1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

windows can't find 2 items that are in my startup menu

Discussion in 'Virus & Other Malware Removal' started by Royal_Flush, Dec 28, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Royal_Flush

    Royal_Flush Thread Starter

    Joined:
    Aug 6, 2009
    Messages:
    185
    When I log on I get a warning that windows can't find 2 items that are in my startup menu. Both these items are identified by 2 rectangular boxes which also appear under the command heading. The other difference between these items and the rest in my startup menu is their location is in Windows NT whereas all the other items are located in Windows.

    If I uncheck these items in msconfig and apply and restart my computer it boots up in Selective rather than Normal Startup. I don't know what to do please help.:confused:
     
  2. JennyJackson01

    JennyJackson01 Account Closed

    Joined:
    Apr 3, 2010
    Messages:
    638
    If you alter anything in msconfig, it`ll start up in Selective mode rather than Normal as you`ve changed it from the default setting ... don`t worry about that bit.

    Does the computer work okay with these removed, if so let it ride and see what happens.

    Regards
    Jenny
     
  3. TheOutcaste

    TheOutcaste

    Joined:
    Aug 7, 2007
    Messages:
    9,028
    Set msconfig back to Normal Startup so everything is checked.
    • Go here to Download HiJack This
    • Click the Download HijackThis Installer link.
    • Save HJTInstall.exe to your desktop.
    • Double click on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis
    • Click Install
      It will install and automatically run
      Note, for Vista/Win7, except for the first run when it installs, you must right click the icon, and click Run as administrator
    • Click the I Accept button on the License Agreement Window
    • The Main Menu window will open
    • Click on the Do a system scan and save a log file button.
    • It will scan, save the log in C:\Program Files\Trend Micro\HijackThis, and then the log will open in Notepad.
    • In Notepad, click on Format and make sure Word Wrap is unchecked
    • In Notepad, click on Edit | Select All then click on Edit | Copy to copy the entire log.
    • Paste the log in your next reply. (Click in the Reply window, press CTRL+V to paste).
    • DO NOT have HijackThis fix anything yet. Most of what it finds is required or harmless.
    For Vista/Win7, you can set the shortcut to always Run as administrator.
    Right click the HijackThis shortcut on the Desktop or Start Menu, then click Properties
    On the Shortcut tab, click the Advanced... button
    Check the box for Run as administrator
    Click OK
    Click OK
     
  4. Royal_Flush

    Royal_Flush Thread Starter

    Joined:
    Aug 6, 2009
    Messages:
    185
    Thanks for your response, here's the log file:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:40:52 PM, on 12/28/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS1\System32\smss.exe
    C:\WINDOWS1\system32\winlogon.exe
    C:\WINDOWS1\system32\services.exe
    C:\WINDOWS1\system32\lsass.exe
    C:\WINDOWS1\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS1\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS1\system32\LEXBCES.EXE
    C:\WINDOWS1\system32\LEXPPS.EXE
    C:\WINDOWS1\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS1\system32\svchost.exe
    C:\WINDOWS1\Explorer.EXE
    C:\WINDOWS1\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
    C:\WINDOWS1\system32\ctfmon.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Program Files\GSTrainer\Console\Paper\bin\Console.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\WINDOWS1\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brookspriceaction.com/portal.php?page=6
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F3 - REG:win.ini: load=?
    F3 - REG:win.ini: run=?
    O1 - Hosts: 255.255.255.255 hcurltest5
    O1 - Hosts: 255.255.255.255 vnsjs1.1stworks.com
    O1 - Hosts: 255.255.255.255 hcurltest3
    O1 - Hosts: 74.208.77.54 hcurltest1
    O1 - Hosts: 82.165.161.232 hcurltest2
    O2 - BHO: (no name) - {05363A0D-727D-4739-9E97-F203C1B8FB71} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS1\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS1\system32\ctfmon.exe
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183210918734
    O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.ca/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
    O20 - Winlogon Notify: 7c461329716 - Invalid registry found
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS1\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS1\system32\browseui.dll
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS1\system32\LEXBCES.EXE

    --
    End of file - 7392 bytes
     
  5. TheOutcaste

    TheOutcaste

    Joined:
    Aug 7, 2007
    Messages:
    9,028
    Got one entry there I'm not sure about. I've asked for one of the malware experts to take a look, so don't want to do anything until we see what they say.
     
  6. Royal_Flush

    Royal_Flush Thread Starter

    Joined:
    Aug 6, 2009
    Messages:
    185
  7. TheOutcaste

    TheOutcaste

    Joined:
    Aug 7, 2007
    Messages:
    9,028
    It could be. That thread you linked was a system running Vista, yours is running XP, there may be additional steps that need to be done.

    Generally not a good idea to run those tools without assistance, they can make a system unbootable, especially if the steps are intended for a different OS.

    At this point I don't know if this is a remnant that didn't get removed, and just needs to be removed, or is an indication of different infection than the one you did remove, so I don't want to do anything that might make it harder to determine just what it is.
     
  8. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    @TheOutcaste. Thanks.

    Hi, Royal_Flush :)

    Welcome.

    Download OTL to your Desktop. Also download the enclosed Scan.txt to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • OTL should now start. Change the following settings
      • Change Drivers to All
      • Change Standard Registry to All
      • Under File Scans, change File age to 30
    • Double click on the Custom Scan box. Browse and select the Scan.txt you just downloaded. Its contents will appear in the window.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
      • Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.
     

    Attached Files:

    • scan.txt
      File size:
      591 bytes
      Views:
      1
  9. Royal_Flush

    Royal_Flush Thread Starter

    Joined:
    Aug 6, 2009
    Messages:
    185
    JSntgRvr, Thanks for your response. This is my 2nd attempt to post the results:

    OTL logfile created on: 12/28/2010 3:22:57 PM - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Murray Grummitt.UNITED-18653590\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS1 | %ProgramFiles% = C:\Program Files
    Drive C: | 38.28 Gb Total Space | 6.07 Gb Free Space | 15.86% Space Free | Partition Type: NTFS

    Computer Name: UNITED-18653590 | User Name: Murray Grummitt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/28 15:05:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\My Documents\Downloads\OTL.exe
    PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/04/30 07:40:20 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
    PRC - [2010/04/30 07:40:20 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
    PRC - [2010/04/30 07:40:20 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
    PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\explorer.exe
    PRC - [2007/05/11 03:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
    PRC - [2000/08/14 15:48:06 | 000,032,768 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/28 15:05:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\My Documents\Downloads\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS1\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS1\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


    ========== Driver Services (All) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
    DRV - [2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\System32\drivers\ndproxy.sys -- (NDProxy)
    DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS1\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS1\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS1\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/08/26 08:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\srv.sys -- (Srv)
    DRV - [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS1\system32\drivers\mrxsmb.sys -- (MRxSmb)
    DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\http.sys -- (HTTP)
    DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\System32\drivers\ksecdd.sys -- (KSecDD)
    DRV - [2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\afd.sys -- (AFD)
    DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\tcpip.sys -- (Tcpip)
    DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\termdd.sys -- (TermDD)
    DRV - [2008/04/13 19:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\System32\drivers\rdpwd.sys -- (RDPWD)
    DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\System32\drivers\tdtcp.sys -- (TDTCP)
    DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\System32\drivers\tdpipe.sys -- (TDPIPE)
    DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\i8042prt.sys -- (i8042prt)
    DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\wdmaud.sys -- (wdmaud)
    DRV - [2008/04/13 15:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\sysaudio.sys -- (sysaudio)
    DRV - [2008/04/13 15:15:46 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\serial.sys -- (Serial)
    DRV - [2008/04/13 15:00:20 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\System32\drivers\modem.sys -- (Modem)
    DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ndisuio.sys -- (Ndisuio)
    DRV - [2008/04/13 14:51:26 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\nic1394.sys -- (NIC1394)
    DRV - [2008/04/13 14:51:26 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\arp1394.sys -- (Arp1394)
    DRV - [2008/04/13 14:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\usbprint.sys -- (usbprint)
    DRV - [2008/04/13 14:46:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\nabtsfec.sys -- (NABTSFEC)
    DRV - [2008/04/13 14:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\wstcodec.sys -- (WSTCODEC)
    DRV - [2008/04/13 14:46:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\ccdecode.sys -- (CCDECODE)
    DRV - [2008/04/13 14:46:24 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\slip.sys -- (SLIP)
    DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\streamip.sys -- (streamip)
    DRV - [2008/04/13 14:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\ndisip.sys -- (NdisIP)
    DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\61883.sys -- (61883)
    DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\avc.sys -- (Avc)
    DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\ohci1394.sys -- (ohci1394)
    DRV - [2008/04/13 14:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\msdv.sys -- (MSDV)
    DRV - [2008/04/13 14:45:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\usbhub.sys -- (usbhub)
    DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\usbstor.sys -- (USBSTOR)
    DRV - [2008/04/13 14:45:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\usbuhci.sys -- (usbuhci)
    DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/04/13 14:45:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\drmkaud.sys -- (drmkaud)
    DRV - [2008/04/13 14:45:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\kmixer.sys -- (kmixer)
    DRV - [2008/04/13 14:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\swmidi.sys -- (swmidi)
    DRV - [2008/04/13 14:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\splitter.sys -- (splitter)
    DRV - [2008/04/13 14:45:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\dmusic.sys -- (DMusic)
    DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\imapi.sys -- (Imapi)
    DRV - [2008/04/13 14:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\disk.sys -- (Disk)
    DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\sfloppy.sys -- (Sfloppy)
    DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\cdrom.sys -- (Cdrom)
    DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\atapi.sys -- (atapi)
    DRV - [2008/04/13 14:40:30 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\intelide.sys -- (IntelIde)
    DRV - [2008/04/13 14:40:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\redbook.sys -- (redbook)
    DRV - [2008/04/13 14:40:26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\fdc.sys -- (Fdc)
    DRV - [2008/04/13 14:40:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS1\System32\drivers\flpydisk.sys -- (Flpydisk)
    DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\serenum.sys -- (serenum)
    DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\parport.sys -- (Parport)
    DRV - [2008/04/13 14:39:54 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\swenum.sys -- (swenum)
    DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\mskssrv.sys -- (MSKSSRV)
    DRV - [2008/04/13 14:39:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\mspqm.sys -- (MSPQM)
    DRV - [2008/04/13 14:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\mstee.sys -- (MSTEE)
    DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\mspclock.sys -- (MSPCLOCK)
    DRV - [2008/04/13 14:39:48 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\kbdclass.sys -- (Kbdclass)
    DRV - [2008/04/13 14:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\mouclass.sys -- (Mouclass)
    DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\mssmbios.sys -- (mssmbios)
    DRV - [2008/04/13 14:36:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS1\System32\drivers\pcmcia.sys -- (Pcmcia)
    DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\pci.sys -- (PCI)
    DRV - [2008/04/13 14:36:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\isapnp.sys -- (isapnp)
    DRV - [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\agp440.sys -- (agp440)
    DRV - [2008/04/13 14:36:36 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\ACPI.sys -- (ACPI)
    DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\intelppm.sys -- (intelppm)
    DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS1\system32\drivers\rdbss.sys -- (Rdbss)
    DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\netbt.sys -- (NetBT)
    DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ndiswan.sys -- (NdisWan)
    DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\System32\drivers\ndis.sys -- (NDIS)
    DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
    DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
    DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\ipsec.sys -- (IPSec)
    DRV - [2008/04/13 14:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS1\System32\drivers\mup.sys -- (Mup)
    DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS1\System32\drivers\ntfs.sys -- (Ntfs)
    DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS1\System32\drivers\fastfat.sys -- (Fastfat)
    DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS1\System32\drivers\cdfs.sys -- (Cdfs)
    DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\raspppoe.sys -- (RasPppoe)
    DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\asyncmac.sys -- (AsyncMac)
    DRV - [2008/04/13 13:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ndistapi.sys -- (NdisTapi)
    DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\wanarp.sys -- (Wanarp)
    DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ipnat.sys -- (IpNat)
    DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\ipinip.sys -- (IpInIp)
    DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\psched.sys -- (PSched)
    DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\msgpc.sys -- (Gpc)
    DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS1\system32\drivers\netbios.sys -- (NetBIOS)
    DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\irenum.sys -- (IRENUM)
    DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\ip6fw.sys -- (Ip6Fw)
    DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\atmarpc.sys -- (Atmarpc)
    DRV - [2008/04/13 13:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\usbccgp.sys -- (usbccgp)
    DRV - [2008/04/13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\usbscan.sys -- (usbscan)
    DRV - [2008/04/13 13:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\hidusb.sys -- (HidUsb)
    DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS1\system32\drivers\dmboot.sys -- (dmboot)
    DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS1\system32\drivers\dmio.sys -- (dmio)
    DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\vga.sys -- (VgaSave)
    DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\System32\drivers\volsnap.sys -- (VolSnap)
    DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\System32\drivers\partmgr.sys -- (PartMgr)
    DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\update.sys -- (Update)
    DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\System32\drivers\mountmgr.sys -- (MountMgr)
    DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\sr.sys -- (sr)
    DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\fips.sys -- (Fips)
    DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS1\system32\drivers\fltmgr.sys -- (FltMgr)
    DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\mrxdav.sys -- (MRxDAV)
    DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS1\System32\drivers\npfs.sys -- (Npfs)
    DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS1\System32\drivers\msfs.sys -- (Msfs)
    DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS1\System32\drivers\udfs.sys -- (Udfs)
    DRV - [2008/04/13 12:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\aec.sys -- (aec)
    DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\secdrv.sys -- (Secdrv)
    DRV - [2006/09/28 18:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\WudfRd.sys -- (WudfRd)
    DRV - [2006/09/28 17:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\WudfPf.sys -- (WudfPf)
    DRV - [2006/02/28 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
    DRV - [2006/02/28 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
    DRV - [2006/02/28 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - [2006/02/28 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS1\System32\drivers\cdaudio.sys -- (Cdaudio)
    DRV - [2006/02/28 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ptilink.sys -- (Ptilink)
    DRV - [2006/02/28 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\raspti.sys -- (Raspti)
    DRV - [2006/02/28 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS1\System32\drivers\cbidf2k.sys -- (cbidf2k)
    DRV - [2006/02/28 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
    DRV - [2006/02/28 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS1\System32\drivers\acpiec.sys -- (ACPIEC)
    DRV - [2006/02/28 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\rasacd.sys -- (RasAcd)
    DRV - [2006/02/28 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS1\System32\drivers\parvdm.sys -- (ParVdm)
    DRV - [2006/02/28 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS1\system32\drivers\dmload.sys -- (dmload)
    DRV - [2006/02/28 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\rdpcdd.sys -- (RDPCDD)
    DRV - [2006/02/28 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\mnmdd.sys -- (mnmdd)
    DRV - [2006/02/28 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\beep.sys -- (Beep)
    DRV - [2006/02/28 07:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\System32\drivers\pciide.sys -- (PCIIde)
    DRV - [2006/02/28 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\null.sys -- (Null)
    DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2004/08/03 17:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2002/04/15 13:31:50 | 000,107,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ac97ich4.sys -- (ac97intc) Intel(r) 82801DB/DBM Audio Driver Service (WDM)
    DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\audstub.sys -- (audstub)
    DRV - [2001/08/17 07:48:48 | 000,070,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\atiragem.sys -- (atirage)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.brookspriceaction.com/portal.php?page=6
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0D 3A 36 05 7D 72 39 47 9E 97 F2 03 C1 B8 FB 71 [binary data]
    IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://webmail.aol.com/43524/aol/en-us/suite.aspx|http://eminitradingschool.com/trading-hours/|http://www.forexfactory.com/calendar.php|http://www.wcax.com/Global/link.asp?L=28069&nav=menu183_15_1|http://www.simple-automatic-trading.com/Simple-Automatic-Trading-Track-Record.htm|http://www.vpt.org/tvscheds/index.html"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
    FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
    FF - prefs.js..extensions.enabledItems: {05b02a2e-7987-49bb-9782-76671611eb94}:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
    FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


    FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/21 21:12:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/07/15 07:00:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 07:14:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 07:14:58 | 000,000,000 | ---D | M]

    [2009/06/30 20:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Extensions
    [2009/06/30 20:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2010/12/28 07:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\extensions
    [2010/01/06 11:55:05 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\extensions\{05b02a2e-7987-49bb-9782-76671611eb94}
    [2010/10/19 12:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2010/04/28 08:23:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/28 10:07:03 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
    [2009/09/20 07:04:12 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\searchplugins\all-the-internet.xml
    [2009/09/20 07:02:06 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\searchplugins\mozilla-add-ons.xml
    [2010/12/28 07:31:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/11 07:14:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/09/29 16:23:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    [2010/07/14 09:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    [2010/07/14 09:15:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}(2)
    [2010/07/15 07:00:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/27 13:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/27 07:20:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/12/11 07:14:45 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
    [2010/12/11 07:14:45 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/12/11 07:14:51 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    [2010/11/29 08:10:39 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
    [2010/11/29 08:10:39 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
    [2010/11/29 08:10:39 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
    [2010/11/29 08:10:39 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
    [2010/11/29 08:10:40 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
    [2010/11/29 08:10:40 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
    [2010/11/29 08:10:40 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

    O1 HOSTS File: ([2009/08/26 07:30:43 | 000,318,638 | R--- | M]) - C:\WINDOWS1\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 127.0.0.1 163ns.com
    O1 - Hosts: 10930 more lines...
    O2 - BHO: (no name) - {05363A0D-727D-4739-9E97-F203C1B8FB71} - Reg Error: Value error. File not found
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS1\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS1\system32\shell32.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS1\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS1\system32\shell32.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS1\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
    O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS1\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
    O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    F3 - HKCU WinNT: Load - () - File not found
    F3 - HKCU WinNT: Run - () - File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS1\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS1\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS1\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (Reg Error: Value error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183210918734 (MUWebControl Class)
    O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.ca/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.200.241.37 24.201.245.77
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS1\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS1\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS1\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS1\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS1\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS1\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS1\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS1\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS1\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS1\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS1\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS1\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS1\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS1\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS1\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS1\system32\shell32.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS1\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS1\system32\userinit.exe) - C:\WINDOWS1\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS1\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS1\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS1\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\7c461329716: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS1\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS1\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS1\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS1\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS1\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS1\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS1\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS1\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS1\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS1\System32\WgaLogon.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS1\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS1\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS1\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS1\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS1\system32\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS1\system32\WPDShServiceObj.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS1\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS1\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS1\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS1\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS1\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS1\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS1\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS1\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS1\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS1\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS1\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS1\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/07/15 21:35:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS1\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS1\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    SafeBootMin: AppMgmt - C:\WINDOWS1\System32\appmgmts.dll File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: AppMgmt - C:\WINDOWS1\System32\appmgmts.dll File not found
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/28 12:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/12/27 07:20:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS1\System32\javaws.exe
    [2010/12/27 07:20:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS1\System32\javaw.exe
    [2010/12/27 07:20:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS1\System32\java.exe
    [2010/12/26 22:40:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\TFC.exe
    [2010/12/26 09:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\bKiAj06300
    [2010/12/22 05:54:04 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS1\System32\dllcache\ndproxy.sys
    [2010/12/21 12:07:08 | 000,000,000 | ---D | C] -- C:\WINDOWS1\pss

    ========== Files - Modified Within 30 Days ==========

    [2010/12/28 15:19:45 | 000,000,444 | -H-- | M] () -- C:\WINDOWS1\tasks\User_Feed_Synchronization-{CD7C561E-CD87-4B48-86FD-B57044EC0576}.job
    [2010/12/28 15:17:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS1\System32\d3d9caps.dat
    [2010/12/28 13:00:18 | 000,000,330 | -H-- | M] () -- C:\WINDOWS1\tasks\MP Scheduled Scan.job
    [2010/12/28 12:46:51 | 000,000,323 | -HS- | M] () -- C:\boot.ini
    [2010/12/28 12:39:58 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\HiJackThis.lnk
    [2010/12/28 07:11:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS1\System32\wpa.dbl
    [2010/12/28 07:09:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS1\bootstat.dat
    [2010/12/28 07:09:03 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/27 07:31:08 | 000,000,116 | ---- | M] () -- C:\WINDOWS1\NeroDigital.ini
    [2010/12/26 23:08:04 | 000,192,976 | ---- | M] () -- C:\WINDOWS1\System32\FNTCACHE.DAT
    [2010/12/26 23:05:14 | 000,000,336 | ---- | M] () -- C:\WINDOWS1\LEXSTAT.INI
    [2010/12/26 22:40:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\TFC.exe
    [2010/12/26 19:11:01 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2010/12/24 10:02:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS1\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/22 06:09:38 | 000,001,393 | ---- | M] () -- C:\WINDOWS1\imsins.BAK
    [2010/12/22 05:50:33 | 000,001,122 | ---- | M] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\magicJack.lnk
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS1\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS1\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2010/12/28 12:38:08 | 000,002,499 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\HiJackThis.lnk
    [2010/12/26 22:15:20 | 1610,141,696 | -HS- | C] () -- C:\hiberfil.sys
    [2010/12/26 18:05:55 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
    [2010/09/02 08:10:04 | 000,000,013 | ---- | C] () -- C:\WINDOWS1\System32\MSVCTSCP.DLL
    [2010/06/13 21:15:55 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2010/06/10 15:31:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS1\System32\NtDirect.dll
    [2010/01/02 12:49:27 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\atscie.msi
    [2009/12/31 22:17:41 | 000,000,731 | ---- | C] () -- C:\WINDOWS1\wininit.ini
    [2009/08/09 19:56:08 | 000,000,131 | ---- | C] () -- C:\WINDOWS1\EurekaLog.ini
    [2009/06/23 14:26:50 | 000,000,026 | ---- | C] () -- C:\WINDOWS1\ITBackEnd.INI
    [2008/08/21 21:34:32 | 000,000,036 | ---- | C] () -- C:\WINDOWS1\AEBFONT.INI
    [2008/07/14 21:34:39 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\fusioncache.dat
    [2008/06/23 17:46:46 | 000,000,137 | ---- | C] () -- C:\WINDOWS1\ANS2000.INI
    [2008/06/23 17:46:46 | 000,000,020 | -H-- | C] () -- C:\WINDOWS1\akebook.ini
    [2008/06/23 17:46:46 | 000,000,004 | -H-- | C] () -- C:\WINDOWS1\a3kebook.ini
    [2008/04/23 14:49:51 | 000,000,336 | ---- | C] () -- C:\WINDOWS1\LEXSTAT.INI
    [2007/11/16 16:45:03 | 000,245,760 | ---- | C] () -- C:\WINDOWS1\ddedll.dll
    [2007/11/16 16:43:52 | 000,000,043 | ---- | C] () -- C:\WINDOWS1\ib.ini
    [2007/11/02 07:18:42 | 000,051,304 | ---- | C] () -- C:\WINDOWS1\System32\drivers\atnt40k.sys
    [2007/09/09 08:33:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS1\System32\hpcoinst.dll
    [2007/08/21 11:06:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS1\NeroDigital.ini
    [2007/08/21 07:04:56 | 000,000,379 | ---- | C] () -- C:\WINDOWS1\ODBC.INI
    [2007/06/24 09:28:09 | 000,000,169 | ---- | C] () -- C:\WINDOWS1\RtlRack.ini
    [2007/05/28 21:39:59 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/05/28 10:51:16 | 000,027,136 | ---- | C] () -- C:\WINDOWS1\toFront.dll
    [2007/05/28 10:51:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS1\GetIe.dll
    [2007/05/28 09:24:26 | 000,040,387 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\FASTWiz.log
    [2007/05/28 08:56:10 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\FASTWiz.html
    [2007/05/26 02:23:05 | 000,004,205 | ---- | C] () -- C:\WINDOWS1\ODBCINST.INI
    [2007/03/05 16:26:22 | 000,000,314 | ---- | C] () -- C:\Program Files\INSTALL.LOG
    [2003/06/20 07:00:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS1\System32\OUTLPERF.INI

    ========== Custom Scans ==========


    < set /c >
    ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS1
    APPDATA=C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=UNITED-18653590
    ComSpec=C:\WINDOWS1\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Murray Grummitt.UNITED-18653590
    LOGONSERVER=\\UNITED-18653590
    MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Crash Reports
    MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
    MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS1\system32;C:\WINDOWS1;C:\WINDOWS1\System32\Wbem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0207
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS1
    TEMP=C:\DOCUME~1\MURRAY~1.UNI\LOCALS~1\Temp
    TMP=C:\DOCUME~1\MURRAY~1.UNI\LOCALS~1\Temp
    USERDOMAIN=UNITED-18653590
    USERNAME=Murray Grummitt
    USERPROFILE=C:\Documents and Settings\Murray Grummitt.UNITED-18653590
    windir=C:\WINDOWS1
    __COMPAT_LAYER=EnableNXShowUI

    < %SYSTEMDRIVE%\*.* >
    [2010/07/27 08:09:49 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2005/07/15 21:35:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/12/28 12:46:51 | 000,000,323 | -HS- | M] () -- C:\boot.ini
    [2005/07/15 21:35:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/12/26 19:11:01 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2010/12/28 07:09:03 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
    [2005/07/15 21:35:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/05/15 16:31:14 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2005/07/15 21:35:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/02/28 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/30 07:40:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/12/28 07:09:00 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2010/12/26 21:59:28 | 000,000,385 | ---- | M] () -- C:\rkill.log
    [2010/02/14 00:29:14 | 002,705,587 | ---- | M] () -- C:\tst.txt


    < MD5 for: AGP440.SYS >
    [2005/07/25 16:02:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2005/07/25 16:02:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
    [2008/09/30 07:35:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS1\$NtServicePackUninstall$\sp3.cab:AGP440.sys
    [2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS1\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/12/27 11:01:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS1\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/12/27 11:01:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS1\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS1\ServicePackFiles\i386\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS1\system32\drivers\agp440.sys
    [2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/03 18:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS1\$NtServicePackUninstall$\agp440.sys
    [2004/08/03 18:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS1\system32\ReinstallBackups\0005\DriverFiles\i386\AGP440.SYS

    < MD5 for: ATAPI.SYS >
    [2002/08/29 02:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
    [2005/07/25 16:02:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2002/08/29 02:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
    [2005/07/25 16:02:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
    [2008/09/30 07:35:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS1\$NtServicePackUninstall$\sp3.cab:atapi.sys
    [2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS1\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/12/27 11:01:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS1\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/12/27 11:01:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS1\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS1\ServicePackFiles\i386\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS1\system32\drivers\atapi.sys
    [2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS1\$NtServicePackUninstall$\atapi.sys
    [2002/08/29 00:27:50 | 000,086,912 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS1\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS1\system32\eventlog.dll
    [2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
    [2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS1\$NtServicePackUninstall$\eventlog.dll
    [2002/08/29 02:40:52 | 000,049,152 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS1\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS1\system32\netlogon.dll
    [2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
    [2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS1\$NtServicePackUninstall$\netlogon.dll
    [2002/08/29 02:41:08 | 000,399,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
    [2006/02/28 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS1\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS1\ServicePackFiles\i386\scecli.dll
    [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS1\system32\scecli.dll
    [2002/08/29 02:41:12 | 000,174,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/05/26 02:20:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS1\system32\config\default.sav
    [2007/05/26 02:20:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS1\system32\config\software.sav
    [2007/05/26 02:20:18 | 000,884,736 | ---- | M] () -- C:\WINDOWS1\system32\config\system.sav

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage, Publisher 2007.zip:SummaryInformation

    < End of report >
    OTL Extras logfile created on: 12/28/2010 3:22:57 PM - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Murray Grummitt.UNITED-18653590\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS1 | %ProgramFiles% = C:\Program Files
    Drive C: | 38.28 Gb Total Space | 6.07 Gb Free Space | 15.86% Space Free | Partition Type: NTFS

    Computer Name: UNITED-18653590 | User Name: Murray Grummitt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\WINDOWS1\system32\javaw.exe" = C:\WINDOWS1\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\WINDOWS1\system32\java.exe" = C:\WINDOWS1\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\1stWORKS\hotCommCL\BIN\HotComm.exe" = C:\Program Files\1stWORKS\hotCommCL\BIN\HotComm.exe:*:Enabled:hotComm CL Client -- (1stWorks Corporation)
    "C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application -- (NinjaTrader)
    "C:\Program Files\AboutTime\AboutTime.exe" = C:\Program Files\AboutTime\AboutTime.exe:*:Enabled:AboutTime cient/server -- ()
    "C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application -- (NinjaTrader)
    "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
    "C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C44383B-FC7C-44B9-9838-E407FB9C618A}" = Trader68
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5C1E1493-42CB-4CE8-8744-97BF094B429D}" = NinjaTrader 6.5
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BB5278B6-0BC7-4DE8-837F-9D19D695CD0D}" = NinjaTrader 7
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
    "360Share Pro" = 360Share Pro(remove only)
    "AboutTime_is1" = AboutTime
    "ACDSee" = ACDSee
    "ActiveTouchMeetingClient" = WebEx
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Advanced SystemCare 3_is1" = Advanced SystemCare 3
    "avast5" = avast! Free Antivirus
    "DTCLookup" = DTCLookup
    "eChat" = eChat
    "Elecard MPEG Player 5.5.90213" = Elecard MPEG Player
    "GSTrainer Paper Console" = GSTrainer Paper Console
    "hotComm® CL" = hotComm® CL
    "HP Photo Imaging Software" = HP Photo Imaging Software
    "HP Photo Printing Software" = HP Photo Printing Software
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
    "Lexmark 510 Series" = Lexmark 510 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "mIRC" = mIRC
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
    "Portfolio Maximizer by Eminitv.tv_is1" = Portfolio Maximizer by Eminitv.tv 1.0
    "RAR Repair Tool_is1" = RAR Repair Tool v.4.0
    "Shakti For Windows V.7G.8_is1" = Shakti for Windows, Version 7G.8
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "ST6UNST #1" = Special Timer 1.1.0 For Testing purposes only. By: Ice Blue
    "System Tool2011" = System Tool2011
    "Trader Workstation 4.0" = Trader Workstation 4.0
    "TWS Interoperability Components" = TWS Interoperability Components
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZENX-FI" = Creative ZEN X-Fi User's Guide

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "magicJack" = magicJack

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/13/2010 7:11:50 AM | Computer Name = UNITED-18653590 | Source = Application Error | ID = 1000
    Description = Faulting application mpegplayer.exe, version 5.5.16141.0, faulting
    module mpegplayer.exe, version 5.5.16141.0, fault address 0x0000b768.

    Error - 9/13/2010 7:11:50 AM | Computer Name = UNITED-18653590 | Source = Application Error | ID = 1000
    Description = Faulting application mpegplayer.exe, version 5.5.16141.0, faulting
    module mpegplayer.exe, version 5.5.16141.0, fault address 0x0000b768.

    Error - 9/13/2010 7:11:50 AM | Computer Name = UNITED-18653590 | Source = Application Error | ID = 1000
    Description = Faulting application mpegplayer.exe, version 5.5.16141.0, faulting
    module mpegplayer.exe, version 5.5.16141.0, fault address 0x0000b768.

    Error - 9/18/2010 7:42:18 AM | Computer Name = UNITED-18653590 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 9/18/2010 7:42:18 AM | Computer Name = UNITED-18653590 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 9/19/2010 11:57:23 AM | Computer Name = UNITED-18653590 | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    Error - 12/1/2010 1:18:39 PM | Computer Name = UNITED-18653590 | Source = Application Error | ID = 1000
    Description = Faulting application wmplayer.exe, version 9.0.0.4503, faulting module
    wmvcore.dll, version 11.0.5721.5275, fault address 0x00038f40.

    Error - 12/9/2010 12:09:25 AM | Computer Name = UNITED-18653590 | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    Error - 12/11/2010 8:03:57 AM | Computer Name = UNITED-18653590 | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    Error - 12/28/2010 12:13:19 AM | Computer Name = UNITED-18653590 | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    [ System Events ]
    Error - 12/26/2010 9:19:16 PM | Computer Name = UNITED-18653590 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 12/26/2010 9:19:18 PM | Computer Name = UNITED-18653590 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 12/26/2010 10:48:30 PM | Computer Name = UNITED-18653590 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 12/26/2010 10:50:22 PM | Computer Name = UNITED-18653590 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 12/26/2010 10:51:15 PM | Computer Name = UNITED-18653590 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Aavmker4 aswSP aswTdi Fips intelppm ohci1394 PCIIde

    Error - 12/26/2010 11:14:05 PM | Computer Name = UNITED-18653590 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 12/26/2010 11:41:27 PM | Computer Name = UNITED-18653590 | Source = Service Control Manager | ID = 7031
    Description = The Windows Defender service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 15000 milliseconds:
    Restart the service.

    Error - 12/26/2010 11:41:27 PM | Computer Name = UNITED-18653590 | Source = Service Control Manager | ID = 7034
    Description = The LexBce Server service terminated unexpectedly. It has done this
    1 time(s).

    Error - 12/26/2010 11:41:27 PM | Computer Name = UNITED-18653590 | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 12/27/2010 7:35:07 AM | Computer Name = UNITED-18653590 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.


    < End of report >
     
  10. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Before I give you a fix, lets check other areas in the system. There are two installations. The active one seems to be parallel to the previous one. That must be taking quite a chunk of your drive space.

    Remove the previous Scan.txt and download the enclosed Scan.txt to your desktop.
    • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • OTL should now start. Change the following settings
      • Change Drivers to None
      • Change Standard Registry to None
      • Under File Scans, change File age to the minimum. That should cut down the scan time.
    • Double click on the Custom Scan box. Browse and select the Scan.txt you just downloaded. Its contents will appear in the window.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open only one notepad window. OTL.Txt. This is saved in the same location as OTL.
      • Please post the contents of the OTL.txt in your next reply.
     

    Attached Files:

    • scan.txt
      File size:
      120 bytes
      Views:
      1
  11. Royal_Flush

    Royal_Flush Thread Starter

    Joined:
    Aug 6, 2009
    Messages:
    185
    Sorry for the delay, family obligations at Christmas. Here's the 2nd scan:

    OTL logfile created on: 12/28/2010 10:33:37 PM - Run 2
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Murray Grummitt.UNITED-18653590\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS1 | %ProgramFiles% = C:\Program Files
    Drive C: | 38.28 Gb Total Space | 6.07 Gb Free Space | 15.85% Space Free | Partition Type: NTFS

    Computer Name: UNITED-18653590 | User Name: Murray Grummitt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day

    ========== Processes (SafeList) ==========

    PRC - [2010/12/28 15:05:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\My Documents\Downloads\OTL.exe
    PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/04/30 07:40:20 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
    PRC - [2010/04/30 07:40:20 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
    PRC - [2010/04/30 07:40:20 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
    PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\explorer.exe
    PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
    PRC - [2000/08/14 15:48:06 | 000,032,768 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/28 15:05:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\My Documents\Downloads\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS1\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS1\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


    ========== Files/Folders - Created Within 1 Day ==========

    [2010/12/28 12:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

    ========== Files - Modified Within 1 Day ==========

    [2010/12/28 22:34:40 | 000,000,444 | -H-- | M] () -- C:\WINDOWS1\tasks\User_Feed_Synchronization-{CD7C561E-CD87-4B48-86FD-B57044EC0576}.job
    [2010/12/28 15:55:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS1\System32\d3d9caps.dat
    [2010/12/28 13:00:18 | 000,000,330 | -H-- | M] () -- C:\WINDOWS1\tasks\MP Scheduled Scan.job
    [2010/12/28 12:46:51 | 000,000,323 | -HS- | M] () -- C:\boot.ini
    [2010/12/28 12:39:58 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\HiJackThis.lnk
    [2010/12/28 07:11:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS1\System32\wpa.dbl
    [2010/12/28 07:09:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS1\bootstat.dat
    [2010/12/28 07:09:03 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys

    ========== Files Created - No Company Name ==========

    [2010/12/28 12:38:08 | 000,002,499 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\HiJackThis.lnk
    [2010/09/02 08:10:04 | 000,000,013 | ---- | C] () -- C:\WINDOWS1\System32\MSVCTSCP.DLL
    [2010/06/13 21:15:55 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2010/06/10 15:31:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS1\System32\NtDirect.dll
    [2010/01/02 12:49:27 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\atscie.msi
    [2009/12/31 22:17:41 | 000,000,731 | ---- | C] () -- C:\WINDOWS1\wininit.ini
    [2009/08/09 19:56:08 | 000,000,131 | ---- | C] () -- C:\WINDOWS1\EurekaLog.ini
    [2009/06/23 14:26:50 | 000,000,026 | ---- | C] () -- C:\WINDOWS1\ITBackEnd.INI
    [2008/08/21 21:34:32 | 000,000,036 | ---- | C] () -- C:\WINDOWS1\AEBFONT.INI
    [2008/07/14 21:34:39 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\fusioncache.dat
    [2008/06/23 17:46:46 | 000,000,137 | ---- | C] () -- C:\WINDOWS1\ANS2000.INI
    [2008/06/23 17:46:46 | 000,000,020 | -H-- | C] () -- C:\WINDOWS1\akebook.ini
    [2008/06/23 17:46:46 | 000,000,004 | -H-- | C] () -- C:\WINDOWS1\a3kebook.ini
    [2008/04/23 14:49:51 | 000,000,336 | ---- | C] () -- C:\WINDOWS1\LEXSTAT.INI
    [2007/11/16 16:45:03 | 000,245,760 | ---- | C] () -- C:\WINDOWS1\ddedll.dll
    [2007/11/16 16:43:52 | 000,000,043 | ---- | C] () -- C:\WINDOWS1\ib.ini
    [2007/11/02 07:18:42 | 000,051,304 | ---- | C] () -- C:\WINDOWS1\System32\drivers\atnt40k.sys
    [2007/09/09 08:33:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS1\System32\hpcoinst.dll
    [2007/08/21 11:06:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS1\NeroDigital.ini
    [2007/08/21 07:04:56 | 000,000,379 | ---- | C] () -- C:\WINDOWS1\ODBC.INI
    [2007/06/24 09:28:09 | 000,000,169 | ---- | C] () -- C:\WINDOWS1\RtlRack.ini
    [2007/05/28 21:39:59 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/05/28 10:51:16 | 000,027,136 | ---- | C] () -- C:\WINDOWS1\toFront.dll
    [2007/05/28 10:51:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS1\GetIe.dll
    [2007/05/28 09:24:26 | 000,040,387 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\FASTWiz.log
    [2007/05/28 08:56:10 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\FASTWiz.html
    [2007/05/26 02:23:05 | 000,004,205 | ---- | C] () -- C:\WINDOWS1\ODBCINST.INI
    [2007/03/05 16:26:22 | 000,000,314 | ---- | C] () -- C:\Program Files\INSTALL.LOG
    [2003/06/20 07:00:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS1\System32\OUTLPERF.INI

    ========== Custom Scans ==========



    < MD5 for: APPMGMTS.DLL >
    [2004/08/04 02:56:41 | 000,167,936 | ---- | M] (Microsoft Corporation) MD5=9C3C12975C97119412802B181FBEEFFE -- C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll
    [2004/08/04 02:56:41 | 000,167,936 | ---- | M] (Microsoft Corporation) MD5=9C3C12975C97119412802B181FBEEFFE -- C:\WINDOWS\system32\appmgmts.dll
    [2002/08/29 02:40:48 | 000,156,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\$NtServicePackUninstall$\appmgmts.dll

    < MD5 for: HIDSERV.DLL >
    [2002/08/29 02:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hidserv.dll
    [2005/07/25 16:02:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hidserv.dll
    [2002/08/29 02:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:hidserv.dll
    [2005/07/25 16:02:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hidserv.dll
    [2008/09/30 07:35:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS1\$NtServicePackUninstall$\sp3.cab:hidserv.dll
    [2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS1\Driver Cache\i386\sp2.cab:hidserv.dll
    [2008/12/27 11:01:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS1\Driver Cache\i386\sp3.cab:hidserv.dll
    [2008/12/27 11:01:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS1\ServicePackFiles\i386\sp3.cab:hidserv.dll
    [2004/08/04 02:56:42 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9376E6893E52B368ABC6255BF54F0B28 -- C:\WINDOWS\ServicePackFiles\i386\hidserv.dll
    [2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=DEB04DA35CC871B6D309B77E1443C796 -- C:\WINDOWS1\ServicePackFiles\i386\hidserv.dll
    [2002/08/29 02:40:56 | 000,020,480 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\$NtServicePackUninstall$\hidserv.dll

    < HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows >
    "DebugOptions" = 2048
    "Documents" =
    "DosPrint" = no
    "load" = ?
    "NetMessage" = no
    "NullPort" = None
    "Programs" = com exe bat pif cmd
    "Run" = ?
    "Device" = Lexmark 510 Series,winspool,Ne03:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage, Publisher 2007.zip:SummaryInformation

    < End of report >
     
  12. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Lets run this fix:

    Remove the previous Scan.txt and download the enclosed Scan.txt to your desktop.
    • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • OTL should now start. Leave the settings as they appear.
    • Double click on the Custom Scan box. Browse and select the Scan.txt you just downloaded. Its contents will appear in the window.
    • This time click the red Run Fix button.
    • The computer will restart
    • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

    To confirm, run OTL.exe as follows:

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • OTL should now start. Change the following settings
      • Change Drivers to All
      • Change Standard Registry to All
      • Under File Scans, change File age to 30
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will one notepad window. OTL.Txt. This is saved in the same location as OTL.
      • Please post the contents of the OTL.txt file.
    Let me also know if there is a difference in behavior.
     

    Attached Files:

    • scan.txt
      File size:
      506 bytes
      Views:
      1
  13. Royal_Flush

    Royal_Flush Thread Starter

    Joined:
    Aug 6, 2009
    Messages:
    185
    Here's the report for the fix:

    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\7c461329716\ deleted successfully.
    ========== REGISTRY ==========
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\\"load"| /E : value set successfully!
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\\"Run"| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load\ deleted successfully.
    ========== FILES ==========
    File C:\WINDOWS1\System32\hidserv.dll successfully replaced with C:\WINDOWS1\ServicePackFiles\i386\hidserv.dll
    File C:\WINDOWS1\System32\appmgmts.dll successfully replaced with C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll
    ========== COMMANDS ==========

    OTL by OldTimer - Version 3.2.18.0 log created on 12292010_082631
     
  14. Royal_Flush

    Royal_Flush Thread Starter

    Joined:
    Aug 6, 2009
    Messages:
    185
    I am grateful for your help. Here's the scan after the fix:

    OTL logfile created on: 12/29/2010 8:35:55 AM - Run 3
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS1 | %ProgramFiles% = C:\Program Files
    Drive C: | 38.28 Gb Total Space | 6.09 Gb Free Space | 15.91% Space Free | Partition Type: NTFS

    Computer Name: UNITED-18653590 | User Name: Murray Grummitt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/28 15:05:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\OTL.exe
    PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/04/30 07:40:20 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
    PRC - [2010/04/30 07:40:20 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
    PRC - [2010/04/30 07:40:20 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
    PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\explorer.exe
    PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
    PRC - [2000/08/14 15:48:06 | 000,032,768 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/28 15:05:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


    ========== Driver Services (All) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
    DRV - [2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\System32\drivers\ndproxy.sys -- (NDProxy)
    DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS1\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS1\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS1\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/08/26 08:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\srv.sys -- (Srv)
    DRV - [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS1\system32\drivers\mrxsmb.sys -- (MRxSmb)
    DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\http.sys -- (HTTP)
    DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\System32\drivers\ksecdd.sys -- (KSecDD)
    DRV - [2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\afd.sys -- (AFD)
    DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\tcpip.sys -- (Tcpip)
    DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\termdd.sys -- (TermDD)
    DRV - [2008/04/13 19:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\System32\drivers\rdpwd.sys -- (RDPWD)
    DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\System32\drivers\tdtcp.sys -- (TDTCP)
    DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\System32\drivers\tdpipe.sys -- (TDPIPE)
    DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\i8042prt.sys -- (i8042prt)
    DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\wdmaud.sys -- (wdmaud)
    DRV - [2008/04/13 15:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\sysaudio.sys -- (sysaudio)
    DRV - [2008/04/13 15:15:46 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\serial.sys -- (Serial)
    DRV - [2008/04/13 15:00:20 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\System32\drivers\modem.sys -- (Modem)
    DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ndisuio.sys -- (Ndisuio)
    DRV - [2008/04/13 14:51:26 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\nic1394.sys -- (NIC1394)
    DRV - [2008/04/13 14:51:26 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\arp1394.sys -- (Arp1394)
    DRV - [2008/04/13 14:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\usbprint.sys -- (usbprint)
    DRV - [2008/04/13 14:46:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\nabtsfec.sys -- (NABTSFEC)
    DRV - [2008/04/13 14:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\wstcodec.sys -- (WSTCODEC)
    DRV - [2008/04/13 14:46:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\ccdecode.sys -- (CCDECODE)
    DRV - [2008/04/13 14:46:24 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\slip.sys -- (SLIP)
    DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\streamip.sys -- (streamip)
    DRV - [2008/04/13 14:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\ndisip.sys -- (NdisIP)
    DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\61883.sys -- (61883)
    DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\avc.sys -- (Avc)
    DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\ohci1394.sys -- (ohci1394)
    DRV - [2008/04/13 14:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\msdv.sys -- (MSDV)
    DRV - [2008/04/13 14:45:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\usbhub.sys -- (usbhub)
    DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\usbstor.sys -- (USBSTOR)
    DRV - [2008/04/13 14:45:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\usbuhci.sys -- (usbuhci)
    DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/04/13 14:45:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\drmkaud.sys -- (drmkaud)
    DRV - [2008/04/13 14:45:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\kmixer.sys -- (kmixer)
    DRV - [2008/04/13 14:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\swmidi.sys -- (swmidi)
    DRV - [2008/04/13 14:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\splitter.sys -- (splitter)
    DRV - [2008/04/13 14:45:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\dmusic.sys -- (DMusic)
    DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\imapi.sys -- (Imapi)
    DRV - [2008/04/13 14:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\disk.sys -- (Disk)
    DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\sfloppy.sys -- (Sfloppy)
    DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\cdrom.sys -- (Cdrom)
    DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\atapi.sys -- (atapi)
    DRV - [2008/04/13 14:40:30 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\intelide.sys -- (IntelIde)
    DRV - [2008/04/13 14:40:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\redbook.sys -- (redbook)
    DRV - [2008/04/13 14:40:26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\fdc.sys -- (Fdc)
    DRV - [2008/04/13 14:40:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS1\System32\drivers\flpydisk.sys -- (Flpydisk)
    DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\serenum.sys -- (serenum)
    DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\parport.sys -- (Parport)
    DRV - [2008/04/13 14:39:54 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\swenum.sys -- (swenum)
    DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\mskssrv.sys -- (MSKSSRV)
    DRV - [2008/04/13 14:39:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\mspqm.sys -- (MSPQM)
    DRV - [2008/04/13 14:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\mstee.sys -- (MSTEE)
    DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\mspclock.sys -- (MSPCLOCK)
    DRV - [2008/04/13 14:39:48 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\kbdclass.sys -- (Kbdclass)
    DRV - [2008/04/13 14:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\mouclass.sys -- (Mouclass)
    DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\mssmbios.sys -- (mssmbios)
    DRV - [2008/04/13 14:36:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS1\System32\drivers\pcmcia.sys -- (Pcmcia)
    DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\pci.sys -- (PCI)
    DRV - [2008/04/13 14:36:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\isapnp.sys -- (isapnp)
    DRV - [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\agp440.sys -- (agp440)
    DRV - [2008/04/13 14:36:36 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\ACPI.sys -- (ACPI)
    DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\intelppm.sys -- (intelppm)
    DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS1\system32\drivers\rdbss.sys -- (Rdbss)
    DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\netbt.sys -- (NetBT)
    DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ndiswan.sys -- (NdisWan)
    DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\System32\drivers\ndis.sys -- (NDIS)
    DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
    DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
    DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\ipsec.sys -- (IPSec)
    DRV - [2008/04/13 14:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS1\System32\drivers\mup.sys -- (Mup)
    DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS1\System32\drivers\ntfs.sys -- (Ntfs)
    DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS1\System32\drivers\fastfat.sys -- (Fastfat)
    DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS1\System32\drivers\cdfs.sys -- (Cdfs)
    DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\raspppoe.sys -- (RasPppoe)
    DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\asyncmac.sys -- (AsyncMac)
    DRV - [2008/04/13 13:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ndistapi.sys -- (NdisTapi)
    DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\wanarp.sys -- (Wanarp)
    DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ipnat.sys -- (IpNat)
    DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\ipinip.sys -- (IpInIp)
    DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\psched.sys -- (PSched)
    DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\msgpc.sys -- (Gpc)
    DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS1\system32\drivers\netbios.sys -- (NetBIOS)
    DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\irenum.sys -- (IRENUM)
    DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\ip6fw.sys -- (Ip6Fw)
    DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\atmarpc.sys -- (Atmarpc)
    DRV - [2008/04/13 13:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\usbccgp.sys -- (usbccgp)
    DRV - [2008/04/13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\usbscan.sys -- (usbscan)
    DRV - [2008/04/13 13:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\hidusb.sys -- (HidUsb)
    DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS1\system32\drivers\dmboot.sys -- (dmboot)
    DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS1\system32\drivers\dmio.sys -- (dmio)
    DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\vga.sys -- (VgaSave)
    DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\System32\drivers\volsnap.sys -- (VolSnap)
    DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\System32\drivers\partmgr.sys -- (PartMgr)
    DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\update.sys -- (Update)
    DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\System32\drivers\mountmgr.sys -- (MountMgr)
    DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\sr.sys -- (sr)
    DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\fips.sys -- (Fips)
    DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS1\system32\drivers\fltmgr.sys -- (FltMgr)
    DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\mrxdav.sys -- (MRxDAV)
    DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS1\System32\drivers\npfs.sys -- (Npfs)
    DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS1\System32\drivers\msfs.sys -- (Msfs)
    DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS1\System32\drivers\udfs.sys -- (Udfs)
    DRV - [2008/04/13 12:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\aec.sys -- (aec)
    DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\secdrv.sys -- (Secdrv)
    DRV - [2006/09/28 18:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\WudfRd.sys -- (WudfRd)
    DRV - [2006/09/28 17:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\WudfPf.sys -- (WudfPf)
    DRV - [2006/02/28 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
    DRV - [2006/02/28 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
    DRV - [2006/02/28 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - [2006/02/28 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS1\System32\drivers\cdaudio.sys -- (Cdaudio)
    DRV - [2006/02/28 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ptilink.sys -- (Ptilink)
    DRV - [2006/02/28 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\raspti.sys -- (Raspti)
    DRV - [2006/02/28 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS1\System32\drivers\cbidf2k.sys -- (cbidf2k)
    DRV - [2006/02/28 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
    DRV - [2006/02/28 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS1\System32\drivers\acpiec.sys -- (ACPIEC)
    DRV - [2006/02/28 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\rasacd.sys -- (RasAcd)
    DRV - [2006/02/28 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS1\System32\drivers\parvdm.sys -- (ParVdm)
    DRV - [2006/02/28 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS1\system32\drivers\dmload.sys -- (dmload)
    DRV - [2006/02/28 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\rdpcdd.sys -- (RDPCDD)
    DRV - [2006/02/28 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\mnmdd.sys -- (mnmdd)
    DRV - [2006/02/28 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\beep.sys -- (Beep)
    DRV - [2006/02/28 07:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\System32\drivers\pciide.sys -- (PCIIde)
    DRV - [2006/02/28 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\drivers\null.sys -- (Null)
    DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2004/08/03 17:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2002/04/15 13:31:50 | 000,107,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ac97ich4.sys -- (ac97intc) Intel(r) 82801DB/DBM Audio Driver Service (WDM)
    DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\audstub.sys -- (audstub)
    DRV - [2001/08/17 07:48:48 | 000,070,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\atiragem.sys -- (atirage)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.brookspriceaction.com/portal.php?page=6
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0D 3A 36 05 7D 72 39 47 9E 97 F2 03 C1 B8 FB 71 [binary data]
    IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://webmail.aol.com/43524/aol/en-us/suite.aspx|http://eminitradingschool.com/trading-hours/|http://www.forexfactory.com/calendar.php|http://www.wcax.com/Global/link.asp?L=28069&nav=menu183_15_1|http://www.simple-automatic-trading.com/Simple-Automatic-Trading-Track-Record.htm|http://www.vpt.org/tvscheds/index.html"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
    FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
    FF - prefs.js..extensions.enabledItems: {05b02a2e-7987-49bb-9782-76671611eb94}:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
    FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


    FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/21 21:12:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/07/15 07:00:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 07:14:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 07:14:58 | 000,000,000 | ---D | M]

    [2009/06/30 20:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Extensions
    [2009/06/30 20:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2010/12/29 07:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\extensions
    [2010/01/06 11:55:05 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\extensions\{05b02a2e-7987-49bb-9782-76671611eb94}
    [2010/10/19 12:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2010/04/28 08:23:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/28 10:07:03 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
    [2009/09/20 07:04:12 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\searchplugins\all-the-internet.xml
    [2009/09/20 07:02:06 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\Mozilla\Firefox\Profiles\3wb2np15.default\searchplugins\mozilla-add-ons.xml
    [2010/12/29 07:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/11 07:14:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/09/29 16:23:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    [2010/07/14 09:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    [2010/07/14 09:15:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}(2)
    [2010/07/15 07:00:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/27 13:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/27 07:20:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/12/11 07:14:45 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
    [2010/12/11 07:14:45 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/12/11 07:14:51 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    [2010/11/29 08:10:39 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
    [2010/11/29 08:10:39 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
    [2010/11/29 08:10:39 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
    [2010/11/29 08:10:39 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
    [2010/11/29 08:10:40 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
    [2010/11/29 08:10:40 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
    [2010/11/29 08:10:40 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

    O1 HOSTS File: ([2009/08/26 07:30:43 | 000,318,638 | R--- | M]) - C:\WINDOWS1\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 127.0.0.1 163ns.com
    O1 - Hosts: 10930 more lines...
    O2 - BHO: (no name) - {05363A0D-727D-4739-9E97-F203C1B8FB71} - Reg Error: Value error. File not found
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS1\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS1\system32\shell32.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS1\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS1\system32\shell32.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS1\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
    O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS1\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
    O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS1\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS1\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS1\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS1\system32\mswsock.dll (Microsoft Corporation)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (Reg Error: Value error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183210918734 (MUWebControl Class)
    O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.ca/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.200.241.37 24.201.245.77
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS1\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS1\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS1\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS1\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS1\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS1\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS1\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS1\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS1\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS1\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS1\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS1\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS1\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS1\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS1\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS1\system32\shell32.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS1\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS1\system32\userinit.exe) - C:\WINDOWS1\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS1\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS1\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS1\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS1\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS1\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS1\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS1\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS1\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS1\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS1\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS1\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS1\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS1\System32\WgaLogon.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS1\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS1\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS1\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS1\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS1\system32\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS1\system32\WPDShServiceObj.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS1\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS1\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS1\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS1\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS1\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS1\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS1\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS1\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS1\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS1\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS1\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS1\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/07/15 21:35:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/29 08:26:31 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS1\System32\dllcache\hidserv.dll
    [2010/12/29 08:26:31 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/12/28 15:05:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\OTL.exe
    [2010/12/28 12:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/12/27 07:20:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS1\System32\javaws.exe
    [2010/12/27 07:20:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS1\System32\javaw.exe
    [2010/12/27 07:20:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS1\System32\java.exe
    [2010/12/26 22:40:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\TFC.exe
    [2010/12/26 09:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\bKiAj06300
    [2010/12/22 05:54:04 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS1\System32\dllcache\ndproxy.sys
    [2010/12/21 12:07:08 | 000,000,000 | ---D | C] -- C:\WINDOWS1\pss

    ========== Files - Modified Within 30 Days ==========

    [2010/12/29 08:33:22 | 000,000,444 | -H-- | M] () -- C:\WINDOWS1\tasks\User_Feed_Synchronization-{CD7C561E-CD87-4B48-86FD-B57044EC0576}.job
    [2010/12/29 08:33:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS1\System32\d3d9caps.dat
    [2010/12/29 08:31:58 | 000,000,330 | -H-- | M] () -- C:\WINDOWS1\tasks\MP Scheduled Scan.job
    [2010/12/29 08:29:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS1\System32\wpa.dbl
    [2010/12/29 08:28:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS1\bootstat.dat
    [2010/12/29 08:28:10 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/29 07:59:27 | 000,083,989 | ---- | M] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\sc.png
    [2010/12/28 15:05:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\OTL.exe
    [2010/12/28 12:46:51 | 000,000,323 | -HS- | M] () -- C:\boot.ini
    [2010/12/28 12:39:58 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\HiJackThis.lnk
    [2010/12/27 07:31:08 | 000,000,116 | ---- | M] () -- C:\WINDOWS1\NeroDigital.ini
    [2010/12/26 23:08:04 | 000,192,976 | ---- | M] () -- C:\WINDOWS1\System32\FNTCACHE.DAT
    [2010/12/26 23:05:14 | 000,000,336 | ---- | M] () -- C:\WINDOWS1\LEXSTAT.INI
    [2010/12/26 22:40:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\TFC.exe
    [2010/12/26 19:11:01 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2010/12/24 10:02:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS1\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/22 06:09:38 | 000,001,393 | ---- | M] () -- C:\WINDOWS1\imsins.BAK
    [2010/12/22 05:50:33 | 000,001,122 | ---- | M] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\magicJack.lnk
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS1\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS1\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2010/12/29 07:44:24 | 000,083,989 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\sc.png
    [2010/12/28 12:38:08 | 000,002,499 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\HiJackThis.lnk
    [2010/12/26 22:15:20 | 1610,141,696 | -HS- | C] () -- C:\hiberfil.sys
    [2010/12/26 18:05:55 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
    [2010/09/02 08:10:04 | 000,000,013 | ---- | C] () -- C:\WINDOWS1\System32\MSVCTSCP.DLL
    [2010/06/13 21:15:55 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2010/06/10 15:31:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS1\System32\NtDirect.dll
    [2010/01/02 12:49:27 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\atscie.msi
    [2009/12/31 22:17:41 | 000,000,731 | ---- | C] () -- C:\WINDOWS1\wininit.ini
    [2009/08/09 19:56:08 | 000,000,131 | ---- | C] () -- C:\WINDOWS1\EurekaLog.ini
    [2009/06/23 14:26:50 | 000,000,026 | ---- | C] () -- C:\WINDOWS1\ITBackEnd.INI
    [2008/08/21 21:34:32 | 000,000,036 | ---- | C] () -- C:\WINDOWS1\AEBFONT.INI
    [2008/07/14 21:34:39 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\fusioncache.dat
    [2008/06/23 17:46:46 | 000,000,137 | ---- | C] () -- C:\WINDOWS1\ANS2000.INI
    [2008/06/23 17:46:46 | 000,000,020 | -H-- | C] () -- C:\WINDOWS1\akebook.ini
    [2008/06/23 17:46:46 | 000,000,004 | -H-- | C] () -- C:\WINDOWS1\a3kebook.ini
    [2008/04/23 14:49:51 | 000,000,336 | ---- | C] () -- C:\WINDOWS1\LEXSTAT.INI
    [2007/11/16 16:45:03 | 000,245,760 | ---- | C] () -- C:\WINDOWS1\ddedll.dll
    [2007/11/16 16:43:52 | 000,000,043 | ---- | C] () -- C:\WINDOWS1\ib.ini
    [2007/11/02 07:18:42 | 000,051,304 | ---- | C] () -- C:\WINDOWS1\System32\drivers\atnt40k.sys
    [2007/09/09 08:33:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS1\System32\hpcoinst.dll
    [2007/08/21 11:06:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS1\NeroDigital.ini
    [2007/08/21 07:04:56 | 000,000,379 | ---- | C] () -- C:\WINDOWS1\ODBC.INI
    [2007/06/24 09:28:09 | 000,000,169 | ---- | C] () -- C:\WINDOWS1\RtlRack.ini
    [2007/05/28 21:39:59 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/05/28 10:51:16 | 000,027,136 | ---- | C] () -- C:\WINDOWS1\toFront.dll
    [2007/05/28 10:51:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS1\GetIe.dll
    [2007/05/28 09:24:26 | 000,040,387 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\FASTWiz.log
    [2007/05/28 08:56:10 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Local Settings\Application Data\FASTWiz.html
    [2007/05/26 02:23:05 | 000,004,205 | ---- | C] () -- C:\WINDOWS1\ODBCINST.INI
    [2007/03/05 16:26:22 | 000,000,314 | ---- | C] () -- C:\Program Files\INSTALL.LOG
    [2003/06/20 07:00:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS1\System32\OUTLPERF.INI

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Murray Grummitt.UNITED-18653590\Desktop\Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage, Publisher 2007.zip:SummaryInformation

    < End of report >
     
  15. Royal_Flush

    Royal_Flush Thread Starter

    Joined:
    Aug 6, 2009
    Messages:
    185
    I see in msconfig that the startup items which caused me to initiate this thread are now identified by numerous rectangular boxes and they no longer generate warnings when launching windows. Thanks so much.
    I wish you a Happy and Prosperous New Year [​IMG] JSntgRvr!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/971144

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice