !SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009/09/03 15:21:42 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
    igfxcui ->  -> File not found
    < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> C:\WINDOWS\System32\webcheck.dll [WebCheck] -> [2009/03/08 07:34:47 | 000,236,544 | ---- | M] (Microsoft Corporation)
    < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> C:\WINDOWS\System32\browseui.dll [Component Categories cache daemon] -> [2006/11/02 05:46:02 | 001,321,472 | ---- | M] (Microsoft Corporation)
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
    < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
    *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
    credssp.dll -> C:\Windows\System32\credssp.dll -> [2006/11/02 05:46:03 | 000,015,360 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
    *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
    msv1_0 -> C:\Windows\System32\msv1_0.dll -> [2009/09/10 13:38:29 | 000,216,576 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
    *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
    kerberos -> C:\Windows\System32\kerberos.dll -> [2009/06/15 11:23:19 | 000,494,592 | ---- | M] (Microsoft Corporation)
    msv1_0 -> C:\Windows\System32\msv1_0.dll -> [2009/09/10 13:38:29 | 000,216,576 | ---- | M] (Microsoft Corporation)
    schannel -> C:\Windows\System32\schannel.dll -> [2009/06/15 11:28:56 | 000,272,384 | ---- | M] (Microsoft Corporation)
    wdigest -> C:\Windows\System32\wdigest.dll -> [2009/06/15 11:29:40 | 000,175,104 | ---- | M] (Microsoft Corporation)
    tspkg -> C:\Windows\System32\tspkg.dll -> [2006/11/02 05:46:13 | 000,061,440 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> [2006/08/30 08:35:12 | 000,952,088 | ---- | M] (EarthLink, Inc.)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    "AlternateShell" -> cmd.exe -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > ->  -> 
    C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/08/03 03:50:20 | 000,000,074 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    \{624103c7-86db-11de-944d-001bb9a41eca}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{624103c7-86db-11de-944d-001bb9a41eca}\shell
    \{624103c7-86db-11de-944d-001bb9a41eca}\shell\\"" ->  [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{624103c7-86db-11de-944d-001bb9a41eca}\shell\AutoRun\command
    \{624103c7-86db-11de-944d-001bb9a41eca}\shell\AutoRun\command\\"" -> J:\setup.exe [J:\setup.exe] -> File not found
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = comfile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Classes\<extension>\ -> 
    .exe [@ = exefile] -> Reg Error: Key error. -> File not found
     
    [Registry - Additional Scans - Safe List]
    < Desktop WallPaper > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General -> 
    WallPaper -> C:\Users\Kamille\Desktop\WALLPAPER copy.jpg -> 
    BackupWallPaper -> C:\Users\Kamille\Desktop\WALLPAPER copy.jpg -> 
    < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
    "services" -> 0 -> 
    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
    *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
    FastUserSwitchingCompatibility ->  -> File not found
    Ias -> C:\WINDOWS\System32\ias -> [2006/11/02 07:18:47 | 000,000,000 | ---D | M]
    Nla ->  -> File not found
    Ntmssvc ->  -> File not found
    NWCWorkstation ->  -> File not found
    Nwsapagent ->  -> File not found
    SRService ->  -> File not found
    Wmi -> C:\WINDOWS\System32\wmi.dll -> [2007/08/03 04:03:18 | 000,005,120 | ---- | M] (Microsoft Corporation)
    WmdmPmSp ->  -> File not found
    LogonHours ->  -> File not found
    PCAudit ->  -> File not found
    helpsvc ->  -> File not found
    uploadmgr ->  -> File not found
    *MultiFile Done* -> -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    batfile [open] -> "%1" %* -> 
    cmdfile [open] -> "%1" %* -> 
    comfile [open] -> "%1" %* -> 
    cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2006/11/02 05:44:59 | 000,211,968 | ---- | M] (Microsoft Corporation)
    exefile [open] -> "%1" %* -> 
    hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 05:45:57 | 000,009,216 | ---- | M] (Microsoft Corporation)
    htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2003/07/14 18:52:56 | 000,055,360 | ---- | M] (Microsoft Corporation)
    htmlfile [print] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> [2003/07/14 18:52:56 | 000,055,360 | ---- | M] (Microsoft Corporation)
    inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2006/11/02 05:45:14 | 000,011,776 | ---- | M] (Microsoft Corporation)
    piffile [open] -> "%1" %* -> 
    scrfile [config] -> "%1" -> 
    scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2006/11/02 05:44:42 | 000,368,640 | ---- | M] (Microsoft Corporation)
    scrfile [open] -> "%1" /S -> 
    Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
    Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2006/11/02 05:44:59 | 000,320,000 | ---- | M] (Microsoft Corporation)
    Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
    Directory [Winamp.Bookmark] -> "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" -> [2008/08/03 19:04:00 | 001,345,376 | ---- | M] (Nullsoft)
    Directory [Winamp.Enqueue] -> "C:\Program Files\Winamp\winamp.exe" /ADD "%1" -> [2008/08/03 19:04:00 | 001,345,376 | ---- | M] (Nullsoft)
    Directory [Winamp.Play] -> "C:\Program Files\Winamp\winamp.exe" "%1" -> [2008/08/03 19:04:00 | 001,345,376 | ---- | M] (Nullsoft)
    Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
    Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
    Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
    < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
    {0046FA01-C5B9-4985-BACB-398DC480FC05} -> Adobe Photoshop CS3
    {02DFF6B1-1654-411C-8D7B-FD6052EF016F} -> Apple Software Update
    {04AF207D-9A77-465A-8B76-991F6AB66245} -> Adobe Help Viewer CS3
    {0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A} -> HiJackThis
    {08B32819-6EEF-4057-AEDA-5AB681A36A23} -> Adobe Bridge Start Meeting
    {08CA9554-B5FE-4313-938F-D4A417B81175} -> QuickTime
    {09E2111C-16B1-4DDF-BF0D-F994C9A12350} -> Adobe Setup
    {0A2C5854-557E-48C8-835A-3B9F074BDCAA} -> Python 2.5
    {0A47BAFF-D4FF-4BD3-96CA-02A22EA62722} -> HP Active Support Library
    {0D2E9DCB-9938-475E-B4DD-8851738852FF} -> AIO_Scan
    {0DDA7620-4F8B-43B3-8828-CA5EE292FA3B} -> HP Total Care Advisor
    {0E20BC97-0C98-75D5-A95C-1BA122FA16D0} -> ccc-core-static
    {14AF024E-2E3B-49D0-A175-D1C1A06B155A} -> muvee autoProducer 6.0
    {16D919E6-F019-4E15-BFBE-4A85EF19DA57} -> Oblivion - Spell Tomes
    {1746EA69-DCB6-4408-B5A5-E75F55439CDF} -> Scan
    {179C56A4-F57F-4561-8BBF-F911D26EB435} -> WebReg
    {184CE391-7E0E-4C63-9935-D7A10EDFD3C6} -> Adobe WinSoft Linguistics Plugin
    {1AE3E621-E0C0-4aa1-B10B-B3E353A8D110} -> c3100_Help
    {1D58229F-C505-45CA-8223-F35F3A34B963} -> Adobe Version Cue CS3 Server
    {209CDA54-D390-46A2-A97C-7BF61734418D} -> WeatherBug Gadget
    {23F79416-CAD1-41BF-99A3-040F6C814AAA} -> NVIDIA Photoshop Plug-ins
    {254C37AA-6B72-4300-84F6-98A82419187E} -> ActiveCheck component for HP Active Support Library
    {282E5AB2-8E47-4571-B6FA-6B512555B557} -> HP Photosmart.All-In-One Driver Software 8.0 .A
    {29E5EA97-5F74-4A57-B8B2-D4F169117183} -> Adobe Stock Photos CS3
    {2EFFFC71-1E66-454E-A6E6-CEEC800B96D2} -> Adobe Flash Video Encoder
    {2F2E3D62-8B8C-448F-8900-451325E50948} -> Oblivion - Wizard's Tower
    {3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java(TM) SE Runtime Environment 6 Update 1
    {338F08AB-C262-42C7-B000-34DE1A475273} -> Ad-Aware Email Scanner for Outlook
    {35CB6715-41F8-4F99-8881-6FC75BF054B0} -> Oblivion
    {35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} -> Roxio Activation Module
    {3ABEBD00-299D-4DCA-967F-B912163AB5EA} -> Oblivion - Horse Armor Pack
    {40F7AED3-0C7D-4582-99F6-484A515C73F2} -> HP Easy Setup - Frontend
    {44CD7894-4B9A-0F27-7B3A-4C36D19FBBD0} -> ccc-utility
    {44F5A980-8A6B-4aca-8D85-EFCE5D67D379} -> AIO_CDA_ProductContext
    {47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} -> Bonjour
    {49F2B650-2D7B-4F59-B33D-346F63776BD3} -> DocProc
    {51846830-E7B2-4218-8968-B77F0FF475B8} -> Adobe Color EU Extra Settings
    {520F4B09-3A51-47A2-82B0-9FF1DC2D20FA} -> Oblivion - Vile Lair
    {5396FBD8-8BD7-47F9-92AE-F62F13D5A11D} -> NETGEAR WG111v3 wireless USB 2.0 adapter
    {54793AA1-5001-42F4-ABB6-C364617C6078} -> Adobe Linguistics CS3
    {5A16ED74-A6B8-EBF3-911D-F669113ED7F9} -> Catalyst Control Center Graphics Previews Vista
    {5E06C076-E4E7-4239-A886-B3D8AC84C166} -> HP Print Diagnostic Utility
    {6087F45E-358C-4173-8CB1-DE0AE26FFAE1} -> Catalyst Control Center - Branding
    {61D9BE89-079C-28F5-12E0-2E9E4EAA8808} -> Catalyst Control Center Graphics Full New
    {669D4A35-146B-4314-89F1-1AC3D7B88367} -> HPAsset component for HP Active Support Library
    {66E6CE0C-5A1E-430C-B40A-0C90FF1804A8} -> eSupportQFolder
    {67D3F1A0-A1F2-49b7-B9EE-011277B170CD} -> HPProductAssistant
    {6ABE0BEE-D572-4FE8-B434-9E72A289431B} -> Adobe Fonts All
    {6B52140A-F189-4945-BFFC-DB3F00B8C589} -> Adobe Flash CS3
    {6B708481-748A-4EB4-97C1-CD386244FF77} -> Adobe MotionPicture Color Files
    {6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} -> AHV content for Acrobat and Flash
    {6D22289D-ED59-4F97-B636-2111EC64F5D4} -> Apple Mobile Device Support
    {6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6} -> HP Active Support Library 32 bit components
    {6D52C408-B09A-4520-9B18-475B81D393F1} -> Microsoft Works
    {6F5E2F4A-377D-4700-B0E3-8F7F7507EA15} -> CustomerResearchQFolder
    {6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} -> Adobe Asset Services CS3
    {7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
    {73C8DECD-5948-F3DB-6B38-B7AF881647A6} -> ATI Catalyst Install Manager
    {74413F61-1FE6-4F7D-AD9F-BAFF1011A500} -> TSR Workshop
    {76333074-2472-5945-CED7-1BA2F09FC23B} -> Catalyst Control Center Graphics Full Existing
    {7879A576-810F-50F6-A919-756C23DE095F} -> CCC Help English
    {7A7DC702-DEDE-42A8-8722-B3BA724D546F} -> Fax
    {7C10F5C7-F00F-4BD3-A110-C7D240D2DD25} -> Adobe Dreamweaver CS3
    {802771A9-A856-4A41-ACF7-1450E523C923} -> Adobe XMP Panels CS3
    {824D3839-DAA1-4315-A822-7AE3E620E528} -> VideoToolkit01
    {8389382B-53BA-4A87-8854-91E3D80A5AC7} -> HP Photosmart Essential2.01
    {84C9913A-C64B-F227-AB07-D04C7EC7E5F2} -> Catalyst Control Center Graphics Light
    {87E2B986-07E8-477a-93DC-AF0B6758B192} -> DocProcQFolder
    {8A4D41F3-3EDA-4DAC-9403-839708EA0667} -> Install(US)2
    {8C6027FD-53DC-446D-BB75-CACD7028A134} -> HP Update
    {8D2BA474-F406-4710-9AE4-D4F22D21F0DD} -> Adobe Device Central CS3
    {8E6808E2-613D-4FCD-81A2-6C8FA8E03312} -> Adobe Type Support
    {90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
    {90176341-0A8B-4CCC-A78D-F862228A6B95} -> Adobe Anchor Service CS3
    {938B1CD7-7C60-491E-AA90-1F1888168240} -> Roxio MyDVD Basic v9
    {95655ED4-7CA5-46DF-907F-7144877A32E5} -> Adobe Color NA Recommended Settings
    {95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9} -> MarketResearch
    {978C25EE-5777-46e4-8988-732C297CBDBD} -> Status
    {9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF} -> Destinations
    {9C9824D9-9000-4373-A6A5-D0E5D4831394} -> Adobe Bridge CS3
    {9DBA770F-BF73-4D39-B1DF-6035D95268FC} -> HP Customer Feedback
    {A0A20753-92DF-4631-82B4-9CACE2FCED6A} -> Oblivion - The Fighter's Stronghold
    {A2B242BD-FF8D-4840-9DAA-9170EABEC59C} -> Adobe CMaps
    {A2D81E70-2A98-4A08-A628-94388B063C5E} -> Adobe Color - Photoshop Specific
    {A36CD345-625C-4d6c-B3E2-76E1248CB451} -> SolutionCenter
    {A3B7C670-4A1E-4EE2-950E-C875BC1965D0} -> Copy
    {A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable
    {AB2AB300-1A60-FB33-96E5-D92BA2879E16} -> Catalyst Control Center Core Implementation
    {AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder
    {AB5E289E-76BF-4251-9F3F-9B763F681AE0} -> HP Customer Experience Enhancements
    {AB61E316-F10B-43eb-B47F-42095835F9CC} -> C3100
    {AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} -> PDF Settings
    {AC76BA86-1033-0000-7760-000000000003} -> Adobe Acrobat 8 Professional
    {AC76BA86-7AD7-1033-7B44-A81200000003} -> Adobe Reader 8.1.2
    {AF1C9345-B53D-4110-BFBF-A0DD83AEAB83} -> AIO_CDA_Software
    {B0A88235-FDF0-4DCD-88A0-D78EA2D03AB9} -> iTunes
    {B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} -> Adobe Camera Raw 4.0
    {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
    {B671CBFD-4109-4D35-9252-3062D3CCB7B2} -> Adobe SING CS3
    {B6ADA0E4-9451-43EB-B86E-878AD9E68D4F} -> LightScribe  1.6.45.1
    {B7F560B3-6EFF-4026-A982-843895A41149} -> Adobe BridgeTalk Plugin CS3
    {B9B35331-B7E4-4E5C-BF4C-7BC87856124D} -> Adobe Default Language CS3
    {BE5F3842-8309-4754-92D5-83E02E6077A3} -> Adobe Extension Manager CS3
    {BE77A81F-B315-4666-9BF3-AE70C0ADB057} -> BufferChm
    {C05D8CDB-417D-4335-A38C-A0659EDFD6B8} -> The Sims&#8482; 3
    {C2D69781-F392-4118-A5A7-C7E9C38DBFC2} -> Adobe ExtendScript Toolkit 2
    {C5BD220A-EFE8-48A5-B70E-9503D535FACE} -> Adobe WAS CS3
    {C716522C-3731-4667-8579-40B098294500} -> Toolbox
    {CB3F8375-B600-4B9F-83C9-238ED1E583FD} -> Adobe InDesign CS3
    {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition
    {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
    {D0DFF92A-492E-4C40-B862-A74A173C25C5} -> Adobe Version Cue CS3 Client
    {D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF} -> Adobe Creative Suite 3 Design Premium
    {D2559B88-CC9D-4B48-81BB-F492BAA9C48C} -> Adobe PDF Library Files
    {D5395E5F-4D45-4665-8F00-234FA33678AF} -> SlimDX Redistributable (March 2009)
    {DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} -> Adobe Color Common Settings
    {DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} -> Adobe Color JA Extra Settings
    {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
    {E06F04B9-45E6-4AC0-8083-85F7515F40F7} -> UnloadSupport
    {E0E1C638-ABF4-CE43-B4EC-61FD2FDDAD06} -> Catalyst Control Center HydraVision Full
    {E2D757D9-369A-C2B2-B58E-3878FDDBA7F8} -> Catalyst Control Center Graphics Previews Common
    {E3E71D07-CD27-46CB-8448-16D4FB29AA13} -> Microsoft WSE 3.0 Runtime
    {E69AE897-9E0B-485C-8552-7841F48D42D8} -> Adobe Update Manager CS3
    {EA7B3CC4-366D-4CF6-8350-FD7A7034116E} -> Adobe InDesign CS3 Icon Handler
    {EB21A812-671B-4D08-B974-2A347F0D8F70} -> HP Photosmart Essential
    {EB75DE50-5754-4F6F-875D-126EDF8E4CB3} -> HPSSupply
    {EC425CFC-EE78-4A91-AA25-3BFA65B75364} -> Oblivion - Orrery
    {EF295F5C-7B57-47AA-8889-6B3E8E214E89} -> Oblivion - Mehrunes Razor
    {F08E8D2E-F132-4742-9C87-D5FF223A016A} -> Adobe Illustrator CS3
    {F1357B2E-CECE-83C7-93F3-C13DDB811D4B} -> Skins
    {F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} -> 32 Bit HP CIO Components Installer
    {F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
    {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
    {F72E2DDC-3DB8-4190-A21D-63883D955FE7} -> PSSWCORE
    {FF075778-6E50-47ed-991D-3B07FD4E3250} -> TrayApp
    {FFFFFD17-B460-41EB-93F1-C48ABAD63828} -> Oblivion - Thieves Den
    Ad-Aware -> Ad-Aware
    Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
    Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
    Adobe_c14ac4070fd9614ffe63f4bb533db2c -> Add or Remove Adobe Creative Suite 3 Design Premium
    AIM_6 -> AIM 6
    ASIO4ALL -> ASIO4ALL
    BookCoverPro -> BookCoverPro (remove only)
    CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1 -> Soft Data Fax Modem with SmartCP
    ComcastHSI -> Comcast High-Speed Internet Install Wizard
    HP Imaging Device Functions -> HP Imaging Device Functions 8.0
    HP Photosmart Essential -> HP Photosmart Essential 2.01
    HP Solution Center & Imaging Support Tools -> HP Solution Center 8.0
    HPExtendedCapabilities -> HP Customer Participation Program 8.0
    HPOCR -> HP OCR Software 8.0
    InfraRecorder -> InfraRecorder
    InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D} -> NETGEAR WG111v3 wireless USB 2.0 adapter
    LimeWire -> LimeWire 4.18.2
    Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
    McAfee Security Scan -> McAfee Security Scan
    MegaStat Installer -> MegaStat Installer
    Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
    Mozilla Firefox (3.6.3) -> Mozilla Firefox (3.6.3)
    MSC -> McAfee SecurityCenter
    Network Play System (Patching) -> Network Play System (Patching)
    OsdMaestro -> HP On-Screen Cap/Num/Scroll Lock Indicator
    Picasa 3 -> Picasa 3
    TightVNC_is1 -> TightVNC 1.3.10
    TS3 Install Helper Monkey -> TS3 Install Helper Monkey
    WildTangent hp Master Uninstall -> My HP Games
    Winamp -> Winamp
    WinRAR archiver -> WinRAR archiver
    < Uninstall List [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
    uTorrent -> µTorrent
    < EventViewer Logs - Last 10 Errors > -> Event Information -> Description
    Application [ Error ] 4/11/2010 2:40:56 PM Computer Name = Kamille-PC | Source = Application Error | ID = 1000 -> Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp 0x4549adc4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x08cccf98,  process id 0x408, application start time 0x01cad9a58694103e.
    Application [ Error ] 4/11/2010 3:14:54 PM Computer Name = Kamille-PC | Source = WerSvc | ID = 5007 -> Description = 
    Application [ Error ] 4/11/2010 3:28:06 PM Computer Name = Kamille-PC | Source = Lavasoft Ad-Aware Service | ID = 0 -> Description = 
    Application [ Error ] 4/11/2010 3:42:21 PM Computer Name = Kamille-PC | Source = McLogEvent | ID = 5051 -> Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.    The process will be terminated.  Thread id : 3696 (0xe70)    Thread address : 0x778B0F34    Thread message :      Build VSCORE.14.0.0.435 / 5400.1158   Object being scanned = \Device\HarddiskVolume1\Users\Kamille\Desktop\Downloaded Programs\58b9c71da2f2ae696e7a235cd9b7ee14.exe   by C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe   4(0)(0)   4(0)(0)   7200(0)(0)   7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  
    Application [ Error ] 4/11/2010 4:32:39 PM Computer Name = Kamille-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 -> Description = 
    Application [ Error ] 4/11/2010 4:32:43 PM Computer Name = Kamille-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 -> Description = 
    Application [ Error ] 4/11/2010 4:32:44 PM Computer Name = Kamille-PC | Source = System Restore | ID = 8193 -> Description = 
    Application [ Error ] 4/11/2010 4:32:49 PM Computer Name = Kamille-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 -> Description = 
    Application [ Error ] 4/11/2010 4:32:49 PM Computer Name = Kamille-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 -> Description = 
    Application [ Error ] 4/11/2010 4:32:50 PM Computer Name = Kamille-PC | Source = System Restore | ID = 8193 -> Description = 
    System [ Error ] 4/11/2010 3:13:15 PM Computer Name = Kamille-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 3:11:36 PM on 4/11/2010 was unexpected.
    System [ Error ] 4/11/2010 3:17:07 PM Computer Name = Kamille-PC | Source = Service Control Manager | ID = 7009 -> Description = 
    System [ Error ] 4/11/2010 3:17:07 PM Computer Name = Kamille-PC | Source = Service Control Manager | ID = 7000 -> Description = 
    System [ Error ] 4/11/2010 3:19:41 PM Computer Name = Kamille-PC | Source = Service Control Manager | ID = 7022 -> Description = 
    System [ Error ] 4/11/2010 3:28:06 PM Computer Name = Kamille-PC | Source = Service Control Manager | ID = 7030 -> Description = 
    System [ Error ] 4/11/2010 3:42:23 PM Computer Name = Kamille-PC | Source = Service Control Manager | ID = 7031 -> Description = 
    System [ Error ] 4/11/2010 4:32:45 PM Computer Name = Kamille-PC | Source = atikmdag | ID = 45062 -> Description = CRT invalid display type
    System [ Error ] 4/11/2010 8:18:26 PM Computer Name = Kamille-PC | Source = atikmdag | ID = 45062 -> Description = CRT invalid display type
    System [ Error ] 4/11/2010 8:19:21 PM Computer Name = Kamille-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.11 for the Network Card with network address 00223FFF5927 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    System [ Error ] 4/11/2010 9:10:54 PM Computer Name = Kamille-PC | Source = atikmdag | ID = 45062 -> Description = CRT invalid display type
     
    [Files/Folders - Created Within 30 Days]
     TrendMicro -> C:\Program Files\TrendMicro -> [2010/04/11 16:32:51 | 000,000,000 | ---D | C]
     Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2010/04/11 15:31:27 | 000,064,288 | ---- | C] (Lavasoft AB)
     DRVSTORE -> C:\Windows\System32\DRVSTORE -> [2010/04/11 15:31:26 | 000,000,000 | ---D | C]
     SBREDrv.sys -> C:\Windows\System32\drivers\SBREDrv.sys -> [2010/04/11 15:31:08 | 000,095,024 | ---- | C] (Sunbelt Software)
     {74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> [2010/04/11 15:26:24 | 000,000,000 | -H-D | C]
     Lavasoft -> C:\Program Files\Lavasoft -> [2010/04/11 15:25:14 | 000,000,000 | ---D | C]
     Lavasoft -> C:\ProgramData\Lavasoft -> [2010/04/11 15:25:13 | 000,000,000 | ---D | C]
     TightVNC -> C:\Program Files\TightVNC -> [2010/04/10 23:19:03 | 000,000,000 | ---D | C]
     SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2010/04/09 11:20:09 | 000,000,000 | ---D | C]
     SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/04/09 11:09:53 | 000,000,000 | ---D | C]
     SUPERAntiSpyware.com -> C:\Users\Kamille\AppData\Roaming\SUPERAntiSpyware.com -> [2010/04/09 11:09:52 | 000,000,000 | ---D | C]
     Wise Installation Wizard -> C:\Program Files\Common Files\Wise Installation Wizard -> [2010/04/09 11:08:46 | 000,000,000 | ---D | C]
     BookCoverPro -> C:\Users\Kamille\AppData\Roaming\BookCoverPro -> [2010/04/03 12:41:13 | 000,000,000 | ---D | C]
     PlanetIcon -> C:\Program Files\PlanetIcon -> [2010/04/03 12:40:47 | 000,000,000 | ---D | C]
     msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2010/03/31 23:39:16 | 000,594,432 | ---- | C] (Microsoft Corporation)
     mstime.dll -> C:\Windows\System32\mstime.dll -> [2010/03/31 23:39:14 | 000,611,840 | ---- | C] (Microsoft Corporation)
     iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2010/03/31 23:39:14 | 000,387,584 | ---- | C] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2010/03/31 23:39:13 | 001,469,440 | ---- | C] (Microsoft Corporation)
     ieui.dll -> C:\Windows\System32\ieui.dll -> [2010/03/31 23:39:13 | 000,164,352 | ---- | C] (Microsoft Corporation)
     iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2010/03/31 23:39:12 | 000,184,320 | ---- | C] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2010/03/31 23:39:12 | 000,133,632 | ---- | C] (Microsoft Corporation)
     iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2010/03/31 23:39:11 | 000,109,056 | ---- | C] (Microsoft Corporation)
     msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2010/03/31 23:39:11 | 000,055,296 | ---- | C] (Microsoft Corporation)
     jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2010/03/31 23:39:11 | 000,025,600 | ---- | C] (Microsoft Corporation)
     ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2010/03/31 23:39:09 | 000,173,056 | ---- | C] (Microsoft Corporation)
     msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2010/03/31 23:39:09 | 000,013,312 | ---- | C] (Microsoft Corporation)
     mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2010/03/31 23:39:08 | 001,638,912 | ---- | C] (Microsoft Corporation)
     iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2010/03/31 23:39:08 | 000,071,680 | ---- | C] (Microsoft Corporation)
     iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2010/03/31 23:39:08 | 000,055,808 | ---- | C] (Microsoft Corporation)
     5 C:\Users\Kamille\Documents\*.tmp files -> C:\Users\Kamille\Documents\*.tmp -> 
     2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> 
     1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> 
     
    [Files/Folders - Modified Within 30 Days]
     NTUSER.DAT -> C:\Users\Kamille\NTUSER.DAT -> [2010/04/11 21:20:50 | 004,194,304 | -HS- | M] ()
     7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/11 21:13:28 | 000,003,456 | -H-- | M] ()
     7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/11 21:13:28 | 000,003,456 | -H-- | M] ()
     Config.MPF -> C:\Windows\System32\Config.MPF -> [2010/04/11 20:20:01 | 000,017,595 | ---- | M] ()
     bootstat.dat -> C:\Windows\bootstat.dat -> [2010/04/11 20:18:28 | 000,067,584 | --S- | M] ()
     Model Photographic Release Kamille.doc -> C:\Users\Kamille\Documents\Model Photographic Release Kamille.doc -> [2010/04/11 16:54:23 | 000,025,600 | ---- | M] ()
     HiJackThis.lnk -> C:\Users\Kamille\Desktop\HiJackThis.lnk -> [2010/04/11 16:37:19 | 000,002,521 | ---- | M] ()
     SBREDrv.sys -> C:\Windows\System32\drivers\SBREDrv.sys -> [2010/04/11 15:30:58 | 000,095,024 | ---- | M] (Sunbelt Software)
     lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/04/11 15:30:55 | 000,015,880 | ---- | M] ()
     Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2010/04/11 15:26:21 | 000,001,013 | ---- | M] ()
     SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/04/11 15:13:31 | 000,000,006 | -H-- | M] ()
     IconCache.db -> C:\Users\Kamille\AppData\Local\IconCache.db -> [2010/04/11 14:30:28 | 002,662,939 | -H-- | M] ()
     perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/04/11 14:30:14 | 000,618,410 | ---- | M] ()
     perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/04/11 14:30:14 | 000,103,818 | ---- | M] ()
     PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/04/11 14:30:13 | 000,716,948 | ---- | M] ()
     SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/04/09 11:10:03 | 000,000,908 | ---- | M] ()
     8s32 -> C:\Users\Kamille\AppData\Local\8s32 -> [2010/04/04 00:37:27 | 000,007,792 | -HS- | M] ()
     8s32 -> C:\ProgramData\8s32 -> [2010/04/04 00:37:27 | 000,007,792 | -HS- | M] ()
     d3d9caps.dat -> C:\Users\Kamille\AppData\Local\d3d9caps.dat -> [2010/04/03 17:49:24 | 000,001,356 | ---- | M] ()
     ntuser.pol -> C:\ProgramData\ntuser.pol -> [2010/04/03 17:27:14 | 000,000,258 | RHS- | M] ()
     Adobe Acrobat Speed Launcher.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> [2010/04/03 17:19:28 | 000,002,473 | ---- | M] ()
     LK2mfPE2j -> C:\Users\Kamille\AppData\Local\LK2mfPE2j -> [2010/04/03 16:45:19 | 000,004,238 | -HS- | M] ()
     LK2mfPE2j -> C:\ProgramData\LK2mfPE2j -> [2010/04/03 16:45:19 | 000,004,238 | -HS- | M] ()
     2927340765.dll -> C:\Users\Kamille\AppData\Local\2927340765.dll -> [2010/04/03 16:44:20 | 000,184,320 | -HS- | M] ()
     BookCoverPro.lnk -> C:\Users\Public\Desktop\BookCoverPro.lnk -> [2010/04/03 12:40:51 | 000,000,999 | ---- | M] ()
     0S70 -> C:\ProgramData\0S70 -> [2010/04/02 02:25:48 | 000,009,328 | -HS- | M] ()
     0S70 -> C:\Users\Kamille\AppData\Local\0S70 -> [2010/04/02 02:25:47 | 000,009,328 | -HS- | M] ()
     1632078083.dll -> C:\Users\Kamille\AppData\Local\1632078083.dll -> [2010/04/01 14:39:29 | 000,183,296 | -HS- | M] ()
     J7Qo -> C:\Users\Kamille\AppData\Local\J7Qo -> [2010/04/01 08:08:49 | 000,009,686 | -HS- | M] ()
     J7Qo -> C:\ProgramData\J7Qo -> [2010/04/01 08:08:49 | 000,009,686 | -HS- | M] ()
     McQcTask.job -> C:\Windows\tasks\McQcTask.job -> [2010/04/01 01:00:19 | 000,000,322 | ---- | M] ()
     mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
     mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation)
     Microsoft Office Word 2003.lnk -> C:\Users\Kamille\Desktop\Microsoft Office Word 2003.lnk -> [2010/03/29 10:35:00 | 000,002,609 | ---- | M] ()
     romeessayrevised.doc -> C:\Users\Kamille\Documents\romeessayrevised.doc -> [2010/03/24 17:20:55 | 000,025,600 | ---- | M] ()
     rome essay.doc -> C:\Users\Kamille\Documents\rome essay.doc -> [2010/03/24 14:09:45 | 000,027,648 | ---- | M] ()
     rome2.doc -> C:\Users\Kamille\Documents\rome2.doc -> [2010/03/23 13:08:44 | 000,026,112 | ---- | M] ()
     MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2010/03/19 23:38:56 | 125,094,915 | ---- | M] ()
     tylerKF.jpg -> C:\Users\Kamille\Documents\tylerKF.jpg -> [2010/03/17 13:37:08 | 000,189,492 | ---- | M] ()
     hpoins18.dat -> C:\Windows\hpoins18.dat -> [2010/03/15 22:05:55 | 000,130,860 | ---- | M] ()
     win.ini -> C:\Windows\win.ini -> [2010/03/15 14:27:06 | 000,000,275 | ---- | M] ()
     homework.xls -> C:\Users\Kamille\Documents\homework.xls -> [2010/03/14 20:31:19 | 000,024,576 | ---- | M] ()
     SmJH0PiNoUR -> C:\Users\Kamille\AppData\Local\SmJH0PiNoUR -> [2010/03/13 23:56:48 | 000,009,278 | -HS- | M] ()
     5 C:\Users\Kamille\Documents\*.tmp files -> C:\Users\Kamille\Documents\*.tmp -> 
     40 C:\Users\Kamille\AppData\Local\Temp\*.tmp files -> C:\Users\Kamille\AppData\Local\Temp\*.tmp -> 
     2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> 
     1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> 
     
    [Files - No Company Name]
     Model Photographic Release Kamille.doc -> C:\Users\Kamille\Documents\Model Photographic Release Kamille.doc -> [2010/04/11 16:54:23 | 000,025,600 | ---- | C] ()
     HiJackThis.lnk -> C:\Users\Kamille\Desktop\HiJackThis.lnk -> [2010/04/11 16:32:54 | 000,002,521 | ---- | C] ()
     lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/04/11 15:47:36 | 000,015,880 | ---- | C] ()
     Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2010/04/11 15:26:21 | 000,001,013 | ---- | C] ()
     SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/04/09 11:10:03 | 000,000,908 | ---- | C] ()
     8s32 -> C:\Users\Kamille\AppData\Local\8s32 -> [2010/04/03 23:36:52 | 000,007,792 | -HS- | C] ()
     8s32 -> C:\ProgramData\8s32 -> [2010/04/03 23:36:52 | 000,007,792 | -HS- | C] ()
     ntuser.pol -> C:\ProgramData\ntuser.pol -> [2010/04/03 17:27:14 | 000,000,258 | RHS- | C] ()
     BookCoverPro.lnk -> C:\Users\Public\Desktop\BookCoverPro.lnk -> [2010/04/03 12:40:51 | 000,000,999 | ---- | C] ()
     2927340765.dll -> C:\Users\Kamille\AppData\Local\2927340765.dll -> [2010/04/02 20:10:45 | 000,184,320 | -HS- | C] ()
     LK2mfPE2j -> C:\Users\Kamille\AppData\Local\LK2mfPE2j -> [2010/04/02 19:57:57 | 000,004,238 | -HS- | C] ()
     LK2mfPE2j -> C:\ProgramData\LK2mfPE2j -> [2010/04/02 19:57:57 | 000,004,238 | -HS- | C] ()
     1632078083.dll -> C:\Users\Kamille\AppData\Local\1632078083.dll -> [2010/04/01 14:39:29 | 000,183,296 | -HS- | C] ()
     0S70 -> C:\Users\Kamille\AppData\Local\0S70 -> [2010/04/01 14:38:46 | 000,009,328 | -HS- | C] ()
     0S70 -> C:\ProgramData\0S70 -> [2010/04/01 14:38:46 | 000,009,328 | -HS- | C] ()
     J7Qo -> C:\Users\Kamille\AppData\Local\J7Qo -> [2010/03/30 14:27:50 | 000,009,686 | -HS- | C] ()
     J7Qo -> C:\ProgramData\J7Qo -> [2010/03/30 14:27:50 | 000,009,686 | -HS- | C] ()
     romeessayrevised.doc -> C:\Users\Kamille\Documents\romeessayrevised.doc -> [2010/03/24 15:11:19 | 000,025,600 | ---- | C] ()
     rome2.doc -> C:\Users\Kamille\Documents\rome2.doc -> [2010/03/23 13:08:44 | 000,026,112 | ---- | C] ()
     rome essay.doc -> C:\Users\Kamille\Documents\rome essay.doc -> [2010/03/18 17:05:21 | 000,027,648 | ---- | C] ()
     tylerKF.jpg -> C:\Users\Kamille\Documents\tylerKF.jpg -> [2010/03/17 13:37:05 | 000,189,492 | ---- | C] ()
     homework.xls -> C:\Users\Kamille\Documents\homework.xls -> [2010/03/14 20:31:19 | 000,024,576 | ---- | C] ()
     SmJH0PiNoUR -> C:\Users\Kamille\AppData\Local\SmJH0PiNoUR -> [2010/03/13 23:45:07 | 000,009,278 | -HS- | C] ()
     nvRegDev.dll -> C:\Windows\System32\nvRegDev.dll -> [2009/12/26 03:50:41 | 000,151,552 | ---- | C] ()
     BlendSettings.ini -> C:\Windows\BlendSettings.ini -> [2009/08/13 20:47:29 | 000,000,023 | ---- | C] ()
     sptd.sys -> C:\Windows\System32\drivers\sptd.sys -> [2009/08/10 15:23:44 | 000,721,904 | ---- | C] ()
     NPSWF32.dll -> C:\Windows\System32\NPSWF32.dll -> [2008/05/07 01:38:36 | 002,463,976 | ---- | C] ()
     ODBC.INI -> C:\Windows\ODBC.INI -> [2008/05/07 01:16:53 | 000,000,376 | ---- | C] ()
     igfxCoIn_v1277.dll -> C:\Windows\System32\igfxCoIn_v1277.dll -> [2007/08/03 03:24:18 | 000,204,800 | ---- | C] ()
     pythoncom25.dll -> C:\Windows\System32\pythoncom25.dll -> [2007/08/03 03:16:04 | 000,327,680 | ---- | C] ()
     pywintypes25.dll -> C:\Windows\System32\pywintypes25.dll -> [2007/08/03 03:16:04 | 000,102,400 | ---- | C] ()
     CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2006/12/14 02:01:36 | 000,520,192 | ---- | C] ()
     CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2006/12/14 02:01:36 | 000,204,800 | ---- | C] ()
     GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 08:37:35 | 000,030,808 | ---- | C] ()
     GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 08:37:35 | 000,029,779 | ---- | C] ()
     GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 08:37:35 | 000,026,489 | ---- | C] ()
     GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 08:37:35 | 000,026,040 | ---- | C] ()
     sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 08:35:32 | 000,005,632 | ---- | C] ()
     atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 06:25:44 | 000,159,744 | ---- | C] ()
     pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 03:40:29 | 000,013,750 | ---- | C] ()
     OUTLPERF.INI -> C:\Windows\System32\OUTLPERF.INI -> [2003/01/07 11:05:08 | 000,002,695 | ---- | C] ()
     
    [File - Lop Check]
     acccore -> C:\Users\Kamille\AppData\Roaming\acccore -> [2007/07/10 10:27:48 | 000,000,000 | ---D | M]
     BookCoverPro -> C:\Users\Kamille\AppData\Roaming\BookCoverPro -> [2010/04/03 12:41:33 | 000,000,000 | ---D | M]
     FOG Downloader -> C:\Users\Kamille\AppData\Roaming\FOG Downloader -> [2009/09/19 00:18:56 | 000,000,000 | ---D | M]
     Image Zone Express -> C:\Users\Kamille\AppData\Roaming\Image Zone Express -> [2010/02/09 20:36:21 | 000,000,000 | ---D | M]
     InfraRecorder -> C:\Users\Kamille\AppData\Roaming\InfraRecorder -> [2008/06/05 20:12:21 | 000,000,000 | ---D | M]
     LimeWire -> C:\Users\Kamille\AppData\Roaming\LimeWire -> [2009/10/06 22:32:23 | 000,000,000 | ---D | M]
     McGraw-HillLicensing -> C:\Users\Kamille\AppData\Roaming\McGraw-HillLicensing -> [2010/01/28 21:47:28 | 000,000,000 | ---D | M]
     Printer Info Cache -> C:\Users\Kamille\AppData\Roaming\Printer Info Cache -> [2007/06/12 22:54:24 | 000,000,000 | ---D | M]
     TSRWorkshop -> C:\Users\Kamille\AppData\Roaming\TSRWorkshop -> [2009/12/26 03:18:40 | 000,000,000 | ---D | M]
     uTorrent -> C:\Users\Kamille\AppData\Roaming\uTorrent -> [2010/02/26 04:01:05 | 000,000,000 | ---D | M]
     McDefragTask.job -> C:\WINDOWS\Tasks\McDefragTask.job -> [2010/02/16 17:27:04 | 000,000,344 | ---- | M] ()
     McQcTask.job -> C:\WINDOWS\Tasks\McQcTask.job -> [2010/04/01 01:00:19 | 000,000,322 | ---- | M] ()
     SCHEDLGU.TXT -> C:\WINDOWS\Tasks\SCHEDLGU.TXT -> [2010/04/11 14:41:26 | 000,032,590 | ---- | M] ()
     
    [File - Purity Scan]
     
    [Custom Scans]
    < %SYSTEMDRIVE%\*.exe >
    < MD5 Scans Start>
    < %systemdrive%\AGP440.SYS  /md5 /s >
     AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys -> [2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation)
     AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\WINDOWS\System32\drivers\AGP440.sys -> [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation)
     AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys -> [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\AHCIX86S.SYS  /md5 /s >
     ahcix86s.sys : MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -> C:\ATI\SUPPORT\8-4_vista32_dd_ccc_wdm_enu_61008\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys -> [2007/12/19 17:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.)
     ahcix86s.sys : MD5=67740F91B47434CC6173A35667A4BA66 -> C:\ATI\SUPPORT\8-4_vista32_dd_ccc_wdm_enu_61008\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys -> [2006/12/28 19:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.)
    < %systemdrive%\ATAPI.SYS  /md5 /s >
     atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys -> [2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -> C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys -> [2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\WINDOWS\System32\drivers\atapi.sys -> [2008/05/07 09:10:03 | 000,021,560 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys -> [2008/05/07 09:10:03 | 000,021,560 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys -> [2008/05/07 09:10:03 | 000,021,560 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=E03E8C99D15D0381E02743C36AFC7C6F -> C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys -> [2008/05/07 09:10:02 | 000,021,560 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\CNGAUDIT.DLL  /md5 /s >
     cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\WINDOWS\System32\cngaudit.dll -> [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation)
     cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll -> [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\IASTORV.SYS  /md5 /s >
     iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys -> [2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation)
     iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\WINDOWS\System32\drivers\iaStorV.sys -> [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
     iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys -> [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
    < %systemdrive%\NETLOGON.DLL  /md5 /s >
     netlogon.dll : MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -> C:\WINDOWS\System32\netlogon.dll -> [2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation)
     netlogon.dll : MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -> C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll -> [2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation)
     netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll -> [2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\NVSTOR.SYS  /md5 /s >
     nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\WINDOWS\System32\drivers\nvstor.sys -> [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
     nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys -> [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
     nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys -> [2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation)
    < %systemdrive%\SCECLI.DLL  /md5 /s >
     scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll -> [2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation)
     scecli.dll : MD5=80E2839D05CA5970A86D7BE2A08BFF61 -> C:\WINDOWS\System32\scecli.dll -> [2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation)
     scecli.dll : MD5=80E2839D05CA5970A86D7BE2A08BFF61 -> C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll -> [2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation)
    < MD5 Scans End>
    < %systemroot%\*. /mp /s >
    OTS cannot create restorepoints on Vista OSs!
    < %systemroot%\system32\*.dll /lockedfiles >
     rsaenh.dll : Unable to obtain MD5  -> C:\WINDOWS\System32\rsaenh.dll -> [2006/11/02 05:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation)
     SLC.dll : Unable to obtain MD5  -> C:\WINDOWS\System32\SLC.dll -> [2008/05/07 09:04:47 | 000,223,232 | ---- | M] (Microsoft Corporation)
     2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> 
    < %systemroot%\Tasks\*.job /lockedfiles >
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
     sptd.sys : Unable to obtain MD5  -> C:\WINDOWS\System32\drivers\sptd.sys -> [2009/08/11 06:23:23 | 000,721,904 | ---- | M] ()
     1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> 
    < %systemroot%\System32\config\*.sav >
     COMPONENTS.SAV -> C:\WINDOWS\System32\config\COMPONENTS.SAV -> [2006/11/02 06:34:05 | 000,008,192 | ---- | M] ()
     DEFAULT.SAV -> C:\WINDOWS\System32\config\DEFAULT.SAV -> [2006/11/02 06:34:05 | 000,020,480 | ---- | M] ()
     SECURITY.SAV -> C:\WINDOWS\System32\config\SECURITY.SAV -> [2006/11/02 06:34:05 | 000,008,192 | ---- | M] ()
     SOFTWARE.SAV -> C:\WINDOWS\System32\config\SOFTWARE.SAV -> [2006/11/02 06:34:08 | 010,133,504 | ---- | M] ()
     SYSTEM.SAV -> C:\WINDOWS\System32\config\SYSTEM.SAV -> [2006/11/02 06:34:08 | 001,826,816 | ---- | M] ()
     
    [HardLinks - Junction Points - Mount Points - Symbolic Links]
    capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> HardLink
    < End of report >
    
     
  4. dustfae

    dustfae Thread Starter

    Joined:
    Apr 11, 2010
    Messages:
    9
    Thank you so much for agreeing to help me, now I am going to do the GMER scan
    here is my OTS scan:

    Code:
    OTS logfile created on: 4/11/2010 9:13:06 PM - Run 1
    OTS by OldTimer - Version 3.1.28.1     Folder = C:\Users\Kamille\Downloads
    Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18904)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1,023.00 Mb Total Physical Memory | 526.00 Mb Available Physical Memory | 51.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 42.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.09 Gb Total Space | 19.28 Gb Free Space | 18.70% Space Free | Partition Type: NTFS
    Drive D: | 8.69 Gb Total Space | 1.20 Gb Free Space | 13.75% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    F: Drive not present or media not loaded
    Drive G: | 74.50 Gb Total Space | 44.61 Gb Free Space | 59.87% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: KAMILLE-PC
    Current User Name: Kamille
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots(2).exe -> C:\Users\Kamille\Downloads\OTS(2).exe -> [2010/04/11 21:10:02 | 000,638,464 | ---- | M] (OldTimer Tools)
    aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2010/04/11 15:30:36 | 000,818,256 | ---- | M] (Lavasoft)
    aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/04/11 15:30:35 | 001,265,264 | ---- | M] (Lavasoft)
    superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2010/04/01 12:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com)
    mcagent.exe -> C:\Program Files\McAfee.com\Agent\mcagent.exe -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
    mpfsrv.exe -> C:\Program Files\McAfee\MPF\MpfSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
    mcods.exe -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.)
    mcvsshld.exe -> c:\Program Files\McAfee\VirusScan\mcvsshld.exe -> [2009/09/16 11:23:32 | 000,262,160 | ---- | M] (McAfee, Inc.)
    mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.)
    mcsysmon.exe -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
    wmplayer.exe -> C:\Program Files\Windows Media Player\wmplayer.exe -> [2009/09/10 11:29:33 | 000,168,960 | ---- | M] (Microsoft Corporation)
    ssscheduler.exe -> C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe -> [2009/07/27 20:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.)
    mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
    mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
    mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
    wg111v3.exe -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe -> [2008/06/13 16:26:54 | 002,498,560 | ---- | M] ()
    fnplicensingservice.exe -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/05/07 01:25:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)
    hpsysdrv.exe -> C:\hp\support\hpsysdrv.exe -> [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company)
    osd.exe -> C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe -> [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro)
    schtasks.exe -> C:\WINDOWS\System32\schtasks.exe -> [2006/11/02 05:45:39 | 000,150,016 | ---- | M] (Microsoft Corporation)
    acrotray.exe -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.)
     
    [Modules - Safe List]
    ots(2).exe -> C:\Users\Kamille\Downloads\OTS(2).exe -> [2010/04/11 21:10:02 | 000,638,464 | ---- | M] (OldTimer Tools)
    comctl32.dll -> C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll -> [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation)
     
    [Win32 Services - Safe List]
    (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/04/11 15:30:35 | 001,265,264 | ---- | M] (Lavasoft)
    (MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
    (McODS) McAfee Scanner [On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.)
    (McShield) McAfee Real-time Scanner [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.)
    (McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
    (mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
    (McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
    (McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
    (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Running] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/05/07 01:25:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)
    (WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2007/08/03 03:58:33 | 000,265,912 | ---- | M] (Microsoft Corporation)
    (Adobe Version Cue CS3) Adobe Version Cue CS3 [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated)
     
    [Driver Services - Safe List]
    (SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    (SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    (SASENUM) SASENUM [Kernel | On_Demand | Running] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    (Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB)
    (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\mfehidk.sys -> [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.)
    (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfeavfk.sys -> [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.)
    (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfesmfk.sys -> [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.)
    (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfebopk.sys -> [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.)
    (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\mferkdk.sys -> [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.)
    (sptd) sptd [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\sptd.sys -> [2009/08/11 06:23:23 | 000,721,904 | ---- | M] ()
    (MPFP) MPFP [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\Mpfp.sys -> [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.)
    (HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\HSXHWBS2.sys -> [2008/05/08 06:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.)
    (winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\HSX_CNXT.sys -> [2008/05/08 06:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.)
    (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\HSX_DP.sys -> [2008/05/08 06:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.)
    (R300) R300 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\atikmdag.sys -> [2008/03/29 02:24:16 | 003,544,064 | ---- | M] (ATI Technologies Inc.)
    (atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\atikmdag.sys -> [2008/03/29 02:24:16 | 003,544,064 | ---- | M] (ATI Technologies Inc.)
    (RTL8187B) NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\wg111v3.sys -> [2007/12/28 15:58:30 | 000,289,280 | ---- | M] (NETGEAR Inc.                           )
    (XAudio) XAudio [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\XAudio.sys -> [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.)
    (RtlProt) Realtke RtlProt WLAN Utility Protocol Driver [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\RtlProt.sys -> [2007/04/23 11:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
    (RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\Rtlh86.sys -> [2007/03/05 17:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            )
    (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation)
    (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.)
    (elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex)
    (adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.)
    (uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.)
    (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
    (adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.)
    (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.)
    (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
    (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)
    (UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.)
    (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.)
    (nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation)
    (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation)
    (iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
    (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems)
    (nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
    (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.)
    (arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.)
    (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic)
    (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
    (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company)
    (arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.)
    (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
    (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
    (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic)
    (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic)
    (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic)
    (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic)
    (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)
    (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic)
    (megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation)
    (viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.)
    (cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.)
    (aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.)
    (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)
    (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
    (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
    (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
    (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
    (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
    (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies)
    (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\E1G60I32.sys -> [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation)
    (UPATC) USBAT Controller Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\upatc.sys -> [2001/11/13 04:25:00 | 000,077,888 | ---- | M] (SCM Microsystems Inc.)
     
    [Registry - All]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
    HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
    HKEY_LOCAL_MACHINE\: Main\\"Page_Transitions" -> 1 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
    HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 1 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
    HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 1 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
    HKEY_USERS\S-1-5-19\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\System32\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/23 02:33:44 | 011,070,976 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
    HKEY_USERS\S-1-5-20\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\System32\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/23 02:33:44 | 011,070,976 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Page_Transitions" -> 1 -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Start Page" -> www.google.com -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/ -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> D9 95 E8 9C 13 51 CA 01  [binary data] -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\System32\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/23 02:33:44 | 011,070,976 | ---- | M] (Microsoft Corporation)
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\: "ProxyEnable" -> 1 -> 
    < FireFox Settings [Prefs.js] > -> C:\Users\Kamille\AppData\Roaming\Mozilla\FireFox\Profiles\mptde1l3.default\prefs.js -> 
    extensions.enabledItems -> {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 ->
    extensions.enabledItems -> 6 ->
    extensions.enabledItems -> 2 ->
    extensions.enabledItems -> 48 ->
    extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
    extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3 ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/09/06 03:00:54 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/09 16:23:21 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/04/09 16:23:21 | 000,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > -> 
      -> C:\Users\Kamille\AppData\Roaming\Mozilla\Extensions -> [2009/02/03 18:19:24 | 000,000,000 | ---D | M]
    No name found   -> C:\Users\Kamille\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/02/03 18:19:24 | 000,000,000 | ---D | M]
      -> C:\Users\Kamille\AppData\Roaming\Mozilla\Firefox\Profiles\mptde1l3.default\extensions -> [2010/04/11 00:50:40 | 000,000,000 | ---D | M]
    Microsoft .NET Framework Assistant   -> C:\Users\Kamille\AppData\Roaming\Mozilla\Firefox\Profiles\mptde1l3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/07 17:36:06 | 000,000,000 | ---D | M]
    Adobe DLM (powered by getPlus(R))   -> C:\Users\Kamille\AppData\Roaming\Mozilla\Firefox\Profiles\mptde1l3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2009/10/02 18:02:23 | 000,000,000 | ---D | M]
    < FireFox SearchPlugins [User Folders] > -> 
     winamp-search.xml -> C:\Users\Kamille\AppData\Roaming\Mozilla\Firefox\Profiles\mptde1l3.default\searchplugins\winamp-search.xml -> [2007/06/12 01:08:04 | 000,001,196 | ---- | M] ()
    < FireFox Extensions [Program Folders] > -> 
      -> C:\Program Files\Mozilla Firefox\extensions -> [2008/05/07 15:50:05 | 000,000,000 | ---D | M]
    Default   -> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2010/04/09 16:23:21 | 000,000,000 | ---D | M]
      -> C:\Program Files\Mozilla Firefox\extensions\[email protected] -> [2009/02/03 18:19:12 | 000,000,000 | ---D | M]
    < HOSTS File > ([2010/02/20 13:52:15 | 000,000,743 | ---- | M] - 19 lines) -> C:\WINDOWS\System32\drivers\etc\hosts -> 
    Reset Hosts
    127.0.0.1     localhost
    ::1     localhost
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 16:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> [2007/04/07 05:56:44 | 000,501,400 | ---- | M] (Sun Microsystems, Inc.)
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 10:22:16 | 000,062,784 | ---- | M] (McAfee, Inc.)
    {AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2006/10/22 23:20:26 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/10/22 23:20:26 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/10/22 23:20:26 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
    WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "" ->  [] -> File not found
    "Acrobat Assistant 8.0" -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.)
    "Adobe_ID0EYTHM" -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE] -> [2007/03/20 16:40:44 | 001,884,160 | ---- | M] (Adobe Systems Incorporated)
    "HotKeysCmds" -> C:\Windows\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> File not found
    "HP Health Check Scheduler" -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2007/05/24 16:13:16 | 000,071,176 | ---- | M] (Hewlett-Packard)
    "HP Software Update" -> C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2006/12/10 21:52:38 | 000,049,152 | ---- | M] (Hewlett-Packard Co.)
    "hpsysdrv" -> c:\hp\support\hpsysdrv.exe [c:\hp\support\hpsysdrv.exe] -> [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company)
    "IgfxTray" -> C:\Windows\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> File not found
    "Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation)
    "mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
    "OsdMaestro" -> C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe ["C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"] -> [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro)
    "Persistence" -> C:\Windows\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> File not found
    "StartCCC" -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] -> [2008/01/21 12:17:18 | 000,061,440 | ---- | M] (Advanced Micro Devices, Inc.)
    "SunJavaUpdateReg" -> C:\Windows\System32\jureg.exe ["C:\Windows\system32\jureg.exe"] -> [2007/04/07 05:56:47 | 000,054,936 | ---- | M] (Sun Microsystems, Inc.)
    < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Sidebar" -> C:\Program Files\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/05/07 09:01:37 | 001,232,896 | ---- | M] (Microsoft Corporation)
    "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2006/11/02 08:34:50 | 002,159,104 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Sidebar" -> C:\Program Files\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/05/07 09:01:37 | 001,232,896 | ---- | M] (Microsoft Corporation)
    "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2006/11/02 08:34:50 | 002,159,104 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Aim6" ->  [] -> File not found
    "EA Core" -> C:\Program Files\Electronic Arts\EADM\Core.exe ["C:\Program Files\Electronic Arts\EADM\Core.exe" -silent] -> File not found
    "SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
    "SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/04/01 12:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com)
    "WMPNSCFG" -> C:\Program Files\Windows Media Player\wmpnscfg.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2006/11/02 08:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation)
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
    \\"ConsentPromptBehaviorUser" ->  [1] -> File not found
    \\"EnableInstallerDetection" ->  [1] -> File not found
    \\"EnableLUA" ->  [1] -> File not found
    \\"EnableSecureUIAPaths" ->  [1] -> File not found
    \\"EnableVirtualization" ->  [1] -> File not found
    \\"PromptOnSecureDesktop" ->  [1] -> File not found
    \\"ValidateAdminCodeSignatures" ->  [0] -> File not found
    \\"dontdisplaylastusername" ->  [0] -> File not found
    \\"legalnoticecaption" ->  [] -> File not found
    \\"legalnoticetext" ->  [] -> File not found
    \\"scforceoption" ->  [0] -> File not found
    \\"shutdownwithoutlogon" ->  [1] -> File not found
    \\"undockwithoutlogon" ->  [1] -> File not found
    \\"FilterAdministratorToken" ->  [0] -> File not found
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
    \UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 19:47:50 | 003,604,480 | ---- | M] (Google Inc.)
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 19:47:50 | 003,604,480 | ---- | M] (Google Inc.)
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 19:47:50 | 003,604,480 | ---- | M] (Google Inc.)
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [Menu: Sun Java Console] -> [2007/04/07 05:56:44 | 000,501,400 | ---- | M] (Sun Microsystems, Inc.)
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2003/07/14 18:57:08 | 000,040,512 | ---- | M] (Microsoft Corporation)
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 16:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
    Range1 [:Range = 127.0.0.1] -> http = Local intranet |  -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
    Range1 [:Range = 127.0.0.1] -> http = Local intranet |  -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> http://download.divx.com/player/DivXBrowserPlugin.cab [Reg Error: Key error.] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 192.168.1.1 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {09BBFB6E-FF15-4A8A-88A4-3BF990DEAB2E}\\DhcpNameServer -> 192.168.1.1   (NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter) -> 
    {DC20AA77-DE12-402A-930A-794FF61ECAA1}\\DhcpNameServer -> 204.186.110.76 216.144.187.37 216.144.187.199   (Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)) -> 
    IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
    "MaxScriptStatements" -> Reg Error: Invalid data type.
    "Use My Stylesheet" -> Reg Error: Invalid data type.
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    C:\Windows\system32\userinit.exe -> C:\WINDOWS\System32\userinit.exe -> [2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
    rundll32 shell32 -> C:\Windows\System32\shell32.dll -> [2008/11/06 08:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
    Control_RunDLL "sysdm.cpl" -> C:\Windows\System32\sysdm.cpl -> [2006/11/02 05:44:42 | 000,238,080 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    !SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009/09/03 15:21:42 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
    igfxcui ->  -> File not found
    < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> C:\WINDOWS\System32\webcheck.dll [WebCheck] -> [2009/03/08 07:34:47 | 000,236,544 | ---- | M] (Microsoft Corporation)
    < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> C:\WINDOWS\System32\browseui.dll [Component Categories cache daemon] -> [2006/11/02 05:46:02 | 001,321,472 | ---- | M] (Microsoft Corporation)
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
    < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
    *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
    credssp.dll -> C:\Windows\System32\credssp.dll -> [2006/11/02 05:46:03 | 000,015,360 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
    *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
    msv1_0 -> C:\Windows\System32\msv1_0.dll -> [2009/09/10 13:38:29 | 000,216,576 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
    *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
    kerberos -> C:\Windows\System32\kerberos.dll -> [2009/06/15 11:23:19 | 000,494,592 | ---- | M] (Microsoft Corporation)
    msv1_0 -> C:\Windows\System32\msv1_0.dll -> [2009/09/10 13:38:29 | 000,216,576 | ---- | M] (Microsoft Corporation)
    schannel -> C:\Windows\System32\schannel.dll -> [2009/06/15 11:28:56 | 000,272,384 | ---- | M] (Microsoft Corporation)
    wdigest -> C:\Windows\System32\wdigest.dll -> [2009/06/15 11:29:40 | 000,175,104 | ---- | M] (Microsoft Corporation)
    tspkg -> C:\Windows\System32\tspkg.dll -> [2006/11/02 05:46:13 | 000,061,440 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> [2006/08/30 08:35:12 | 000,952,088 | ---- | M] (EarthLink, Inc.)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    "AlternateShell" -> cmd.exe -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > ->  -> 
    C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/08/03 03:50:20 | 000,000,074 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    \{624103c7-86db-11de-944d-001bb9a41eca}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{624103c7-86db-11de-944d-001bb9a41eca}\shell
    \{624103c7-86db-11de-944d-001bb9a41eca}\shell\\"" ->  [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{624103c7-86db-11de-944d-001bb9a41eca}\shell\AutoRun\command
    \{624103c7-86db-11de-944d-001bb9a41eca}\shell\AutoRun\command\\"" -> J:\setup.exe [J:\setup.exe] -> File not found
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = comfile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Classes\<extension>\ -> 
    .exe [@ = exefile] -> Reg Error: Key error. -> File not found
     
    [Registry - Additional Scans - Safe List]
    < Desktop WallPaper > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General -> 
    WallPaper -> C:\Users\Kamille\Desktop\WALLPAPER copy.jpg -> 
    BackupWallPaper -> C:\Users\Kamille\Desktop\WALLPAPER copy.jpg -> 
    < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
    "services" -> 0 -> 
    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
    *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
    FastUserSwitchingCompatibility ->  -> File not found
    Ias -> C:\WINDOWS\System32\ias -> [2006/11/02 07:18:47 | 000,000,000 | ---D | M]
    Nla ->  -> File not found
    Ntmssvc ->  -> File not found
    NWCWorkstation ->  -> File not found
    Nwsapagent ->  -> File not found
    SRService ->  -> File not found
    Wmi -> C:\WINDOWS\System32\wmi.dll -> [2007/08/03 04:03:18 | 000,005,120 | ---- | M] (Microsoft Corporation)
    WmdmPmSp ->  -> File not found
    LogonHours ->  -> File not found
    PCAudit ->  -> File not found
    helpsvc ->  -> File not found
    uploadmgr ->  -> File not found
    *MultiFile Done* -> -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    batfile [open] -> "%1" %* -> 
    cmdfile [open] -> "%1" %* -> 
    comfile [open] -> "%1" %* -> 
    cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2006/11/02 05:44:59 | 000,211,968 | ---- | M] (Microsoft Corporation)
    exefile [open] -> "%1" %* -> 
    hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 05:45:57 | 000,009,216 | ---- | M] (Microsoft Corporation)
    htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2003/07/14 18:52:56 | 000,055,360 | ---- | M] (Microsoft Corporation)
    htmlfile [print] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> [2003/07/14 18:52:56 | 000,055,360 | ---- | M] (Microsoft Corporation)
    inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2006/11/02 05:45:14 | 000,011,776 | ---- | M] (Microsoft Corporation)
    piffile [open] -> "%1" %* -> 
    scrfile [config] -> "%1" -> 
    scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2006/11/02 05:44:42 | 000,368,640 | ---- | M] (Microsoft Corporation)
    scrfile [open] -> "%1" /S -> 
    Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
    Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2006/11/02 05:44:59 | 000,320,000 | ---- | M] (Microsoft Corporation)
    Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
    Directory [Winamp.Bookmark] -> "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" -> [2008/08/03 19:04:00 | 001,345,376 | ---- | M] (Nullsoft)
    Directory [Winamp.Enqueue] -> "C:\Program Files\Winamp\winamp.exe" /ADD "%1" -> [2008/08/03 19:04:00 | 001,345,376 | ---- | M] (Nullsoft)
    Directory [Winamp.Play] -> "C:\Program Files\Winamp\winamp.exe" "%1" -> [2008/08/03 19:04:00 | 001,345,376 | ---- | M] (Nullsoft)
    Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
    Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
    Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
    < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
    {0046FA01-C5B9-4985-BACB-398DC480FC05} -> Adobe Photoshop CS3
    {02DFF6B1-1654-411C-8D7B-FD6052EF016F} -> Apple Software Update
    {04AF207D-9A77-465A-8B76-991F6AB66245} -> Adobe Help Viewer CS3
    {0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A} -> HiJackThis
    {08B32819-6EEF-4057-AEDA-5AB681A36A23} -> Adobe Bridge Start Meeting
    {08CA9554-B5FE-4313-938F-D4A417B81175} -> QuickTime
    {09E2111C-16B1-4DDF-BF0D-F994C9A12350} -> Adobe Setup
    {0A2C5854-557E-48C8-835A-3B9F074BDCAA} -> Python 2.5
    {0A47BAFF-D4FF-4BD3-96CA-02A22EA62722} -> HP Active Support Library
    {0D2E9DCB-9938-475E-B4DD-8851738852FF} -> AIO_Scan
    {0DDA7620-4F8B-43B3-8828-CA5EE292FA3B} -> HP Total Care Advisor
    {0E20BC97-0C98-75D5-A95C-1BA122FA16D0} -> ccc-core-static
    {14AF024E-2E3B-49D0-A175-D1C1A06B155A} -> muvee autoProducer 6.0
    {16D919E6-F019-4E15-BFBE-4A85EF19DA57} -> Oblivion - Spell Tomes
    {1746EA69-DCB6-4408-B5A5-E75F55439CDF} -> Scan
    {179C56A4-F57F-4561-8BBF-F911D26EB435} -> WebReg
    {184CE391-7E0E-4C63-9935-D7A10EDFD3C6} -> Adobe WinSoft Linguistics Plugin
    {1AE3E621-E0C0-4aa1-B10B-B3E353A8D110} -> c3100_Help
    {1D58229F-C505-45CA-8223-F35F3A34B963} -> Adobe Version Cue CS3 Server
    {209CDA54-D390-46A2-A97C-7BF61734418D} -> WeatherBug Gadget
    {23F79416-CAD1-41BF-99A3-040F6C814AAA} -> NVIDIA Photoshop Plug-ins
    {254C37AA-6B72-4300-84F6-98A82419187E} -> ActiveCheck component for HP Active Support Library
    {282E5AB2-8E47-4571-B6FA-6B512555B557} -> HP Photosmart.All-In-One Driver Software 8.0 .A
    {29E5EA97-5F74-4A57-B8B2-D4F169117183} -> Adobe Stock Photos CS3
    {2EFFFC71-1E66-454E-A6E6-CEEC800B96D2} -> Adobe Flash Video Encoder
    {2F2E3D62-8B8C-448F-8900-451325E50948} -> Oblivion - Wizard's Tower
    {3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java(TM) SE Runtime Environment 6 Update 1
    {338F08AB-C262-42C7-B000-34DE1A475273} -> Ad-Aware Email Scanner for Outlook
    {35CB6715-41F8-4F99-8881-6FC75BF054B0} -> Oblivion
    {35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} -> Roxio Activation Module
    {3ABEBD00-299D-4DCA-967F-B912163AB5EA} -> Oblivion - Horse Armor Pack
    {40F7AED3-0C7D-4582-99F6-484A515C73F2} -> HP Easy Setup - Frontend
    {44CD7894-4B9A-0F27-7B3A-4C36D19FBBD0} -> ccc-utility
    {44F5A980-8A6B-4aca-8D85-EFCE5D67D379} -> AIO_CDA_ProductContext
    {47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} -> Bonjour
    {49F2B650-2D7B-4F59-B33D-346F63776BD3} -> DocProc
    {51846830-E7B2-4218-8968-B77F0FF475B8} -> Adobe Color EU Extra Settings
    {520F4B09-3A51-47A2-82B0-9FF1DC2D20FA} -> Oblivion - Vile Lair
    {5396FBD8-8BD7-47F9-92AE-F62F13D5A11D} -> NETGEAR WG111v3 wireless USB 2.0 adapter
    {54793AA1-5001-42F4-ABB6-C364617C6078} -> Adobe Linguistics CS3
    {5A16ED74-A6B8-EBF3-911D-F669113ED7F9} -> Catalyst Control Center Graphics Previews Vista
    {5E06C076-E4E7-4239-A886-B3D8AC84C166} -> HP Print Diagnostic Utility
    {6087F45E-358C-4173-8CB1-DE0AE26FFAE1} -> Catalyst Control Center - Branding
    {61D9BE89-079C-28F5-12E0-2E9E4EAA8808} -> Catalyst Control Center Graphics Full New
    {669D4A35-146B-4314-89F1-1AC3D7B88367} -> HPAsset component for HP Active Support Library
    {66E6CE0C-5A1E-430C-B40A-0C90FF1804A8} -> eSupportQFolder
    {67D3F1A0-A1F2-49b7-B9EE-011277B170CD} -> HPProductAssistant
    {6ABE0BEE-D572-4FE8-B434-9E72A289431B} -> Adobe Fonts All
    {6B52140A-F189-4945-BFFC-DB3F00B8C589} -> Adobe Flash CS3
    {6B708481-748A-4EB4-97C1-CD386244FF77} -> Adobe MotionPicture Color Files
    {6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} -> AHV content for Acrobat and Flash
    {6D22289D-ED59-4F97-B636-2111EC64F5D4} -> Apple Mobile Device Support
    {6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6} -> HP Active Support Library 32 bit components
    {6D52C408-B09A-4520-9B18-475B81D393F1} -> Microsoft Works
    {6F5E2F4A-377D-4700-B0E3-8F7F7507EA15} -> CustomerResearchQFolder
    {6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} -> Adobe Asset Services CS3
    {7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
    {73C8DECD-5948-F3DB-6B38-B7AF881647A6} -> ATI Catalyst Install Manager
    {74413F61-1FE6-4F7D-AD9F-BAFF1011A500} -> TSR Workshop
    {76333074-2472-5945-CED7-1BA2F09FC23B} -> Catalyst Control Center Graphics Full Existing
    {7879A576-810F-50F6-A919-756C23DE095F} -> CCC Help English
    {7A7DC702-DEDE-42A8-8722-B3BA724D546F} -> Fax
    {7C10F5C7-F00F-4BD3-A110-C7D240D2DD25} -> Adobe Dreamweaver CS3
    {802771A9-A856-4A41-ACF7-1450E523C923} -> Adobe XMP Panels CS3
    {824D3839-DAA1-4315-A822-7AE3E620E528} -> VideoToolkit01
    {8389382B-53BA-4A87-8854-91E3D80A5AC7} -> HP Photosmart Essential2.01
    {84C9913A-C64B-F227-AB07-D04C7EC7E5F2} -> Catalyst Control Center Graphics Light
    {87E2B986-07E8-477a-93DC-AF0B6758B192} -> DocProcQFolder
    {8A4D41F3-3EDA-4DAC-9403-839708EA0667} -> Install(US)2
    {8C6027FD-53DC-446D-BB75-CACD7028A134} -> HP Update
    {8D2BA474-F406-4710-9AE4-D4F22D21F0DD} -> Adobe Device Central CS3
    {8E6808E2-613D-4FCD-81A2-6C8FA8E03312} -> Adobe Type Support
    {90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
    {90176341-0A8B-4CCC-A78D-F862228A6B95} -> Adobe Anchor Service CS3
    {938B1CD7-7C60-491E-AA90-1F1888168240} -> Roxio MyDVD Basic v9
    {95655ED4-7CA5-46DF-907F-7144877A32E5} -> Adobe Color NA Recommended Settings
    {95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9} -> MarketResearch
    {978C25EE-5777-46e4-8988-732C297CBDBD} -> Status
    {9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF} -> Destinations
    {9C9824D9-9000-4373-A6A5-D0E5D4831394} -> Adobe Bridge CS3
    {9DBA770F-BF73-4D39-B1DF-6035D95268FC} -> HP Customer Feedback
    {A0A20753-92DF-4631-82B4-9CACE2FCED6A} -> Oblivion - The Fighter's Stronghold
    {A2B242BD-FF8D-4840-9DAA-9170EABEC59C} -> Adobe CMaps
    {A2D81E70-2A98-4A08-A628-94388B063C5E} -> Adobe Color - Photoshop Specific
    {A36CD345-625C-4d6c-B3E2-76E1248CB451} -> SolutionCenter
    {A3B7C670-4A1E-4EE2-950E-C875BC1965D0} -> Copy
    {A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable
    {AB2AB300-1A60-FB33-96E5-D92BA2879E16} -> Catalyst Control Center Core Implementation
    {AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder
    {AB5E289E-76BF-4251-9F3F-9B763F681AE0} -> HP Customer Experience Enhancements
    {AB61E316-F10B-43eb-B47F-42095835F9CC} -> C3100
    {AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} -> PDF Settings
    {AC76BA86-1033-0000-7760-000000000003} -> Adobe Acrobat 8 Professional
    {AC76BA86-7AD7-1033-7B44-A81200000003} -> Adobe Reader 8.1.2
    {AF1C9345-B53D-4110-BFBF-A0DD83AEAB83} -> AIO_CDA_Software
    {B0A88235-FDF0-4DCD-88A0-D78EA2D03AB9} -> iTunes
    {B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} -> Adobe Camera Raw 4.0
    {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
    {B671CBFD-4109-4D35-9252-3062D3CCB7B2} -> Adobe SING CS3
    {B6ADA0E4-9451-43EB-B86E-878AD9E68D4F} -> LightScribe  1.6.45.1
    {B7F560B3-6EFF-4026-A982-843895A41149} -> Adobe BridgeTalk Plugin CS3
    {B9B35331-B7E4-4E5C-BF4C-7BC87856124D} -> Adobe Default Language CS3
    {BE5F3842-8309-4754-92D5-83E02E6077A3} -> Adobe Extension Manager CS3
    {BE77A81F-B315-4666-9BF3-AE70C0ADB057} -> BufferChm
    {C05D8CDB-417D-4335-A38C-A0659EDFD6B8} -> The Sims™ 3
    {C2D69781-F392-4118-A5A7-C7E9C38DBFC2} -> Adobe ExtendScript Toolkit 2
    {C5BD220A-EFE8-48A5-B70E-9503D535FACE} -> Adobe WAS CS3
    {C716522C-3731-4667-8579-40B098294500} -> Toolbox
    {CB3F8375-B600-4B9F-83C9-238ED1E583FD} -> Adobe InDesign CS3
    {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition
    {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
    {D0DFF92A-492E-4C40-B862-A74A173C25C5} -> Adobe Version Cue CS3 Client
    {D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF} -> Adobe Creative Suite 3 Design Premium
    {D2559B88-CC9D-4B48-81BB-F492BAA9C48C} -> Adobe PDF Library Files
    {D5395E5F-4D45-4665-8F00-234FA33678AF} -> SlimDX Redistributable (March 2009)
    {DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} -> Adobe Color Common Settings
    {DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} -> Adobe Color JA Extra Settings
    {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
    {E06F04B9-45E6-4AC0-8083-85F7515F40F7} -> UnloadSupport
    {E0E1C638-ABF4-CE43-B4EC-61FD2FDDAD06} -> Catalyst Control Center HydraVision Full
    {E2D757D9-369A-C2B2-B58E-3878FDDBA7F8} -> Catalyst Control Center Graphics Previews Common
    {E3E71D07-CD27-46CB-8448-16D4FB29AA13} -> Microsoft WSE 3.0 Runtime
    {E69AE897-9E0B-485C-8552-7841F48D42D8} -> Adobe Update Manager CS3
    {EA7B3CC4-366D-4CF6-8350-FD7A7034116E} -> Adobe InDesign CS3 Icon Handler
    {EB21A812-671B-4D08-B974-2A347F0D8F70} -> HP Photosmart Essential
    {EB75DE50-5754-4F6F-875D-126EDF8E4CB3} -> HPSSupply
    {EC425CFC-EE78-4A91-AA25-3BFA65B75364} -> Oblivion - Orrery
    {EF295F5C-7B57-47AA-8889-6B3E8E214E89} -> Oblivion - Mehrunes Razor
    {F08E8D2E-F132-4742-9C87-D5FF223A016A} -> Adobe Illustrator CS3
    {F1357B2E-CECE-83C7-93F3-C13DDB811D4B} -> Skins
    {F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} -> 32 Bit HP CIO Components Installer
    {F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
    {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
    {F72E2DDC-3DB8-4190-A21D-63883D955FE7} -> PSSWCORE
    {FF075778-6E50-47ed-991D-3B07FD4E3250} -> TrayApp
    {FFFFFD17-B460-41EB-93F1-C48ABAD63828} -> Oblivion - Thieves Den
    Ad-Aware -> Ad-Aware
    Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
    Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
    Adobe_c14ac4070fd9614ffe63f4bb533db2c -> Add or Remove Adobe Creative Suite 3 Design Premium
    AIM_6 -> AIM 6
    ASIO4ALL -> ASIO4ALL
    BookCoverPro -> BookCoverPro (remove only)
    CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1 -> Soft Data Fax Modem with SmartCP
    ComcastHSI -> Comcast High-Speed Internet Install Wizard
    HP Imaging Device Functions -> HP Imaging Device Functions 8.0
    HP Photosmart Essential -> HP Photosmart Essential 2.01
    HP Solution Center & Imaging Support Tools -> HP Solution Center 8.0
    HPExtendedCapabilities -> HP Customer Participation Program 8.0
    HPOCR -> HP OCR Software 8.0
    InfraRecorder -> InfraRecorder
    InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D} -> NETGEAR WG111v3 wireless USB 2.0 adapter
    LimeWire -> LimeWire 4.18.2
    Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
    McAfee Security Scan -> McAfee Security Scan
    MegaStat Installer -> MegaStat Installer
    Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
    Mozilla Firefox (3.6.3) -> Mozilla Firefox (3.6.3)
    MSC -> McAfee SecurityCenter
    Network Play System (Patching) -> Network Play System (Patching)
    OsdMaestro -> HP On-Screen Cap/Num/Scroll Lock Indicator
    Picasa 3 -> Picasa 3
    TightVNC_is1 -> TightVNC 1.3.10
    TS3 Install Helper Monkey -> TS3 Install Helper Monkey
    WildTangent hp Master Uninstall -> My HP Games
    Winamp -> Winamp
    WinRAR archiver -> WinRAR archiver
    < Uninstall List [HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\] > -> HKEY_USERS\S-1-5-21-2737271846-3626345652-3814861257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
    uTorrent -> µTorrent
    < EventViewer Logs - Last 10 Errors > -> Event Information -> Description
    Application [ Error ] 4/11/2010 2:40:56 PM Computer Name = Kamille-PC | Source = Application Error | ID = 1000 -> Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp 0x4549adc4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x08cccf98,  process id 0x408, application start time 0x01cad9a58694103e.
    Application [ Error ] 4/11/2010 3:14:54 PM Computer Name = Kamille-PC | Source = WerSvc | ID = 5007 -> Description = 
    Application [ Error ] 4/11/2010 3:28:06 PM Computer Name = Kamille-PC | Source = Lavasoft Ad-Aware Service | ID = 0 -> Description = 
    Application [ Error ] 4/11/2010 3:42:21 PM Computer Name = Kamille-PC | Source = McLogEvent | ID = 5051 -> Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.    The process will be terminated.  Thread id : 3696 (0xe70)    Thread address : 0x778B0F34    Thread message :      Build VSCORE.14.0.0.435 / 5400.1158   Object being scanned = \Device\HarddiskVolume1\Users\Kamille\Desktop\Downloaded Programs\58b9c71da2f2ae696e7a235cd9b7ee14.exe   by C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe   4(0)(0)   4(0)(0)   7200(0)(0)   7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  
    Application [ Error ] 4/11/2010 4:32:39 PM Computer Name = Kamille-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 -> Description = 
    Application [ Error ] 4/11/2010 4:32:43 PM Computer Name = Kamille-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 -> Description = 
    Application [ Error ] 4/11/2010 4:32:44 PM Computer Name = Kamille-PC | Source = System Restore | ID = 8193 -> Description = 
    Application [ Error ] 4/11/2010 4:32:49 PM Computer Name = Kamille-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 -> Description = 
    Application [ Error ] 4/11/2010 4:32:49 PM Computer Name = Kamille-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 -> Description = 
    Application [ Error ] 4/11/2010 4:32:50 PM Computer Name = Kamille-PC | Source = System Restore | ID = 8193 -> Description = 
    System [ Error ] 4/11/2010 3:13:15 PM Computer Name = Kamille-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 3:11:36 PM on 4/11/2010 was unexpected.
    System [ Error ] 4/11/2010 3:17:07 PM Computer Name = Kamille-PC | Source = Service Control Manager | ID = 7009 -> Description = 
    System [ Error ] 4/11/2010 3:17:07 PM Computer Name = Kamille-PC | Source = Service Control Manager | ID = 7000 -> Description = 
    System [ Error ] 4/11/2010 3:19:41 PM Computer Name = Kamille-PC | Source = Service Control Manager | ID = 7022 -> Description = 
    System [ Error ] 4/11/2010 3:28:06 PM Computer Name = Kamille-PC | Source = Service Control Manager | ID = 7030 -> Description = 
    System [ Error ] 4/11/2010 3:42:23 PM Computer Name = Kamille-PC | Source = Service Control Manager | ID = 7031 -> Description = 
    System [ Error ] 4/11/2010 4:32:45 PM Computer Name = Kamille-PC | Source = atikmdag | ID = 45062 -> Description = CRT invalid display type
    System [ Error ] 4/11/2010 8:18:26 PM Computer Name = Kamille-PC | Source = atikmdag | ID = 45062 -> Description = CRT invalid display type
    System [ Error ] 4/11/2010 8:19:21 PM Computer Name = Kamille-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.11 for the Network Card with network address 00223FFF5927 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    System [ Error ] 4/11/2010 9:10:54 PM Computer Name = Kamille-PC | Source = atikmdag | ID = 45062 -> Description = CRT invalid display type
     
    [Files/Folders - Created Within 30 Days]
     TrendMicro -> C:\Program Files\TrendMicro -> [2010/04/11 16:32:51 | 000,000,000 | ---D | C]
     Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2010/04/11 15:31:27 | 000,064,288 | ---- | C] (Lavasoft AB)
     DRVSTORE -> C:\Windows\System32\DRVSTORE -> [2010/04/11 15:31:26 | 000,000,000 | ---D | C]
     SBREDrv.sys -> C:\Windows\System32\drivers\SBREDrv.sys -> [2010/04/11 15:31:08 | 000,095,024 | ---- | C] (Sunbelt Software)
     {74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> [2010/04/11 15:26:24 | 000,000,000 | -H-D | C]
     Lavasoft -> C:\Program Files\Lavasoft -> [2010/04/11 15:25:14 | 000,000,000 | ---D | C]
     Lavasoft -> C:\ProgramData\Lavasoft -> [2010/04/11 15:25:13 | 000,000,000 | ---D | C]
     TightVNC -> C:\Program Files\TightVNC -> [2010/04/10 23:19:03 | 000,000,000 | ---D | C]
     SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2010/04/09 11:20:09 | 000,000,000 | ---D | C]
     SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/04/09 11:09:53 | 000,000,000 | ---D | C]
     SUPERAntiSpyware.com -> C:\Users\Kamille\AppData\Roaming\SUPERAntiSpyware.com -> [2010/04/09 11:09:52 | 000,000,000 | ---D | C]
     Wise Installation Wizard -> C:\Program Files\Common Files\Wise Installation Wizard -> [2010/04/09 11:08:46 | 000,000,000 | ---D | C]
     BookCoverPro -> C:\Users\Kamille\AppData\Roaming\BookCoverPro -> [2010/04/03 12:41:13 | 000,000,000 | ---D | C]
     PlanetIcon -> C:\Program Files\PlanetIcon -> [2010/04/03 12:40:47 | 000,000,000 | ---D | C]
     msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2010/03/31 23:39:16 | 000,594,432 | ---- | C] (Microsoft Corporation)
     mstime.dll -> C:\Windows\System32\mstime.dll -> [2010/03/31 23:39:14 | 000,611,840 | ---- | C] (Microsoft Corporation)
     iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2010/03/31 23:39:14 | 000,387,584 | ---- | C] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2010/03/31 23:39:13 | 001,469,440 | ---- | C] (Microsoft Corporation)
     ieui.dll -> C:\Windows\System32\ieui.dll -> [2010/03/31 23:39:13 | 000,164,352 | ---- | C] (Microsoft Corporation)
     iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2010/03/31 23:39:12 | 000,184,320 | ---- | C] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2010/03/31 23:39:12 | 000,133,632 | ---- | C] (Microsoft Corporation)
     iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2010/03/31 23:39:11 | 000,109,056 | ---- | C] (Microsoft Corporation)
     msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2010/03/31 23:39:11 | 000,055,296 | ---- | C] (Microsoft Corporation)
     jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2010/03/31 23:39:11 | 000,025,600 | ---- | C] (Microsoft Corporation)
     ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2010/03/31 23:39:09 | 000,173,056 | ---- | C] (Microsoft Corporation)
     msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2010/03/31 23:39:09 | 000,013,312 | ---- | C] (Microsoft Corporation)
     mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2010/03/31 23:39:08 | 001,638,912 | ---- | C] (Microsoft Corporation)
     iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2010/03/31 23:39:08 | 000,071,680 | ---- | C] (Microsoft Corporation)
     iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2010/03/31 23:39:08 | 000,055,808 | ---- | C] (Microsoft Corporation)
     5 C:\Users\Kamille\Documents\*.tmp files -> C:\Users\Kamille\Documents\*.tmp -> 
     2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> 
     1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> 
     
    [Files/Folders - Modified Within 30 Days]
     NTUSER.DAT -> C:\Users\Kamille\NTUSER.DAT -> [2010/04/11 21:20:50 | 004,194,304 | -HS- | M] ()
     7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/11 21:13:28 | 000,003,456 | -H-- | M] ()
     7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/11 21:13:28 | 000,003,456 | -H-- | M] ()
     Config.MPF -> C:\Windows\System32\Config.MPF -> [2010/04/11 20:20:01 | 000,017,595 | ---- | M] ()
     bootstat.dat -> C:\Windows\bootstat.dat -> [2010/04/11 20:18:28 | 000,067,584 | --S- | M] ()
     Model Photographic Release Kamille.doc -> C:\Users\Kamille\Documents\Model Photographic Release Kamille.doc -> [2010/04/11 16:54:23 | 000,025,600 | ---- | M] ()
     HiJackThis.lnk -> C:\Users\Kamille\Desktop\HiJackThis.lnk -> [2010/04/11 16:37:19 | 000,002,521 | ---- | M] ()
     SBREDrv.sys -> C:\Windows\System32\drivers\SBREDrv.sys -> [2010/04/11 15:30:58 | 000,095,024 | ---- | M] (Sunbelt Software)
     lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/04/11 15:30:55 | 000,015,880 | ---- | M] ()
     Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2010/04/11 15:26:21 | 000,001,013 | ---- | M] ()
     SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/04/11 15:13:31 | 000,000,006 | -H-- | M] ()
     IconCache.db -> C:\Users\Kamille\AppData\Local\IconCache.db -> [2010/04/11 14:30:28 | 002,662,939 | -H-- | M] ()
     perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/04/11 14:30:14 | 000,618,410 | ---- | M] ()
     perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/04/11 14:30:14 | 000,103,818 | ---- | M] ()
     PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/04/11 14:30:13 | 000,716,948 | ---- | M] ()
     SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/04/09 11:10:03 | 000,000,908 | ---- | M] ()
     8s32 -> C:\Users\Kamille\AppData\Local\8s32 -> [2010/04/04 00:37:27 | 000,007,792 | -HS- | M] ()
     8s32 -> C:\ProgramData\8s32 -> [2010/04/04 00:37:27 | 000,007,792 | -HS- | M] ()
     d3d9caps.dat -> C:\Users\Kamille\AppData\Local\d3d9caps.dat -> [2010/04/03 17:49:24 | 000,001,356 | ---- | M] ()
     ntuser.pol -> C:\ProgramData\ntuser.pol -> [2010/04/03 17:27:14 | 000,000,258 | RHS- | M] ()
     Adobe Acrobat Speed Launcher.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> [2010/04/03 17:19:28 | 000,002,473 | ---- | M] ()
     LK2mfPE2j -> C:\Users\Kamille\AppData\Local\LK2mfPE2j -> [2010/04/03 16:45:19 | 000,004,238 | -HS- | M] ()
     LK2mfPE2j -> C:\ProgramData\LK2mfPE2j -> [2010/04/03 16:45:19 | 000,004,238 | -HS- | M] ()
     2927340765.dll -> C:\Users\Kamille\AppData\Local\2927340765.dll -> [2010/04/03 16:44:20 | 000,184,320 | -HS- | M] ()
     BookCoverPro.lnk -> C:\Users\Public\Desktop\BookCoverPro.lnk -> [2010/04/03 12:40:51 | 000,000,999 | ---- | M] ()
     0S70 -> C:\ProgramData\0S70 -> [2010/04/02 02:25:48 | 000,009,328 | -HS- | M] ()
     0S70 -> C:\Users\Kamille\AppData\Local\0S70 -> [2010/04/02 02:25:47 | 000,009,328 | -HS- | M] ()
     1632078083.dll -> C:\Users\Kamille\AppData\Local\1632078083.dll -> [2010/04/01 14:39:29 | 000,183,296 | -HS- | M] ()
     J7Qo -> C:\Users\Kamille\AppData\Local\J7Qo -> [2010/04/01 08:08:49 | 000,009,686 | -HS- | M] ()
     J7Qo -> C:\ProgramData\J7Qo -> [2010/04/01 08:08:49 | 000,009,686 | -HS- | M] ()
     McQcTask.job -> C:\Windows\tasks\McQcTask.job -> [2010/04/01 01:00:19 | 000,000,322 | ---- | M] ()
     mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
     mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation)
     Microsoft Office Word 2003.lnk -> C:\Users\Kamille\Desktop\Microsoft Office Word 2003.lnk -> [2010/03/29 10:35:00 | 000,002,609 | ---- | M] ()
     romeessayrevised.doc -> C:\Users\Kamille\Documents\romeessayrevised.doc -> [2010/03/24 17:20:55 | 000,025,600 | ---- | M] ()
     rome essay.doc -> C:\Users\Kamille\Documents\rome essay.doc -> [2010/03/24 14:09:45 | 000,027,648 | ---- | M] ()
     rome2.doc -> C:\Users\Kamille\Documents\rome2.doc -> [2010/03/23 13:08:44 | 000,026,112 | ---- | M] ()
     MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2010/03/19 23:38:56 | 125,094,915 | ---- | M] ()
     tylerKF.jpg -> C:\Users\Kamille\Documents\tylerKF.jpg -> [2010/03/17 13:37:08 | 000,189,492 | ---- | M] ()
     hpoins18.dat -> C:\Windows\hpoins18.dat -> [2010/03/15 22:05:55 | 000,130,860 | ---- | M] ()
     win.ini -> C:\Windows\win.ini -> [2010/03/15 14:27:06 | 000,000,275 | ---- | M] ()
     homework.xls -> C:\Users\Kamille\Documents\homework.xls -> [2010/03/14 20:31:19 | 000,024,576 | ---- | M] ()
     SmJH0PiNoUR -> C:\Users\Kamille\AppData\Local\SmJH0PiNoUR -> [2010/03/13 23:56:48 | 000,009,278 | -HS- | M] ()
     5 C:\Users\Kamille\Documents\*.tmp files -> C:\Users\Kamille\Documents\*.tmp -> 
     40 C:\Users\Kamille\AppData\Local\Temp\*.tmp files -> C:\Users\Kamille\AppData\Local\Temp\*.tmp -> 
     2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> 
     1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> 
     
    [Files - No Company Name]
     Model Photographic Release Kamille.doc -> C:\Users\Kamille\Documents\Model Photographic Release Kamille.doc -> [2010/04/11 16:54:23 | 000,025,600 | ---- | C] ()
     HiJackThis.lnk -> C:\Users\Kamille\Desktop\HiJackThis.lnk -> [2010/04/11 16:32:54 | 000,002,521 | ---- | C] ()
     lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/04/11 15:47:36 | 000,015,880 | ---- | C] ()
     Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2010/04/11 15:26:21 | 000,001,013 | ---- | C] ()
     SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/04/09 11:10:03 | 000,000,908 | ---- | C] ()
     8s32 -> C:\Users\Kamille\AppData\Local\8s32 -> [2010/04/03 23:36:52 | 000,007,792 | -HS- | C] ()
     8s32 -> C:\ProgramData\8s32 -> [2010/04/03 23:36:52 | 000,007,792 | -HS- | C] ()
     ntuser.pol -> C:\ProgramData\ntuser.pol -> [2010/04/03 17:27:14 | 000,000,258 | RHS- | C] ()
     BookCoverPro.lnk -> C:\Users\Public\Desktop\BookCoverPro.lnk -> [2010/04/03 12:40:51 | 000,000,999 | ---- | C] ()
     2927340765.dll -> C:\Users\Kamille\AppData\Local\2927340765.dll -> [2010/04/02 20:10:45 | 000,184,320 | -HS- | C] ()
     LK2mfPE2j -> C:\Users\Kamille\AppData\Local\LK2mfPE2j -> [2010/04/02 19:57:57 | 000,004,238 | -HS- | C] ()
     LK2mfPE2j -> C:\ProgramData\LK2mfPE2j -> [2010/04/02 19:57:57 | 000,004,238 | -HS- | C] ()
     1632078083.dll -> C:\Users\Kamille\AppData\Local\1632078083.dll -> [2010/04/01 14:39:29 | 000,183,296 | -HS- | C] ()
     0S70 -> C:\Users\Kamille\AppData\Local\0S70 -> [2010/04/01 14:38:46 | 000,009,328 | -HS- | C] ()
     0S70 -> C:\ProgramData\0S70 -> [2010/04/01 14:38:46 | 000,009,328 | -HS- | C] ()
     J7Qo -> C:\Users\Kamille\AppData\Local\J7Qo -> [2010/03/30 14:27:50 | 000,009,686 | -HS- | C] ()
     J7Qo -> C:\ProgramData\J7Qo -> [2010/03/30 14:27:50 | 000,009,686 | -HS- | C] ()
     romeessayrevised.doc -> C:\Users\Kamille\Documents\romeessayrevised.doc -> [2010/03/24 15:11:19 | 000,025,600 | ---- | C] ()
     rome2.doc -> C:\Users\Kamille\Documents\rome2.doc -> [2010/03/23 13:08:44 | 000,026,112 | ---- | C] ()
     rome essay.doc -> C:\Users\Kamille\Documents\rome essay.doc -> [2010/03/18 17:05:21 | 000,027,648 | ---- | C] ()
     tylerKF.jpg -> C:\Users\Kamille\Documents\tylerKF.jpg -> [2010/03/17 13:37:05 | 000,189,492 | ---- | C] ()
     homework.xls -> C:\Users\Kamille\Documents\homework.xls -> [2010/03/14 20:31:19 | 000,024,576 | ---- | C] ()
     SmJH0PiNoUR -> C:\Users\Kamille\AppData\Local\SmJH0PiNoUR -> [2010/03/13 23:45:07 | 000,009,278 | -HS- | C] ()
     nvRegDev.dll -> C:\Windows\System32\nvRegDev.dll -> [2009/12/26 03:50:41 | 000,151,552 | ---- | C] ()
     BlendSettings.ini -> C:\Windows\BlendSettings.ini -> [2009/08/13 20:47:29 | 000,000,023 | ---- | C] ()
     sptd.sys -> C:\Windows\System32\drivers\sptd.sys -> [2009/08/10 15:23:44 | 000,721,904 | ---- | C] ()
     NPSWF32.dll -> C:\Windows\System32\NPSWF32.dll -> [2008/05/07 01:38:36 | 002,463,976 | ---- | C] ()
     ODBC.INI -> C:\Windows\ODBC.INI -> [2008/05/07 01:16:53 | 000,000,376 | ---- | C] ()
     igfxCoIn_v1277.dll -> C:\Windows\System32\igfxCoIn_v1277.dll -> [2007/08/03 03:24:18 | 000,204,800 | ---- | C] ()
     pythoncom25.dll -> C:\Windows\System32\pythoncom25.dll -> [2007/08/03 03:16:04 | 000,327,680 | ---- | C] ()
     pywintypes25.dll -> C:\Windows\System32\pywintypes25.dll -> [2007/08/03 03:16:04 | 000,102,400 | ---- | C] ()
     CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2006/12/14 02:01:36 | 000,520,192 | ---- | C] ()
     CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2006/12/14 02:01:36 | 000,204,800 | ---- | C] ()
     GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 08:37:35 | 000,030,808 | ---- | C] ()
     GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 08:37:35 | 000,029,779 | ---- | C] ()
     GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 08:37:35 | 000,026,489 | ---- | C] ()
     GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 08:37:35 | 000,026,040 | ---- | C] ()
     sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 08:35:32 | 000,005,632 | ---- | C] ()
     atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 06:25:44 | 000,159,744 | ---- | C] ()
     pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 03:40:29 | 000,013,750 | ---- | C] ()
     OUTLPERF.INI -> C:\Windows\System32\OUTLPERF.INI -> [2003/01/07 11:05:08 | 000,002,695 | ---- | C] ()
     
    [File - Lop Check]
     acccore -> C:\Users\Kamille\AppData\Roaming\acccore -> [2007/07/10 10:27:48 | 000,000,000 | ---D | M]
     BookCoverPro -> C:\Users\Kamille\AppData\Roaming\BookCoverPro -> [2010/04/03 12:41:33 | 000,000,000 | ---D | M]
     FOG Downloader -> C:\Users\Kamille\AppData\Roaming\FOG Downloader -> [2009/09/19 00:18:56 | 000,000,000 | ---D | M]
     Image Zone Express -> C:\Users\Kamille\AppData\Roaming\Image Zone Express -> [2010/02/09 20:36:21 | 000,000,000 | ---D | M]
     InfraRecorder -> C:\Users\Kamille\AppData\Roaming\InfraRecorder -> [2008/06/05 20:12:21 | 000,000,000 | ---D | M]
     LimeWire -> C:\Users\Kamille\AppData\Roaming\LimeWire -> [2009/10/06 22:32:23 | 000,000,000 | ---D | M]
     McGraw-HillLicensing -> C:\Users\Kamille\AppData\Roaming\McGraw-HillLicensing -> [2010/01/28 21:47:28 | 000,000,000 | ---D | M]
     Printer Info Cache -> C:\Users\Kamille\AppData\Roaming\Printer Info Cache -> [2007/06/12 22:54:24 | 000,000,000 | ---D | M]
     TSRWorkshop -> C:\Users\Kamille\AppData\Roaming\TSRWorkshop -> [2009/12/26 03:18:40 | 000,000,000 | ---D | M]
     uTorrent -> C:\Users\Kamille\AppData\Roaming\uTorrent -> [2010/02/26 04:01:05 | 000,000,000 | ---D | M]
     McDefragTask.job -> C:\WINDOWS\Tasks\McDefragTask.job -> [2010/02/16 17:27:04 | 000,000,344 | ---- | M] ()
     McQcTask.job -> C:\WINDOWS\Tasks\McQcTask.job -> [2010/04/01 01:00:19 | 000,000,322 | ---- | M] ()
     SCHEDLGU.TXT -> C:\WINDOWS\Tasks\SCHEDLGU.TXT -> [2010/04/11 14:41:26 | 000,032,590 | ---- | M] ()
     
    [File - Purity Scan]
     
    [Custom Scans]
    < %SYSTEMDRIVE%\*.exe >
    < MD5 Scans Start>
    < %systemdrive%\AGP440.SYS  /md5 /s >
     AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys -> [2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation)
     AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\WINDOWS\System32\drivers\AGP440.sys -> [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation)
     AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys -> [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\AHCIX86S.SYS  /md5 /s >
     ahcix86s.sys : MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -> C:\ATI\SUPPORT\8-4_vista32_dd_ccc_wdm_enu_61008\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys -> [2007/12/19 17:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.)
     ahcix86s.sys : MD5=67740F91B47434CC6173A35667A4BA66 -> C:\ATI\SUPPORT\8-4_vista32_dd_ccc_wdm_enu_61008\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys -> [2006/12/28 19:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.)
    < %systemdrive%\ATAPI.SYS  /md5 /s >
     atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys -> [2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -> C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys -> [2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\WINDOWS\System32\drivers\atapi.sys -> [2008/05/07 09:10:03 | 000,021,560 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys -> [2008/05/07 09:10:03 | 000,021,560 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys -> [2008/05/07 09:10:03 | 000,021,560 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=E03E8C99D15D0381E02743C36AFC7C6F -> C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys -> [2008/05/07 09:10:02 | 000,021,560 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\CNGAUDIT.DLL  /md5 /s >
     cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\WINDOWS\System32\cngaudit.dll -> [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation)
     cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll -> [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\IASTORV.SYS  /md5 /s >
     iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys -> [2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation)
     iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\WINDOWS\System32\drivers\iaStorV.sys -> [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
     iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys -> [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
    < %systemdrive%\NETLOGON.DLL  /md5 /s >
     netlogon.dll : MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -> C:\WINDOWS\System32\netlogon.dll -> [2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation)
     netlogon.dll : MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -> C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll -> [2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation)
     netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll -> [2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\NVSTOR.SYS  /md5 /s >
     nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\WINDOWS\System32\drivers\nvstor.sys -> [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
     nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys -> [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
     nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys -> [2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation)
    < %systemdrive%\SCECLI.DLL  /md5 /s >
     scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll -> [2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation)
     scecli.dll : MD5=80E2839D05CA5970A86D7BE2A08BFF61 -> C:\WINDOWS\System32\scecli.dll -> [2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation)
     scecli.dll : MD5=80E2839D05CA5970A86D7BE2A08BFF61 -> C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll -> [2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation)
    < MD5 Scans End>
    < %systemroot%\*. /mp /s >
    OTS cannot create restorepoints on Vista OSs!
    < %systemroot%\system32\*.dll /lockedfiles >
     rsaenh.dll : Unable to obtain MD5  -> C:\WINDOWS\System32\rsaenh.dll -> [2006/11/02 05:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation)
     SLC.dll : Unable to obtain MD5  -> C:\WINDOWS\System32\SLC.dll -> [2008/05/07 09:04:47 | 000,223,232 | ---- | M] (Microsoft Corporation)
     2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> 
    < %systemroot%\Tasks\*.job /lockedfiles >
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
     sptd.sys : Unable to obtain MD5  -> C:\WINDOWS\System32\drivers\sptd.sys -> [2009/08/11 06:23:23 | 000,721,904 | ---- | M] ()
     1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> 
    < %systemroot%\System32\config\*.sav >
     COMPONENTS.SAV -> C:\WINDOWS\System32\config\COMPONENTS.SAV -> [2006/11/02 06:34:05 | 000,008,192 | ---- | M] ()
     DEFAULT.SAV -> C:\WINDOWS\System32\config\DEFAULT.SAV -> [2006/11/02 06:34:05 | 000,020,480 | ---- | M] ()
     SECURITY.SAV -> C:\WINDOWS\System32\config\SECURITY.SAV -> [2006/11/02 06:34:05 | 000,008,192 | ---- | M] ()
     SOFTWARE.SAV -> C:\WINDOWS\System32\config\SOFTWARE.SAV -> [2006/11/02 06:34:08 | 010,133,504 | ---- | M] ()
     SYSTEM.SAV -> C:\WINDOWS\System32\config\SYSTEM.SAV -> [2006/11/02 06:34:08 | 001,826,816 | ---- | M] ()
     
    [HardLinks - Junction Points - Mount Points - Symbolic Links]
    capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> HardLink
    < End of report >
    
     
  5. dustfae

    dustfae Thread Starter

    Joined:
    Apr 11, 2010
    Messages:
    9
    oh dear, I tried the GMER scan, and the program loads up fine, but in the midst of scanning the first time, my computer randomly shut down and restarted. I tried a second time, and the program loaded, I hit scan, it started scanning but then I got the BLUE screen of death, and my computer shut off and restarted again. What should I do?

    I disconnected my internet and disabled all my security programs. Am I missing something?
     
  6. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    No, that just happens sometimes. Try the following scanner instead:

    Download RootRepeal from one of the following locations and save it to your desktop:
    • Double click [​IMG] to start the program
    • Click on the Report tab at the bottom of the program window
    • Click the [​IMG] button
    • In the Select Scan dialog, check:


      • [*]Drivers
        [*]Files
        [*]Processes
        [*]SSDT
        [*]Stealth Objects
        [*]Hidden Services
        [*]Shadow SSDT
    • Click the OK button
    • In the next dialog, select all drives showing
    • Click OK to start the scan
      Note: The scan can take some time. DO NOT run any other programs while the scan is running
    • When the scan is complete, click the [​IMG] button and save the report to your Desktop as RootRepeal.txt
    • Go to File, then Exit to close the program

    If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.
     
  7. dustfae

    dustfae Thread Starter

    Joined:
    Apr 11, 2010
    Messages:
    9
    I got an error when I double clicked to open the program is says "FOPS-DeviceIoError! Error Code= 0xc0000024 Extended Info (0x00000100)

    So I clicked scan anyway and I got a new error message: DeviceIoControlError! Error Code = 0x0

    I am sorry :( I feel like I am being a huge pain! But it is not working

    I tried downloading from link 2 and link 3 but they did not work either

     
  8. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    That's ok. Let's try the following:


    NOTE: ComboFix should NOT be used without supervision by someone trained in its use. It does a whole lot more to a system than just remove infected files.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop



    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Disabling Security Programs
    • Double click on ComboFix.exe & follow the prompts.

      Note: Combofix will run without the Recovery Console installed.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you please let me know. A increasing number of infections are spreading using Autoplay and leaving it disabled is a good idea.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  9. dustfae

    dustfae Thread Starter

    Joined:
    Apr 11, 2010
    Messages:
    9
    oh great, now I've really done it.

    I diabled my security programs, or so I thought. I did it through the task manager but apparently that was not the right way to do it. When I loaded combofix it said it detected Mcafee and Superantispyware, it said disable these programs and hit ok.

    I did not have the time to figure out how to disable the programs, because I am studying for a test in a few hours. SO I decided to just shut down my computer and deal with it tomorow.

    Before I shut it down McAfee pops up and said something was trying to access my computer should I allow, I said yes allow, because I thought it ws COMBOFIX. I clicked allow and my computer started making weird beeping noises, so I did a hard shut down.

    Now I cannot turn my computer back on. I think I somehow did something to allow combofix to really mess up my computer.

    When I try to turn on my computer it says"Windows Error Recovery" chose: Launch Startup Repair, or Start Windows Normally. If I choose start windows normally I get the blue screen of death. If I choose Launch Startup Repair, it goes through its thing but then tells me it cannot start windows and to contact my distributor for help.

    Now what? Is my computer fried? I am freaking out because I have so many valuable image files on there that I need for work and school.
     
  10. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    I'm sorry to hear that and we can try to fix it.

    If you select Safe Mode from the list, does your computer boot into an alternate version of windows ok?

    Is "Repair your Computer" one of the options? We might need to access the Recovery Console.

    Can you burn CDs on this other computer you're on? We can use a specialized CD to back up your files just in case we cannot repair the system.

    Do you have your Windows Vista installation DVD handy? Worst case, we'll have to use this to repair the system.
     
  11. dustfae

    dustfae Thread Starter

    Joined:
    Apr 11, 2010
    Messages:
    9
    this is what Launch Startup Repair says:
    Problem Signature:
    Problem Event Name: Startup RepairV2
    Problem Signature 01: Autofailover
    P S 2: 6.0.6000.16386.6.06.000.16386
    P S 3: 4
    P S 4: 262148
    P S 5: 0x7e
    P s 6: 0x7e
    P S 7: 0
    P S 8: 2
    P S 9: Wrp Repair
    P S 10: 2
    OS Versian: 6.0.6000.20.0256.1
    Locale ID: 1033
     
  12. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    If you don't see the menu with Safe Mode on it you'll need to repeatedly tap the F8 key on your keyboard before it starts to boot normally into Windows until a black and white menu with the option appears.
     
  13. dustfae

    dustfae Thread Starter

    Joined:
    Apr 11, 2010
    Messages:
    9
    I tried to boot in safe mode but all I got was the blue screen of death. Windows cannot start at all, not even in safe mode.

    There is no "Repair Your Computer" option, but these are my options:
    F-10 Setup, F-11 System Recovery, and ESC boot menu. I tried boot menu and I get the blue screen any time I try to boot.

    It seems like my computer is screwed.

    I can burn cd's yes, on my computer, but I can't since windows isn't working. The computer I am on now is my mother's and it burns cd's.

    Do you think I should take my computer to someone who can work on it themselves at this point?

    My main concern is all my image files. I am an artist and I do a lot of digital work, and photography. There are tons and tons of images on my computer that are invaluable to me, and digital documentations of paintings that I have sold. I guess I am stupid for not backing it all up. I just want my image files, and then I am willing to wipe my computer. It is a huge mess anyway, it obviously has multiple viruses.

    Why do you think combofix did this?
     
  14. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    ComboFix does a whole lot to a system and it integrates some components deep into Windows. You stopping it before it finished working is probably what messed something up.

    It is also possible that there was a coincidental hardware problem. You mentioned beeping and that is typically indicative of a hardware failure. If this is the case, it will require swapping out parts to find the culprit.

    If you have your Windows DVD we can try to fix this without destroying your data and if you can burn CDs on your mother's computer we can create a CD we can use to recover the files you need.

    Taking a computer into a professional who is paid to solve these kinds of problems is always the best option. We who help people for free online are experts but we are limited because we cannot work on a system ourselves and can only do that through the person we are helping. If this is a mission critical machine and you need this fixed sooner rather than later, you should take it into a shop.


    Let me know what you decide.
     
  15. dustfae

    dustfae Thread Starter

    Joined:
    Apr 11, 2010
    Messages:
    9
    I am going to look for the windows dvd, and sit on this for a bit. I have to go to school soon, so I will probably reply to you tomorow or tonight when I am home.

    Thank you so much for your help!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - browser hijcaked amoung
  1. bj nick
    Replies:
    0
    Views:
    767
  2. Brigham
    Replies:
    1
    Views:
    632
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/916249

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice