1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't access any .exes except Windows programs, Safe mode blue screens.

Discussion in 'Virus & Other Malware Removal' started by rhyz, May 4, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. rhyz

    rhyz Thread Starter

    Joined:
    May 4, 2010
    Messages:
    6
    Hi there, I started getting this error about 3 days ago when trying to open google chrome.

    "Windows cannot access specified file, path or device. You may not have appropriate permissions to access the item."

    Now I can't open any .exes except what seems to be core Windows programs (IE, Media player etc)

    Some things I have tried:

    Tried booting in safe mode but I get a blue screen
    Tried a system restore which failed
    Tried downloading a reg fix but couldn't open it (got the 'select program to run this file or use the web to find the appropriate application' box)

    I am running Windows XP Pro.

    The files I am accessing are not on a network and have been directly installed on this machine.

    Any help with this would be really appreciated as I have been searching for a solution for days.

    Cheers,

    Rhys
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Try this fix: EXEFIX

    Save the .reg file to your desktop. Double-click it to merge it to the registry.

    Reboot.

    If the fix only opens as a text file, right-click it and select Open With > Choose Program... Then, select the Registry Editor.

    If the Registry Editor is not in the list, browse to C:\WINDOWS and select regedit.

    Select the Registry Editor. [​IMG]
     
  3. rhyz

    rhyz Thread Starter

    Joined:
    May 4, 2010
    Messages:
    6
    Hey thanks for your reply.

    I tried everything you said but when I go to open regedit I get an error message saying "Registry editing has been disabled by your Administrator".
     
  4. Tufenuf

    Tufenuf

    Joined:
    Jul 28, 2007
    Messages:
    2,461
  5. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Try the XP Emergency Utility.

    Save it to your desktop, right-click and select Extract all...

    Run the utility to get back regedit.
     
  6. rhyz

    rhyz Thread Starter

    Joined:
    May 4, 2010
    Messages:
    6
    i downloaded a vbs script that enables regedit but it seems to reset everytime i reboot/logoff.

    I ran the exe fix which enabled me to get into a couple of programs, but most still dont work.

    also downloaded the emergency utilities and i still get the error 'registry editing has been disabled by your administrator' or 'task manager has been disabled...'

    Im assuming its a really nasty virus because I can't boot in safe mode or even do a system restore.

    this is starting to drive me insane :(
     
  7. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    I would click on Report and kindly ask to be moved to the Malware Removal & HijackThis Logs forum. From there, be patient. You should get an answer within the next 48 hours. These guys are really busy!
     
  8. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Download Win32kDiag.exe from any of the following links to your desktop:

    http://ad13.geekstogo.com/Win32kDiag.exe
    http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe
    http://rootrepeal.psikotick.com/Win32kDiag.exe

    Run it, it will create a file "Win32kDiag.txt" on the desktop. Post its report in a reply.

    If having problems running .exe, Download this program

    http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe

    Drag each of the exe files that you are unable to run into Inherit.exe.

    Then wait for it to say "OK"
     
  9. rhyz

    rhyz Thread Starter

    Joined:
    May 4, 2010
    Messages:
    6
    Running from: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe
    Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt
    WARNING: Could not get backup privileges!
    Searching 'C:\WINDOWS'...


    Finished!


    ^ That's all that came up when I ran the win32 dialog.exe

    Also tried the Inherit .exe by dragging an exe into it (utorrent.exe) and nothing happened after I clicked the OK box. And the original exe still gives the error "windows cannot access the specified path, file or device"
     
  10. rhyz

    rhyz Thread Starter

    Joined:
    May 4, 2010
    Messages:
    6
    p.s. here is a Hijack this log I just ran incase it helps

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:56:06 PM, on 5/9/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\iTunes\iTunes.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svmi.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
    O4 - HKLM\..\Run: [] C:\WINDOWS\system\KEYBOARD.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKLM\..\Policies\Explorer\Run: [sys] C:\WINDOWS\Fonts\Fonts.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254679639531
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    --
    End of file - 7198 bytes
     
  11. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • OTL should now start. Change the following settings
      • Change Drivers to All
      • Change Standard Registry to All
      • Under File Scans, change File age to 30
    • Under the Custom Scan box paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      %SYSTEMDRIVE%\*.*
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
      • Please post the contents of these files in your next reply.
     
  12. rhyz

    rhyz Thread Starter

    Joined:
    May 4, 2010
    Messages:
    6
    OTL.txt

    OTL logfile created on: 5/9/2010 3:37:43 PM - Run 1
    OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 322.00 Mb Available Physical Memory | 32.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 12.60 Gb Free Space | 16.91% Space Free | Partition Type: NTFS
    Drive D: | 6.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: USER-E71C854F9F
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/05/09 15:36:27 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2010/05/09 12:34:47 | 000,012,288 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svmi.exe
    PRC - [2010/05/06 13:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
    PRC - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2009/10/04 14:03:07 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2009/10/04 13:42:50 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgemc.exe
    PRC - [2009/10/04 13:42:50 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
    PRC - [2009/10/04 13:42:50 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    PRC - [2009/10/04 13:42:50 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    PRC - [2009/10/04 13:42:49 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
    PRC - [2008/02/28 14:04:08 | 001,440,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    PRC - [2008/02/28 14:04:08 | 000,053,032 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    PRC - [2008/01/02 13:04:20 | 001,552,384 | ---- | M] (D-Link) -- C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
    PRC - [2007/01/19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/05/09 15:36:27 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2009/10/04 13:42:50 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\PROGRA~1\AVG\AVG8\avgemc.exe -- (avg8emc)
    SRV - [2009/10/04 13:42:49 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
    SRV - [2009/10/04 09:34:04 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc -- (MSDTC)
    SRV - [2008/02/28 14:04:08 | 001,440,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv)
    SRV - [2008/02/28 14:04:08 | 000,053,032 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)


    ========== Driver Services (All) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (asc3360pr)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
    DRV - [2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/05/06 13:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/05/06 13:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2009/11/11 17:27:37 | 000,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
    DRV - [2009/10/04 13:43:07 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2009/10/04 13:43:02 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2009/10/04 13:43:01 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/08/28 20:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
    DRV - [2009/06/24 04:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
    DRV - [2009/05/18 15:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2008/12/11 03:57:09 | 000,333,952 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
    DRV - [2008/10/24 04:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
    DRV - [2008/08/14 03:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
    DRV - [2008/06/20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
    DRV - [2008/04/14 05:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
    DRV - [2008/04/14 05:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
    DRV - [2008/04/14 05:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
    DRV - [2008/04/14 05:00:00 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
    DRV - [2008/04/14 05:00:00 | 000,264,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
    DRV - [2008/04/14 05:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
    DRV - [2008/04/14 05:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
    DRV - [2008/04/14 05:00:00 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
    DRV - [2008/04/14 05:00:00 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
    DRV - [2008/04/14 05:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
    DRV - [2008/04/14 05:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
    DRV - [2008/04/14 05:00:00 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
    DRV - [2008/04/14 05:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
    DRV - [2008/04/14 05:00:00 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
    DRV - [2008/04/14 05:00:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fltMgr.sys -- (FltMgr)
    DRV - [2008/04/14 05:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
    DRV - [2008/04/14 05:00:00 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
    DRV - [2008/04/14 05:00:00 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
    DRV - [2008/04/14 05:00:00 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
    DRV - [2008/04/14 05:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
    DRV - [2008/04/14 05:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
    DRV - [2008/04/14 05:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
    DRV - [2008/04/14 05:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
    DRV - [2008/04/14 05:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
    DRV - [2008/04/14 05:00:00 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
    DRV - [2008/04/14 05:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
    DRV - [2008/04/14 05:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
    DRV - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
    DRV - [2008/04/14 05:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
    DRV - [2008/04/14 05:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
    DRV - [2008/04/14 05:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
    DRV - [2008/04/14 05:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
    DRV - [2008/04/14 05:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
    DRV - [2008/04/14 05:00:00 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
    DRV - [2008/04/14 05:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
    DRV - [2008/04/14 05:00:00 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
    DRV - [2008/04/14 05:00:00 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
    DRV - [2008/04/14 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
    DRV - [2008/04/14 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
    DRV - [2008/04/14 05:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
    DRV - [2008/04/14 05:00:00 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
    DRV - [2008/04/14 05:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
    DRV - [2008/04/14 05:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
    DRV - [2008/04/14 05:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - [2008/04/14 05:00:00 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
    DRV - [2008/04/14 05:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
    DRV - [2008/04/14 05:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
    DRV - [2008/04/14 05:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
    DRV - [2008/04/14 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
    DRV - [2008/04/14 05:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
    DRV - [2008/04/14 05:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
    DRV - [2008/04/14 05:00:00 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
    DRV - [2008/04/14 05:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
    DRV - [2008/04/14 05:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
    DRV - [2008/04/14 05:00:00 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
    DRV - [2008/04/14 05:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
    DRV - [2008/04/14 05:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
    DRV - [2008/04/14 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
    DRV - [2008/04/14 05:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
    DRV - [2008/04/14 05:00:00 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
    DRV - [2008/04/14 05:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
    DRV - [2008/04/14 05:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
    DRV - [2008/04/14 05:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
    DRV - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
    DRV - [2008/04/14 05:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
    DRV - [2008/04/14 05:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
    DRV - [2008/04/14 05:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
    DRV - [2008/04/14 05:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
    DRV - [2008/04/14 05:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
    DRV - [2008/04/14 05:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
    DRV - [2008/04/14 05:00:00 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
    DRV - [2008/04/14 05:00:00 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
    DRV - [2008/04/14 05:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
    DRV - [2008/04/14 05:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
    DRV - [2008/04/14 05:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
    DRV - [2008/04/14 05:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
    DRV - [2008/04/14 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
    DRV - [2008/04/14 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
    DRV - [2008/04/14 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
    DRV - [2008/04/14 05:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
    DRV - [2008/04/14 01:15:36 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
    DRV - [2008/04/14 00:47:20 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
    DRV - [2008/04/14 00:45:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
    DRV - [2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
    DRV - [2008/04/14 00:15:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
    DRV - [2008/04/14 00:15:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
    DRV - [2008/04/14 00:15:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
    DRV - [2008/04/14 00:15:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
    DRV - [2008/04/14 00:15:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
    DRV - [2008/04/14 00:15:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
    DRV - [2008/04/14 00:15:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
    DRV - [2008/04/14 00:15:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
    DRV - [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
    DRV - [2008/04/14 00:09:54 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
    DRV - [2008/04/14 00:09:52 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
    DRV - [2008/04/14 00:09:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
    DRV - [2008/04/14 00:09:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
    DRV - [2008/04/14 00:06:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
    DRV - [2008/04/14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
    DRV - [2008/04/14 00:02:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
    DRV - [2008/04/13 22:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
    DRV - [2008/04/13 17:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
    DRV - [2008/02/28 14:03:58 | 000,040,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
    DRV - [2008/02/28 14:03:58 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
    DRV - [2008/02/28 14:03:48 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2008/01/15 22:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
    DRV - [2007/12/28 16:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
    DRV - [2007/10/09 14:13:00 | 000,038,144 | ---- | M] (Realtek) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt)
    DRV - [2005/12/11 12:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
    DRV - [2005/04/05 22:46:28 | 000,830,684 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
    DRV - [2005/03/17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/01/27 16:31:06 | 000,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
    DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2001/08/17 13:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
    DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
    DRV - [2001/08/17 06:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

    FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/04 13:45:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/05 15:29:07 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/05 15:29:25 | 000,000,000 | ---D | M]

    [2010/05/05 15:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/05/05 15:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2010/05/05 15:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\syc4xk58.default\extensions
    [2010/05/05 14:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/05 14:37:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2010/04/01 10:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
    [2010/04/01 10:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
    [2010/04/01 10:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    [2010/04/01 08:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
    [2010/04/01 08:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
    [2010/04/01 08:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
    [2010/04/01 08:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
    [2010/04/01 08:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
    [2010/04/01 08:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
    [2010/04/01 08:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

    O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [] C:\WINDOWS\system\KEYBOARD.exe File not found
    O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI File not found
    O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe ()
    O4 - HKLM..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe (D-Link)
    O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe ()
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe ()
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: sys = C:\WINDOWS\Fonts\Fonts.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254679639531 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O27 - HKLM IFEO\auto.exe: Debugger - C:\WINDOWS\system32\drivers\drivers.cab.exe File not found
    O27 - HKLM IFEO\autorun.exe: Debugger - C:\WINDOWS\system32\drivers\drivers.cab.exe File not found
    O27 - HKLM IFEO\autoruns.exe: Debugger - C:\WINDOWS\system32\drivers\drivers.cab.exe File not found
    O27 - HKLM IFEO\boot.exe: Debugger - C:\WINDOWS\Fonts\fonts.exe File not found
    O27 - HKLM IFEO\ctfmon.exe: Debugger - C:\WINDOWS\Fonts\Fonts.exe File not found
    O27 - HKLM IFEO\msconfig.exe: Debugger - C:\WINDOWS\Media\rndll32.pif File not found
    O27 - HKLM IFEO\procexp.exe: Debugger - C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com File not found
    O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\WINDOWS\Fonts\tskmgr.exe File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/10/04 09:36:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{bac746d5-3231-11df-839b-001b11bb78c7}\Shell - "" = Autorun
    O33 - MountPoints2\{bac746d5-3231-11df-839b-001b11bb78c7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{bac746d5-3231-11df-839b-001b11bb78c7}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 12:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{bac746d5-3231-11df-839b-001b11bb78c7}\Shell\Open\command - "" = RECYCLER\S-8-6-12-100003581-100024220-100030290-7771.com c:\
    O33 - MountPoints2\{f9661c59-541e-11df-83c7-001b11bb78c7}\Shell\AutOpLay\coMmand - "" = E:\wktjll.pif -- File not found
    O33 - MountPoints2\{f9661c59-541e-11df-83c7-001b11bb78c7}\Shell\AutoRun\command - "" = E:\wktjll.pif -- File not found
    O33 - MountPoints2\{f9661c59-541e-11df-83c7-001b11bb78c7}\Shell\explOre\commAnD - "" = E:\wktjll.pif -- File not found
    O33 - MountPoints2\{f9661c59-541e-11df-83c7-001b11bb78c7}\Shell\OpEN\comMand - "" = E:\wktjll.pif -- File not found
    O33 - MountPoints2\{f9661c5a-541e-11df-83c7-001b11bb78c7}\Shell\autOplay\commaNd - "" = F:\huhety.pif -- File not found
    O33 - MountPoints2\{f9661c5a-541e-11df-83c7-001b11bb78c7}\Shell\AutoRun\command - "" = F:\huhety.pif -- File not found
    O33 - MountPoints2\{f9661c5a-541e-11df-83c7-001b11bb78c7}\Shell\eXplOre\command - "" = F:\huhety.pif -- File not found
    O33 - MountPoints2\{f9661c5a-541e-11df-83c7-001b11bb78c7}\Shell\open\ComManD - "" = F:\huhety.pif -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/04 09:36:24 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - StartUpFolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk - C:\PROGRA~1\NETGEAR\WG111v3\WG111v3.exe - ()
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ()
    MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - C:\PROGRA~1\AVG\AVG8\avgtray.exe ()
    MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ()
    MsConfig - StartUpReg: InCD - hkey= - key= - C:\Program Files\Nero\Nero8\InCD\InCD.exe ()
    MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ()
    MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe ()
    MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe ()
    MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe ()
    MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe ()
    MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe File not found
    MsConfig - StartUpReg: SecurDisc - hkey= - key= - C:\Program Files\Nero\Nero8\InCD\NBHGui.exe ()
    MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe ()
    MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe ()
    MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe ()
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2



    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/05/09 15:36:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/05/09 14:04:24 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/05/09 14:04:24 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/05/09 14:04:23 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/05/09 14:04:23 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/05/09 14:04:21 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/05/09 14:04:21 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/05/09 14:04:21 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/05/09 14:04:01 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/05/09 14:04:01 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
    [2010/05/09 14:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/05/09 14:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/05/09 13:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/05/08 12:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\LCD Soundsystem - This Is Happening (2010)
    [2010/05/06 16:31:19 | 000,000,000 | ---D | C] -- C:\EmergencyUtils
    [2010/05/06 16:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\xp_emergencyutil
    [2010/05/05 15:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\bankmain_files
    [2010/05/05 14:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
    [2010/05/05 14:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
    [2010/05/05 14:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/05/04 16:49:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2010/04/29 23:47:30 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndll32.exe
    [2010/04/29 23:46:40 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskmgr.exe
    [2010/04/29 23:46:40 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
    [2010/04/28 15:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\espxe
    [2010/04/13 08:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)
    [2010/04/10 13:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/05/09 15:48:17 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1214440339-1177238915-500UA.job
    [2010/05/09 15:48:08 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1214440339-1177238915-500Core.job
    [2010/05/09 15:36:27 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/05/09 15:34:42 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
    [2010/05/09 14:04:25 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/05/09 14:04:22 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/05/09 14:03:36 | 050,423,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setup_av_free.exe
    [2010/05/09 13:55:47 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
    [2010/05/09 13:55:42 | 000,886,072 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HJTsetup.exe
    [2010/05/09 12:31:05 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Inherit.exe
    [2010/05/09 12:30:02 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe
    [2010/05/09 12:22:26 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{E8ED9518-F13C-42EB-B71B-71308165D343}
    [2010/05/09 12:22:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/05/09 12:21:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/09 12:21:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/09 00:41:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2010/05/08 12:30:01 | 153,745,202 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LCD Soundsystem - This Is Happening (2010).zip
    [2010/05/06 18:45:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/05/06 17:03:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/05/06 17:03:54 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/06 16:35:26 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UnHookExec.inf
    [2010/05/06 16:30:35 | 000,007,875 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\xp_emergencyutil.zip
    [2010/05/06 13:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
    [2010/05/06 13:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/05/06 13:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/05/06 13:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/05/06 13:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/05/05 17:37:00 | 000,002,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\xp_exe_fix.reg
    [2010/05/05 17:36:27 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\xp_exe_fix.zip
    [2010/05/05 17:35:35 | 016,104,139 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\01 Dance Yrself Clean.mp3
    [2010/05/05 17:20:16 | 007,425,252 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\02 Drunk Girls (Holy Ghost! Remix).mp3
    [2010/05/05 17:06:15 | 000,002,724 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\mimailc_remove.vbs
    [2010/05/05 15:26:06 | 000,009,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\exefix.reg
    [2010/05/05 15:11:24 | 000,046,892 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bankmain.htm
    [2010/05/05 14:37:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2010/05/05 14:37:13 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/05/05 14:27:33 | 000,001,341 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\regtools.vbs
    [2010/05/04 19:36:24 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iTunes.lnk
    [2010/05/03 21:15:14 | 000,632,488 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ChromeSetup.exe
    [2010/04/29 23:46:39 | 000,000,265 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/04/29 08:52:58 | 059,354,843 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/04/28 08:46:28 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ra_doco_3273394.doc
    [2010/04/27 21:21:38 | 000,022,057 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\journal.odt
    [2010/04/27 18:14:03 | 000,017,113 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Untitled 1.odt
    [2010/04/14 23:11:22 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\the cinematic image8.doc
    [2010/04/13 16:34:35 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\the cinematic image.doc
    [2010/04/10 15:41:34 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{A2B91781-AB9D-44E6-8CF4-13E5CCE9E2C9}
    [2010/04/09 16:03:08 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{F1182DCE-CD1A-4AD0-8B6F-20C1D070D7BB}
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/09 14:04:25 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/05/09 14:03:19 | 050,423,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\setup_av_free.exe
    [2010/05/09 13:55:47 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
    [2010/05/09 13:55:29 | 000,886,072 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HJTsetup.exe
    [2010/05/09 12:30:51 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Inherit.exe
    [2010/05/09 12:29:55 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe
    [2010/05/08 12:29:58 | 153,745,202 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LCD Soundsystem - This Is Happening (2010).zip
    [2010/05/06 16:35:22 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UnHookExec.inf
    [2010/05/06 16:30:33 | 000,007,875 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\xp_emergencyutil.zip
    [2010/05/05 17:36:19 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\xp_exe_fix.zip
    [2010/05/05 17:20:16 | 007,425,252 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\02 Drunk Girls (Holy Ghost! Remix).mp3
    [2010/05/05 17:19:05 | 016,104,139 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\01 Dance Yrself Clean.mp3
    [2010/05/05 17:06:15 | 000,002,724 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mimailc_remove.vbs
    [2010/05/05 15:14:54 | 000,009,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\exefix.reg
    [2010/05/05 15:11:17 | 000,046,892 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bankmain.htm
    [2010/05/05 14:37:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/05/05 14:37:13 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/05/05 14:27:33 | 000,001,341 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\regtools.vbs
    [2010/05/04 19:36:24 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to iTunes.lnk
    [2010/05/03 21:14:46 | 000,632,488 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ChromeSetup.exe
    [2010/04/29 23:46:40 | 000,307,200 | R-S- | C] () -- C:\WINDOWS\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
    [2010/04/29 23:46:40 | 000,307,200 | R-S- | C] () -- C:\WINDOWS\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe
    [2010/04/29 23:46:40 | 000,307,200 | RHS- | C] () -- C:\WINDOWS\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe
    [2010/04/28 08:46:26 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ra_doco_3273394.doc
    [2010/04/27 21:21:37 | 000,022,057 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\journal.odt
    [2010/04/27 18:13:16 | 000,017,113 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Untitled 1.odt
    [2010/04/13 23:40:22 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\the cinematic image8.doc
    [2010/04/13 16:34:34 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\the cinematic image.doc
    [2010/04/10 15:41:34 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{A2B91781-AB9D-44E6-8CF4-13E5CCE9E2C9}
    [2010/03/04 14:03:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
    [2010/03/01 20:34:44 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
    [2009/11/16 22:39:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/11/16 22:38:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/10/04 09:36:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/03/29 23:24:56 | 000,000,212 | RHS- | M] () -- C:\boot.ini
    [2009/10/04 09:36:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/10/04 09:36:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/10/04 09:36:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/05/09 12:21:45 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys


    < MD5 for: AGP440.SYS >
    [2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
    [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2008/04/14 05:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
    [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
    [2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

    < MD5 for: IASTOR.SYS >
    [2008/05/07 15:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\WINDOWS\Dell\Intel\IaStor.sys

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
    [2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

    < MD5 for: NVGTS.SYS >
    [2008/01/21 11:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys

    < MD5 for: NVRD32.SYS >
    [2008/01/21 11:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\WINDOWS\Dell\NVidia\nvrd32.sys

    < MD5 for: SCECLI.DLL >
    [2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
    [2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/10/04 02:27:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/10/04 02:27:39 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/10/04 02:27:39 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/04/14 05:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >
    < End of report >


    Extras.txt

    OTL Extras logfile created on: 5/9/2010 3:37:43 PM - Run 1
    OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 322.00 Mb Available Physical Memory | 32.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 12.60 Gb Free Space | 16.91% Space Free | Partition Type: NTFS
    Drive D: | 6.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: USER-E71C854F9F
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" %*
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- ()
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- ()
    "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- ()
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- ()
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:ipsec -- ()
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- ()
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- ()
    "E:\.fseventsd.exe" = E:\.fseventsd.exe:*:Enabled:ipsec -- File not found
    "C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
    "C:\WINDOWS\system32\igfxtray.exe" = C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec -- ()
    "C:\WINDOWS\system32\userinit.exe" = C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
    "C:\WINDOWS\system32\hkcmd.exe" = C:\WINDOWS\system32\hkcmd.exe:*:Enabled:ipsec -- (Intel Corporation)
    "C:\Program Files\QuickTime\qttask.exe" = C:\Program Files\QuickTime\qttask.exe:*:Enabled:ipsec -- ()
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winiybyy.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winiybyy.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlglejo.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlglejo.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winofasf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winofasf.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iwii.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iwii.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkebgn.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkebgn.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwkab.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwkab.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xtaev.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xtaev.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwqfg.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwqfg.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsbpk.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsbpk.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyerjtu.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyerjtu.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmbxne.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmbxne.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dtwaf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dtwaf.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingqdvu.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingqdvu.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winprmi.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winprmi.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrgqsd.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrgqsd.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winoaois.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winoaois.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svmpaj.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svmpaj.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winefmo.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winefmo.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfjn.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfjn.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintftu.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintftu.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhioo.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhioo.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmrlllf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmrlllf.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincvrki.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincvrki.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winplqlkv.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winplqlkv.exe:*:Enabled:ipsec -- File not found
    "C:\Program Files\Java\jre6\bin\jusched.exe" = C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec -- (Sun Microsystems, Inc.)
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaugjf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaugjf.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbsoxt.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbsoxt.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rurr.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rurr.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winoqyhmu.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winoqyhmu.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrqedl.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrqedl.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfxkhs.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfxkhs.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dgjeg.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dgjeg.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxsooxq.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxsooxq.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\odaf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\odaf.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winclihd.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winclihd.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nxgsnk.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nxgsnk.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\trfed.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\trfed.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrhpkh.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrhpkh.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwgtu.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwgtu.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winguyxm.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winguyxm.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ohit.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ohit.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrpun.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrpun.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bbbe.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bbbe.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evqpia.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evqpia.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjwnlkg.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjwnlkg.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintuuqnj.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintuuqnj.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wineokaew.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wineokaew.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kikvsg.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kikvsg.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqiotp.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqiotp.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winegyvbm.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winegyvbm.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ckqdpw.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ckqdpw.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmxpm.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmxpm.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\oqms.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\oqms.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qqww.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qqww.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svfgtv.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svfgtv.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sjgjl.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sjgjl.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintmvf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintmvf.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winawpcj.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winawpcj.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincxupw.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincxupw.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\soky.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\soky.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rpsy.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rpsy.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eiiks.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eiiks.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cgbuuq.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cgbuuq.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windfjo.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windfjo.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svmi.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svmi.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ynbj.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ynbj.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mlpcjf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mlpcjf.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ernqc.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ernqc.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qkknmi.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qkknmi.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbwiex.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbwiex.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfhxm.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfhxm.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgqff.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgqff.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhkqnln.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhkqnln.exe:*:Enabled:ipsec -- File not found
    "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:ipsec -- (Microsoft Corporation)
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fcpl.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fcpl.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winchqklx.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winchqklx.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sois.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sois.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winusps.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winusps.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlbew.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlbew.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnnsi.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnnsi.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eyeumj.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eyeumj.exe:*:Enabled:ipsec -- File not found
    "C:\Program Files\iTunes\iTunesHelper.exe" = C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:ipsec -- (Apple Inc.)
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwvvnf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwvvnf.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winodqpp.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winodqpp.exe:*:Enabled:ipsec -- File not found
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winseutd.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winseutd.exe:*:Enabled:ipsec -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
    "{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus XtremeG DWL-G122
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
    "{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
    "{B661D1BD-5C0C-4EF1-A801-B5699AD41033}" = Nero 8 Essentials
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
    "{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "0D5BC5DD5940677F9B5623C12951388F5EF72436" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
    "84261EAEDFA5240ACFFEDFB145134E295B649795" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
    "8ABEA6D4578549FADD34471076DFC5C22976C6D9" = Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast5" = avast! Free Antivirus
    "AVG8Uninstall" = AVG Free 8.5
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "EDE780BB5DCF2C3476C105BAE4CC1175516E9173" = Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
    "Fallout Tactics" = Fallout Tactics
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
    "InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
    "iPodAid iPod to Computer Transfer_is1" = iPodAid iPod to Computer Transfer 6
    "Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.2
    "MeowMultiSound_is1" = MeowMultiSound 1.00
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "NodePhone Expert_is1" = NodePhone Expert 1.1c
    "RealPlayer 12.0" = RealPlayer
    "Steam App 10" = Counter-Strike
    "uTorrent" = µTorrent
    "Veoh Web Player Beta" = Veoh Web Player
    "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
    "VLC media player" = VLC media player 1.0.3
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
    "Xilisoft iPod Manager" = Xilisoft iPod Rip

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/22/2010 11:48:05 AM | Computer Name = USER-E71C854F9F | Source = Google Update | ID = 20
    Description =

    Error - 4/22/2010 12:48:05 PM | Computer Name = USER-E71C854F9F | Source = Google Update | ID = 20
    Description =

    Error - 4/22/2010 1:48:05 PM | Computer Name = USER-E71C854F9F | Source = Google Update | ID = 20
    Description =

    Error - 4/22/2010 2:48:05 PM | Computer Name = USER-E71C854F9F | Source = Google Update | ID = 20
    Description =

    Error - 4/23/2010 8:48:05 AM | Computer Name = USER-E71C854F9F | Source = Google Update | ID = 20
    Description =

    Error - 4/23/2010 9:48:05 AM | Computer Name = USER-E71C854F9F | Source = Google Update | ID = 20
    Description =

    Error - 4/23/2010 10:48:05 AM | Computer Name = USER-E71C854F9F | Source = Google Update | ID = 20
    Description =

    Error - 4/23/2010 11:48:05 AM | Computer Name = USER-E71C854F9F | Source = Google Update | ID = 20
    Description =

    Error - 4/23/2010 12:48:05 PM | Computer Name = USER-E71C854F9F | Source = Google Update | ID = 20
    Description =

    Error - 4/28/2010 7:51:09 PM | Computer Name = USER-E71C854F9F | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00530044.

    [ System Events ]
    Error - 5/9/2010 3:31:24 PM | Computer Name = USER-E71C854F9F | Source = Service Control Manager | ID = 7000
    Description = The asc3360pr service failed to start due to the following error:
    %%5

    Error - 5/9/2010 5:05:26 PM | Computer Name = USER-E71C854F9F | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for DeleteFlag with the following
    error: %%5

    Error - 5/9/2010 5:05:26 PM | Computer Name = USER-E71C854F9F | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for DeleteFlag with the following
    error: %%5

    Error - 5/9/2010 5:05:26 PM | Computer Name = USER-E71C854F9F | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for DeleteFlag with the following
    error: %%5

    Error - 5/9/2010 5:21:17 PM | Computer Name = USER-E71C854F9F | Source = Service Control Manager | ID = 7000
    Description = The asc3360pr service failed to start due to the following error:
    %%5

    Error - 5/9/2010 5:21:17 PM | Computer Name = USER-E71C854F9F | Source = Service Control Manager | ID = 7000
    Description = The asc3360pr service failed to start due to the following error:
    %%5

    Error - 5/9/2010 6:38:37 PM | Computer Name = USER-E71C854F9F | Source = Service Control Manager | ID = 7000
    Description = The asc3360pr service failed to start due to the following error:
    %%5

    Error - 5/9/2010 6:38:37 PM | Computer Name = USER-E71C854F9F | Source = Service Control Manager | ID = 7000
    Description = The asc3360pr service failed to start due to the following error:
    %%5

    Error - 5/9/2010 6:38:49 PM | Computer Name = USER-E71C854F9F | Source = Service Control Manager | ID = 7000
    Description = The asc3360pr service failed to start due to the following error:
    %%5

    Error - 5/9/2010 6:38:49 PM | Computer Name = USER-E71C854F9F | Source = Service Control Manager | ID = 7000
    Description = The asc3360pr service failed to start due to the following error:
    %%5


    < End of report >

     
  13. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :OTL
      PRC - [2010/05/09 12:34:47 | 000,012,288 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svmi.exe
      SRV - [2009/10/04 09:34:04 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc -- (MSDTC)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKLM..\Run: [] C:\WINDOWS\system\KEYBOARD.exe File not found
      O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI File not found
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr=- 1
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools=- 1
      O27 - HKLM IFEO\auto.exe: Debugger - C:\WINDOWS\system32\drivers\drivers.cab.exe File not found
      O27 - HKLM IFEO\autorun.exe: Debugger - C:\WINDOWS\system32\drivers\drivers.cab.exe File not found
      O27 - HKLM IFEO\autoruns.exe: Debugger - C:\WINDOWS\system32\drivers\drivers.cab.exe File not found
      O27 - HKLM IFEO\boot.exe: Debugger - C:\WINDOWS\Fonts\fonts.exe File not found
      O27 - HKLM IFEO\ctfmon.exe: Debugger - C:\WINDOWS\Fonts\Fonts.exe File not found
      O27 - HKLM IFEO\msconfig.exe: Debugger - C:\WINDOWS\Media\rndll32.pif File not found
      O27 - HKLM IFEO\procexp.exe: Debugger - C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com File not found
      O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\WINDOWS\Fonts\tskmgr.exe File not found
      O33 - MountPoints2\{bac746d5-3231-11df-839b-001b11bb78c7}\Shell\Open\command - ""=- RECYCLER\S-8-6-12-100003581-100024220-100030290-7771.com c:\
      O33 - MountPoints2\{f9661c59-541e-11df-83c7-001b11bb78c7}\Shell\AutOpLay\coMmand - ""=- E:\wktjll.pif -- File not found
      O33 - MountPoints2\{f9661c59-541e-11df-83c7-001b11bb78c7}\Shell\AutoRun\command - ""=- E:\wktjll.pif -- File not found
      O33 - MountPoints2\{f9661c59-541e-11df-83c7-001b11bb78c7}\Shell\explOre\commAnD - ""=- E:\wktjll.pif -- File not found
      O33 - MountPoints2\{f9661c59-541e-11df-83c7-001b11bb78c7}\Shell\OpEN\comMand - ""=- E:\wktjll.pif -- File not found
      O33 - MountPoints2\{f9661c5a-541e-11df-83c7-001b11bb78c7}\Shell\autOplay\commaNd - ""=- F:\huhety.pif -- File not found
      O33 - MountPoints2\{f9661c5a-541e-11df-83c7-001b11bb78c7}\Shell\AutoRun\command - ""=- F:\huhety.pif -- File not found
      O33 - MountPoints2\{f9661c5a-541e-11df-83c7-001b11bb78c7}\Shell\eXplOre\command - ""=- F:\huhety.pif -- File not found
      O33 - MountPoints2\{f9661c5a-541e-11df-83c7-001b11bb78c7}\Shell\open\ComManD - ""=- F:\huhety.pif -- File not found
      
      :files
      C:\WINDOWS\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
      C:\WINDOWS\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe
      C:\WINDOWS\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe
      
      :reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winiybyy.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlglejo.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winofasf.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iwii.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkebgn.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwkab.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xtaev.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwqfg.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsbpk.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyerjtu.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmbxne.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dtwaf.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingqdvu.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winprmi.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrgqsd.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winoaois.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svmpaj.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winefmo.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfjn.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintftu.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhioo.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmrlllf.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincvrki.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winplqlkv.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaugjf.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbsoxt.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rurr.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winoqyhmu.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrqedl.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfxkhs.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dgjeg.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxsooxq.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\odaf.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winclihd.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nxgsnk.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\trfed.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrhpkh.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwgtu.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winguyxm.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ohit.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrpun.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bbbe.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evqpia.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjwnlkg.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintuuqnj.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wineokaew.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kikvsg.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqiotp.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winegyvbm.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ckqdpw.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmxpm.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\oqms.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qqww.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svfgtv.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sjgjl.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintmvf.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winawpcj.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincxupw.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\soky.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rpsy.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eiiks.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cgbuuq.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windfjo.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svmi.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ynbj.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mlpcjf.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ernqc.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qkknmi.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbwiex.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfhxm.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgqff.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhkqnln.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fcpl.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winchqklx.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sois.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winusps.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlbew.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnnsi.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eyeumj.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwvvnf.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winodqpp.exe=-
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winseutd.exe=-
      
      :Commands
      [EMPTYTEMP]
      [RESETHOSTS]
      [REBOOT]
    • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
    • Click the red Run Fix button.
    • The computer will restart
    • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.
    Download the GMER Rootkit Scanner. Unzip it to your Desktop.

    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
    • Double click GMER.exe.
      [​IMG]
    • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
    • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
        [​IMG]
        Click the image to enlarge it
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
    • Save the log where you can easily find it, such as your desktop.
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Please copy and paste the report into your Post.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/920969

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice