Multiple viruses? - Virus, Spyware, Malware Removal (2024)

Inline Attachment Follows: OTL.Txt
OTL logfile created on: 4/14/2010 8:54:41 AM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Ryan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.24 Gb Total Space | 27.82 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYANGONG
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 22:53:39 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
PRC - [2008/04/21 05:08:15 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/04/08 22:53:39 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010/02/10 09:15:44 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/11/25 08:44:36 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/19 12:26:54 | 000,455,944 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/11/12 04:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/10/20 21:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/06/03 10:44:52 | 000,143,360 | ---- | M] (Pro Softnet Corporation) [Auto | Stopped] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2009/03/18 17:35:28 | 000,106,496 | ---- | M] ( Pro-Softnet) [Auto | Stopped] -- C:\Program Files\IDrive\IDriveWebM.exe -- (IDriveWebM)
SRV - [2008/07/24 16:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/02/22 12:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2008/02/08 21:07:22 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/10/10 21:51:25 | 001,862,144 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/06/20 14:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/16 10:54:28 | 000,487,424 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/02/01 07:21:22 | 001,466,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/01/10 01:00:30 | 000,135,168 | ---- | M] (Xerox Co., Ltd.) [Auto | Stopped] -- C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE -- (XCPSSDB)
SRV - [2007/01/10 01:00:30 | 000,090,112 | ---- | M] (Xerox Co., Ltd.) [Auto | Stopped] -- C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE -- (XCPSPWD)
SRV - [2004/07/17 00:26:44 | 000,126,976 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Alias\Maya7.0\docs\wrapper.exe -- (maya70docserver)
SRV - [2003/12/04 10:00:34 | 000,634,880 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)

========== Driver Services (SafeList) ==========

DRV - [2010/04/14 01:21:53 | 000,015,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/04/12 07:09:14 | 000,014,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2010/02/27 03:09:10 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/27 03:09:10 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/27 03:09:10 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/10 09:15:59 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/02/10 09:14:51 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/02/10 09:14:39 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/02/10 09:13:39 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/01/01 15:48:24 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/21 18:22:56 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2009/10/14 22:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 20:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 15:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 16:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/07 00:35:45 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/05/07 14:29:04 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/04/30 14:51:28 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/06/01 00:13:10 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/17 09:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/02/08 21:07:22 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2008/01/20 00:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/11/01 00:17:42 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007/08/01 13:15:00 | 006,835,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/07/17 17:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/17 17:46:10 | 000,056,832 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/17 17:46:08 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/16 17:39:42 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/07/16 16:15:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/20 14:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2007/06/06 12:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/05/24 11:59:14 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/26 12:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/04/26 12:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/04/26 12:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/26 12:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2007/04/26 12:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/26 12:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/04/26 12:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/03/26 08:19:00 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/01/31 16:19:04 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/01/31 16:19:02 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/31 16:19:02 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/08/28 13:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2006/08/18 11:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 11:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 11:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 11:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 11:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 11:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 11:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 11:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 09:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 08:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 08:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 09:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/11/02 04:23:08 | 000,014,464 | R--- | M] (©NOWCOM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nowmemdf.sys -- (NOWMEMDF)
DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2003/08/11 10:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2001/04/09 06:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\penclass.sys -- (PenClass)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071011
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071011

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.18
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: [emailprotected]:1.0
FF - prefs.js..extensions.enabledItems: [emailprotected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: [emailprotected]:0.4.3
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: [emailprotected]:3.5.10
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 21:50:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 23:56:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/01/01 12:28:04 | 000,000,000 | ---D | M]

[2009/09/01 00:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Extensions
[2010/04/08 22:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions
[2009/11/04 12:40:14 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/04/04 21:48:48 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/01 00:43:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/04 21:48:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/19 21:16:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/19 21:16:14 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009/12/08 00:28:47 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2009/12/07 03:33:12 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/02/19 21:16:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/04 21:48:45 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/09/11 00:31:31 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/04 23:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\[emailprotected]
[2009/12/29 11:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\[emailprotected]
[2009/11/04 12:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\[emailprotected]
[2010/04/08 22:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/01 12:28:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[emailprotected]
[2009/07/17 01:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/04/07 19:38:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [AP Sharing Switch] C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ShaPlus Bandwidth Meter] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [XCPSPSP] C:\Program Files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE (Xerox Co., Ltd.)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Ryan\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O15 - HKLM\..Trusted Domains: reelfx.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: erightsoft.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: reelfx.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: reelfx.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: reelfx.com ([insight] https in Trusted sites)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://127.0.0.1:227...t9150391510.cab (Citrix ICA Client)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} http://www.congnamul...amulMap_V17.cab (CongnamulMap Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/27 10:28:51 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 15:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RICOH Gate La.lnk - C:\Program Files\Caplio Software\RGateLXP.exe - (Ricoh Company, Ltd.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpFolder: C:^Documents and Settings^Ryan^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Ryan^Start Menu^Programs^Startup^Dropbox.lnk - C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Ryan^Start Menu^Programs^Startup^IDrive Tray.lnk - C:\Program Files\IDrive\IDriveEReg2ini.exe - (Pro Softnet Corp.)
MsConfig - StartUpFolder: C:^Documents and Settings^Ryan^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: Document Manager - hkey= - key= - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: IDriveE Startup - hkey= - key= - C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
MsConfig - StartUpReg: Second Copy - hkey= - key= - C:\Program Files\SecCopy\SecCopy.exe (Centered Systems)
MsConfig - StartUpReg: SecureUpgrade - hkey= - key= - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: klmdb.sys - Driver
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - C:\WINDOWS\system32\drivers\hitmanpro35.sys ()
SafeBootNet: hitmanpro35.sys - C:\WINDOWS\system32\drivers\hitmanpro35.sys ()
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: klmdb.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {054BCE4F-CBFD-AAB3-A30E-C25DF0B11926} - Internet Explorer
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {594A9557-388B-A7E3-D22C-54B9410F1CCD} - NetShow
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} - Security Update for Microsoft .NET Framework 2.0 (KB928365)
ActiveX: {84DD6541-1962-F7D2-80D8-AD28DDB36A7F} - Themes Setup
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9361D427-4230-3A7D-8F33-B5974DCB7EF4} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B2DFC8D6-93DA-459E-250A-187D1D565B5A} - Dynamic HTML Data Binding for Java
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {B8D596CF-1FC3-4D8D-32FA-977B6F13ADFB} - Microsoft VM
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MFZ0 - C:\WINDOWS\System32\MyFlashZip0.ax (Moyea Inc.)
Drivers32: vidc.MP42 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/04/14 01:22:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/14 01:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
[2010/04/14 01:03:03 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010/04/13 08:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/13 01:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\Combo
[2010/04/08 22:53:37 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
[2010/04/08 00:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\gmer
[2010/04/08 00:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\GooredFix Backups
[2010/04/08 00:25:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/08 00:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\tdsskiller
[2010/04/08 00:22:55 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Ryan\Desktop\GooredFix.exe
[2010/04/08 00:22:40 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/08 00:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\SysRestorePoint_v13
[2010/04/08 00:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\erunt
[2010/04/08 00:19:50 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\TFC.exe
[2010/04/07 23:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/07 23:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/07 23:47:12 | 005,650,240 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Ryan\Desktop\HitmanPro35.exe
[2010/04/07 21:50:04 | 008,354,440 | ---- | C] (Mozilla) -- C:\Documents and Settings\Ryan\Desktop\Firefox Setup 3.6.3.exe
[2010/04/07 01:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/07 01:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/07 00:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/06 22:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\DMV
[2010/04/04 21:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\Adobe
[2009/05/14 22:02:10 | 003,392,872 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 22:02:10 | 003,298,152 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
[2008/11/26 01:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/10/03 18:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xi
[2008/09/29 23:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
[2008/09/29 23:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/09/29 23:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/09/29 23:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2008/09/29 23:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/09/09 21:08:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/08/17 21:03:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ryan\Application Data\pcouffin.sys
[2007/11/02 23:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/10/26 07:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/10/18 20:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/12/13 09:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[2004/08/11 15:06:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/04/14 08:53:41 | 000,651,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/14 08:53:41 | 000,531,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/14 08:53:41 | 000,106,664 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/14 08:52:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/14 08:49:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/14 02:14:57 | 013,107,200 | ---- | M] () -- C:\Documents and Settings\Ryan\ntuser.dat
[2010/04/14 01:43:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4063559845-2940712971-3049920660-1005UA.job
[2010/04/14 01:21:53 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/14 01:21:26 | 000,115,024 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/04/14 01:20:48 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/04/14 01:20:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/14 00:56:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ryan\ntuser.ini
[2010/04/14 00:49:16 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 00:48:28 | 000,004,448 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\instructions.rtf
[2010/04/14 00:47:29 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\HelpAsst_mebroot_fix.exe
[2010/04/14 00:42:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/14 00:42:16 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/13 09:43:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4063559845-2940712971-3049920660-1005Core.job
[2010/04/12 21:25:32 | 000,485,896 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\HAMeb_check.exe
[2010/04/12 07:09:20 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\Document.rtf
[2010/04/12 07:09:14 | 000,014,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2010/04/08 23:43:27 | 000,007,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\olV3RohQ
[2010/04/08 22:53:39 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
[2010/04/08 00:48:18 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\gmer.zip
[2010/04/08 00:40:30 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ryan\Desktop\~$todo.rtf
[2010/04/08 00:32:36 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Ryan\Desktop\GooredFix.exe
[2010/04/08 00:23:13 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\tdsskiller.zip
[2010/04/08 00:22:40 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/08 00:20:08 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\erunt.zip
[2010/04/08 00:19:57 | 000,009,334 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\SysRestorePoint_v13.zip
[2010/04/08 00:19:51 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\TFC.exe
[2010/04/07 23:56:37 | 000,000,376 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/04/07 23:47:20 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/07 23:47:12 | 005,650,240 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Ryan\Desktop\HitmanPro35.exe
[2010/04/07 21:50:48 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/07 21:50:05 | 008,354,440 | ---- | M] (Mozilla) -- C:\Documents and Settings\Ryan\Desktop\Firefox Setup 3.6.3.exe
[2010/04/07 19:40:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/07 19:38:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/07 01:27:02 | 003,908,515 | R--- | M] () -- C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
[2010/04/07 01:26:12 | 000,012,422 | -HS- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\2577180388
[2010/04/07 01:25:55 | 000,012,434 | -HS- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\4019432185
[2010/04/07 01:25:55 | 000,012,434 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2577180388
[2010/04/07 01:25:50 | 000,012,422 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4019432185
[2010/04/07 01:25:50 | 000,012,422 | -HS- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\3Yfi
[2010/04/07 01:07:22 | 000,012,414 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/07 01:04:34 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/07 00:31:48 | 000,033,217 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\movies.rtf
[2010/04/04 22:33:20 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Kai.doc
[2010/04/04 22:33:20 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\taxes2009.doc
[2010/04/04 22:33:20 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\expenses2009.xls
[2010/04/04 22:33:20 | 000,000,476 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\todo.rtf
[2010/04/04 22:33:10 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\finance2009Q1(2).xls
[2010/04/04 22:33:10 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\wave2.rtf
[2010/04/04 21:50:17 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Lightroom 2.4.lnk
[2010/04/04 09:58:46 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/04 09:44:03 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Google Chrome.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/04/14 01:06:48 | 000,000,327 | ---- | C] () -- C:\Documents and Settings\Ryan\mbr.log
[2010/04/14 00:48:28 | 000,004,448 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\instructions.rtf
[2010/04/14 00:47:29 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\HelpAsst_mebroot_fix.exe
[2010/04/12 21:25:32 | 000,485,896 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\HAMeb_check.exe
[2010/04/12 07:09:19 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\Document.rtf
[2010/04/08 23:42:29 | 000,007,062 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\olV3RohQ
[2010/04/08 23:42:29 | 000,007,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\olV3RohQ
[2010/04/08 00:48:13 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\gmer.zip
[2010/04/08 00:40:30 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ryan\Desktop\~$todo.rtf
[2010/04/08 00:23:12 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\tdsskiller.zip
[2010/04/08 00:20:08 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\erunt.zip
[2010/04/08 00:19:56 | 000,009,334 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\SysRestorePoint_v13.zip
[2010/04/07 23:56:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/04/07 23:47:27 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/07 23:47:20 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/07 01:26:57 | 003,908,515 | R--- | C] () -- C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
[2010/04/07 01:26:11 | 000,012,422 | -HS- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\2577180388
[2010/04/07 01:25:45 | 000,012,434 | -HS- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\4019432185
[2010/04/07 01:25:45 | 000,012,434 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2577180388
[2010/04/07 01:25:39 | 000,012,422 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4019432185
[2010/04/07 01:25:39 | 000,012,422 | -HS- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\3Yfi
[2010/04/07 01:04:38 | 000,012,414 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\3Yfi
[2010/04/07 01:04:38 | 000,012,414 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/07 01:04:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/07 00:01:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/04 22:34:05 | 000,033,217 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\movies.rtf
[2010/04/04 22:34:05 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Kai.doc
[2010/04/04 22:34:05 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\taxes2009.doc
[2010/04/04 22:34:05 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\expenses2009.xls
[2010/04/04 22:34:05 | 000,000,476 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\todo.rtf
[2010/04/04 21:50:17 | 000,001,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Lightroom 2.4.lnk
[2010/04/04 09:58:13 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/06 00:02:59 | 000,000,031 | ---- | C] () -- C:\WINDOWS\ Connection to the server failed.IDriveE.ini
[2009/10/22 00:26:17 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Ryan\Adobe Encore_AME.pref
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/31 22:02:44 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\PUTTY.RND
[2009/06/13 02:49:03 | 000,002,752 | ---- | C] () -- C:\WINDOWS\System32\hname.sys
[2009/06/11 07:59:32 | 000,000,068 | ---- | C] () -- C:\WINDOWS\spwdr.INI
[2009/06/11 07:58:48 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/06/11 07:58:41 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/06/11 07:58:41 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/06/11 07:58:30 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll
[2009/04/18 00:36:40 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/17 21:03:35 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\pcouffin.log
[2008/08/17 21:03:28 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\pcouffin.cat
[2008/08/17 21:03:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\pcouffin.inf
[2008/06/14 14:02:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Ryan\Application Data\0048543174ed44531a61cb8be3a34b666aeef89518e966ef01.dat
[2008/06/01 04:33:44 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/06/01 04:31:23 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2008/06/01 04:31:23 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2008/06/01 04:29:33 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2008/06/01 04:29:33 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2008/06/01 04:19:24 | 000,000,162 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 2400 Photo.ini
[2008/06/01 00:13:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/05/18 13:13:06 | 000,014,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2008/02/28 22:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/02/21 01:44:23 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/02/08 04:47:49 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/02/08 04:47:49 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/02/08 04:47:48 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/02/07 02:24:34 | 000,000,400 | ---- | C] () -- C:\WINDOWS\SWFConverter.INI
[2008/02/01 09:36:12 | 000,000,534 | ---- | C] () -- C:\Documents and Settings\Ryan\AdobeCS3Clean.log
[2008/01/27 19:41:03 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/01/27 19:41:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/01/22 11:08:11 | 013,107,200 | ---- | C] () -- C:\Documents and Settings\Ryan\ntuser.dat
[2008/01/06 05:32:13 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\fusioncache.dat
[2007/11/23 02:22:01 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/11/23 02:07:56 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Ryan\SmartTraceLevel.txt
[2007/11/18 07:19:27 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2007/11/04 05:34:42 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\SUPPORT.INI
[2007/11/03 11:43:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\nod.dll
[2007/11/03 11:20:52 | 000,000,418 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini
[2007/11/03 11:20:48 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini
[2007/11/01 21:24:18 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/11/01 00:17:42 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2007/11/01 00:17:30 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2007/10/26 21:38:29 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/10/26 21:38:28 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/10/18 22:18:31 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/17 08:53:37 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/10/17 08:53:37 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/10/16 20:26:58 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/15 21:46:52 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Ryan\wave_license.txt
[2007/10/15 21:46:51 | 000,188,416 | -H-- | C] () -- C:\Documents and Settings\Ryan\ntuser.dat.LOG
[2007/10/15 21:46:51 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Ryan\ntuser.ini
[2007/10/15 21:46:38 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2007/10/15 21:46:38 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2007/10/10 21:53:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/10 21:51:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007/10/10 21:44:46 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/10/10 21:44:46 | 000,000,197 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/10 21:40:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2007/10/10 21:37:33 | 001,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2007/10/10 21:35:53 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/10/10 21:35:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/10/10 21:30:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/10/10 21:30:51 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/10/10 21:10:33 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/10 21:10:33 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/10 21:10:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/10 21:10:31 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/10 21:10:15 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/10/10 21:09:10 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/02/28 15:32:10 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/02/28 15:30:56 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2007/02/16 12:07:06 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/02/16 12:02:12 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\OEM_Resources.dll
[2007/02/16 11:59:56 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/02/16 11:59:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/02/16 11:59:40 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/02/16 11:59:30 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/02/16 11:59:22 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/02/16 11:59:12 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/02/16 11:59:02 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/02/16 11:58:54 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/02/16 11:58:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/02/16 11:58:34 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/02/16 09:09:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/02/16 09:08:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/02/16 09:08:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/02/16 09:08:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/02/16 09:07:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/02/16 09:07:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/02/16 09:07:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/02/16 09:06:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/02/16 09:06:38 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/02/16 09:06:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/02 07:14:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/11/07 02:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/16 07:13:34 | 001,382,280 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2006/08/14 09:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2005/09/02 12:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 19:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/10 10:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 10:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/20 15:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 12:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1999/05/07 02:12:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll

========== LOP Check ==========

[2009/08/07 00:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/11/27 02:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/02/04 10:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/08/19 00:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2008/09/11 21:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2007/10/18 20:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/04/07 23:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/02/08 04:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2007/10/10 21:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2008/02/01 00:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oldFLEXnet
[2008/10/13 22:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/24 23:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VoxCode
[2007/10/10 21:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2007/10/29 01:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/13 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/11 19:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 18:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/07 00:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Acronis
[2009/11/27 02:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Autodesk
[2009/12/02 01:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\avidemux
[2008/02/07 04:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Bytescout SWF To Video Scout
[2008/08/19 22:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\dBpoweramp
[2010/02/10 00:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Dropbox
[2008/08/17 22:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DVDFab
[2008/06/01 04:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\EPSON
[2008/09/11 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Genie-soft
[2008/02/07 04:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\GeoVid
[2007/10/18 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\GlobalSCAPE
[2009/12/08 01:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\GrabPro
[2007/11/23 02:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ICAClient
[2010/02/12 23:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ImgBurn
[2008/06/01 04:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Leadertech
[2008/12/08 20:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\mjusbsp
[2008/02/07 04:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Moyea
[2009/12/08 01:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Orbit
[2008/02/09 03:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Pegasys Inc
[2007/10/27 02:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\RhinoSoft.com
[2008/01/29 23:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\RipIt4Me
[2008/06/01 04:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Smart Panel
[2008/08/05 23:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\SorensonMedia
[2008/08/19 22:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Thinstall
[2009/04/02 01:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\UseNeXT
[2009/12/24 20:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\uTorrent
[2009/06/02 09:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Vso
[2010/04/13 00:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Wave Systems Corp
[2007/10/18 20:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Windows Desktop Search
[2008/06/07 16:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Xi
[2008/08/20 00:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Xilisoft Corporation

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2009/08/07 00:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/04/04 21:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/06/08 12:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009/06/06 03:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/03/03 09:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/11/27 02:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/01/31 00:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/10/10 21:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/01/29 23:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/11/27 11:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/02/04 10:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/08/19 00:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2008/09/11 21:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2007/10/18 20:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2009/04/17 23:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/02/21 01:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/04/07 23:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/02/21 01:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2008/02/21 01:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2008/02/21 01:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2007/10/10 21:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/04/14 01:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/01/01 12:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/04/25 10:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007/10/27 23:40:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/04/04 10:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/02/08 04:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2007/10/10 21:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2007/12/16 20:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/02/09 22:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/02/01 00:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oldFLEXnet
[2007/10/15 22:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2004/08/11 15:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/10/10 21:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/02/13 02:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/26 21:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/13 01:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/10/13 22:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/24 23:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VoxCode
[2007/10/10 21:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2008/02/21 01:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2007/10/18 00:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/10/29 01:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/13 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/11 19:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 18:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 15:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2010/02/05 22:05:49 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
[2009/11/20 16:52:22 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
[2009/10/07 16:43:52 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\AirPort 5.5.0.17\SetupAdmin.exe
[2009/11/19 12:14:32 | 004,732,800 | ---- | M] (Pure Digital Technologies Inc.) -- C:\Documents and Settings\All Users\Application Data\Flip Video\FlipShare\Updates\FirmwareExec_Windows_en-US_83.06_83.07\FlipVideoFWUpdate.exe
[2008/07/29 09:44:02 | 000,070,992 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe
[2009/10/20 09:54:20 | 000,059,992 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
[2010/04/04 09:41:11 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2008/08/19 01:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\AccurateRip
[2009/08/07 00:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Acronis
[2010/04/04 21:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Adobe
[2009/09/12 11:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Apple Computer
[2009/11/27 02:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Autodesk
[2009/12/02 01:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\avidemux
[2008/02/07 04:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Bytescout SWF To Video Scout
[2008/01/31 00:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\CyberLink
[2008/08/19 22:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\dBpoweramp
[2007/10/15 21:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Dell
[2007/10/26 21:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DivX
[2010/02/10 00:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Dropbox
[2009/12/18 04:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\dvdcss
[2008/08/17 22:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DVDFab
[2008/06/01 04:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\EPSON
[2008/09/11 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Genie-soft
[2008/02/07 04:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\GeoVid
[2007/10/18 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\GlobalSCAPE
[2007/11/02 23:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Google
[2009/12/08 01:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\GrabPro
[2008/02/02 15:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Help
[2009/10/08 00:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\HP
[2008/02/21 01:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\HPAppData
[2007/11/23 02:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ICAClient
[2004/08/11 15:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Identities
[2010/02/12 23:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ImgBurn
[2007/10/10 21:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\InstallShield
[2008/06/01 04:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Leadertech
[2007/10/16 00:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Macromedia
[2009/04/25 10:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Malwarebytes
[2007/10/17 00:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Media Player Classic
[2009/10/07 00:09:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Ryan\Application Data\Microsoft
[2009/01/04 15:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\mIRC
[2008/12/08 20:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\mjusbsp
[2008/02/07 04:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Moyea
[2009/09/01 00:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Mozilla
[2009/12/08 01:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Orbit
[2008/02/09 03:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Pegasys Inc
[2008/04/19 13:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Real
[2007/10/27 02:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\RhinoSoft.com
[2008/01/29 23:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\RipIt4Me
[2007/10/25 03:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Roxio
[2008/06/01 04:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Smart Panel
[2008/04/15 22:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\SmartFTP
[2008/08/05 23:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\SorensonMedia
[2007/10/19 04:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sun
[2010/02/13 01:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\SUPERAntiSpyware.com
[2008/08/19 22:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Thinstall
[2009/11/24 01:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\U3
[2009/04/02 01:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\UseNeXT
[2009/12/24 20:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\uTorrent
[2007/10/23 00:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\vlc
[2009/06/02 09:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Vso
[2010/04/13 00:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Wave Systems Corp
[2007/10/18 20:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Windows Desktop Search
[2007/10/17 00:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\WinRAR
[2008/06/07 16:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Xi
[2008/08/20 00:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Xilisoft Corporation

< %APPDATA%\*.exe /s >
[2009/09/25 15:13:12 | 026,801,794 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe
[2009/10/08 09:03:13 | 000,089,813 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Uninstall.exe
[2008/08/18 21:39:17 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Installer\{25EEBED4-8CA8-412D-9B5E-690359EEE630}\ARPPRODUCTICON.exe
[2009/04/17 22:13:51 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Installer\{3254FD51-9910-48C4-AC9B-AF3691C1544C}\ARPPRODUCTICON.exe
[2009/04/17 22:13:51 | 000,131,072 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Installer\{3254FD51-9910-48C4-AC9B-AF3691C1544C}\NewShortcut1_3254FD51991048C4AC9BAF3691C1544C.exe
[2009/04/17 22:13:51 | 000,131,072 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Installer\{3254FD51-9910-48C4-AC9B-AF3691C1544C}\NewShortcut3_3254FD51991048C4AC9BAF3691C1544C.exe
[2008/02/02 14:38:55 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Installer\{5D8D5765-5F02-4F5D-ADC0-72EE19358716}\_18be6784.exe
[2007/10/10 21:35:20 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Installer\{9556CFD4-3F7E-4D1C-958B-759703E9CC21}\ARPPRODUCTICON.exe
[2008/08/22 05:43:50 | 000,050,520 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\cdloader2.exe
[2008/08/22 05:43:18 | 011,724,120 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\magicJack.exe
[2008/08/22 05:46:54 | 000,405,496 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\magicJackLoader.exe
[2008/08/22 05:43:48 | 000,456,040 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\magicJackSplash.exe
[2008/02/29 05:42:42 | 000,386,496 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\ar00000\magicJackSplash.exe
[2008/02/29 05:44:44 | 000,083,288 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\ar00000\mjsetup.exe
[2008/12/08 20:35:55 | 008,733,344 | -H-- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\ar00000\upgrade.exe
[2008/08/22 05:43:48 | 000,456,040 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\in00000\magicJackSplash.exe
[2008/08/22 05:45:14 | 000,083,288 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\in00000\mjsetup.exe
[2008/08/22 05:46:58 | 007,397,344 | -H-- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\in00000\setup.exe
[2008/08/22 05:43:48 | 000,456,040 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\st00000\magicJackSplash.exe
[2008/08/22 05:46:22 | 000,083,288 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\st00000\mjsetup.exe
[2008/08/22 05:45:18 | 000,714,376 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\ug00000\install.exe
[2008/08/22 05:43:48 | 000,456,040 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\ug00000\magicJackSplash.exe
[2008/08/22 05:46:58 | 007,397,344 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\ug00000\setup.exe
[2008/08/22 05:45:18 | 000,714,376 | -H-- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\Upgrade\install1.exe
[2008/08/22 05:46:58 | 007,397,344 | -H-- | M] (magicJack L.P.) -- C:\Documents and Settings\Ryan\Application Data\mjusbsp\Upgrade\setup1.exe
[2009/10/20 19:57:36 | 000,177,024 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\FlashGot.exe
[2009/03/20 00:57:34 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
[2009/09/03 11:53:00 | 000,268,632 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe.exe
[2009/09/03 11:53:00 | 000,019,792 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2009/09/03 11:53:00 | 000,022,848 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1zgv2jgc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
[2009/05/27 19:07:13 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Ryan\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
[2008/01/28 00:36:22 | 000,643,072 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\RipIt4Me\updater\ri4mupdater.exe
[2008/08/19 22:46:39 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Thinstall\Total Video Converter 3.11 070908\1000000600002h\regsvr32.exe

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/29 15:51:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/29 15:51:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/29 15:51:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/29 15:51:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/04/08 00:35:49 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/07/16 17:39:40 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\storage\R154200\iastor.sys
[2007/07/16 17:39:42 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\i386\iastor.sys
[2007/07/16 17:39:42 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 15:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 15:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 15:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Multiple viruses? - Virus, Spyware, Malware Removal (2024)

FAQs

How do I get rid of multiple viruses? ›

Removing a virus from a PC
  1. Download and install antivirus software. There are two main types of antivirus software that can detect and remove computer viruses and malware: real-time and on-demand. ...
  2. Run a virus scan. ...
  3. Delete or quarantine infected files. ...
  4. Restart your computer.
Dec 22, 2022

How do I get rid of fake Microsoft virus alerts? ›

For these reasons, we strongly advise you to ignore the "VIRUS ALERT TO MICROSOFT" message and never call the telephone number. This error can be removed simply by closing the web browser (preferably, using Task Manager) or rebooting the system (some websites employ scripts that prevent users from closing the browser).

What are the 4 main types of malware? ›

As part of an organization's security and data protection program, it should have a plan in place that, at minimum, mitigates risk to systems and networks arising from four common types of malicious software: trojans, spyware, viruses, and ransomware.

How do I remove spyware and viruses from my phone? ›

  1. Step 1: Make sure Google Play Protect is turned on. Open the Google Play Store app . ...
  2. Step 2: Check for Android device & security updates. Get the latest Android updates available for you. ...
  3. Step 3: Remove untrusted apps. ...
  4. Step 4: Do a Security Checkup.

How do I remove hidden viruses from my computer? ›

If your PC has a virus, following these ten simple steps will help you to get rid of it:
  1. Step 1: Download and install a virus scanner. ...
  2. Step 2: Disconnect from internet. ...
  3. Step 3: Reboot your computer into safe mode. ...
  4. Step 4: Delete any temporary files. ...
  5. Step 5: Run a virus scan. ...
  6. Step 6: Delete or quarantine the virus.

Can you remove a virus yourself? ›

The easiest way to remove viruses is by using an antivirus program designed to clean your system safely. If a virus is already on your computer, however, you may need to run this program under very specific conditions.

How to remove all viruses without paying? ›

Free virus detection software from a reputable provider like Avast is the best way to perform a free virus scan, online as well as off. We'll automatically detect, block, and remove viruses and other malware from your devices.

Why do I keep getting fake virus notifications? ›

These pop-ups claim that your device is infected and requires cleaning. Since there is no way for these web pages to scan your device to determine the actual status of your mobile device, they are considered advertisements, or scareware. To block these pop-ups, close the web page that triggered the alert.

Why do I keep getting fake virus notifications on my computer? ›

These are not real virus alerts from your anti-virus software, rather Microsoft Edge or Google Chrome web push notifications that have been allowed while browsing the web - that aim to mislead users to download software to remove the alleged virus.

How do I get rid of fake Microsoft malicious software removal tool? ›

To remove Fake Microsoft Windows Malicious Software Removal Tool, follow these steps:
  1. STEP 1: Print out instructions before we begin.
  2. STEP 2: Use Rkill to terminate suspicious programs.
  3. STEP 3: Use Malwarebytes AntiMalware to Scan for Malware and Unwanted Programs.
  4. STEP 4: Use HitmanPro to scan your computer for badware.
Jul 13, 2009

What can a hacker do with malware? ›

Even at home, you aren't always safe. Malicious hackers can easily hack your Wi-Fi network, take over remote access of your computer, or hack your passwords with phishing attacks. To protect your personal information, sensitive documents, and financial accounts, you need to secure your personal devices.

What are the 3 common malware attacks? ›

Malware comes in many forms but the most common types are: Viruses. Keyloggers. Worms.

Can you tell if your phone is being monitored? ›

However, if someone is spying on your phone, there are common signs you can look out for. You may notice a rapid increase in your phone's data usage, suspicious files or applications, or strange text messages that you don't remember sending. Your device may also show signs of malfunctioning behavior.

What are spy apps disguised as? ›

Spyware often accompanies programs that are disguised as useful software, such as download managers, registry cleaners, and so on. Sometimes, it comes packaged with video games. It may even come packaged in a software bundle with real, useful programs.

Do I have hidden spyware on my phone? ›

The easiest way to find hidden spyware or other malicious software on your phone is by using security scan apps such as Certo Mobile Security, which can be downloaded from the Google Play Store for free.

Where is computer virus usually hidden? ›

A computer virus is a computer program usually hidden within another program that produces copies of itself and inserts them into other programs or files. They usually perform a malicious activity such as deleted your files.

Where are viruses hidden? ›

Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Computer viruses also spread through downloads on the Internet. They can be hidden in pirated software or in other files or programs that you might download.

How to find malware using command prompt? ›

Type attrib -r -a -s -h *.

The "attrib" command forces all hidden, read-only, archived, and system files to display in Command Prompt, and the "-r -a -s -h *.

What kills viruses naturally? ›

Using Vitamins and Minerals to Fight Viruses and Support Immunity
  • Vitamin D: Vitamin D, commonly known for its role in bone health, also helps make proteins that kill viruses and bacteria, especially in the respiratory tract. ...
  • Vitamin C: ...
  • Zinc: ...
  • Polyphenols: ...
  • Potassium: ...
  • Probiotics: ...
  • Supplement Wisely.

What is a good virus remover? ›

The Best Malware Removal Software Available
  • Norton 360.
  • Kaspersky Antivirus.
  • Malwarebytes Anti-Malware.
  • Trend Micro Antivirus Plus Security.
  • TotalAV.
  • Bitdefender.
  • Webroot Antivirus.
  • Avast.

Will resetting PC remove virus? ›

Running a factory reset, also referred to as a Windows Reset or reformat and reinstall, will destroy all data stored on the computer's hard drive and all but the most complex viruses with it. Viruses can't damage the computer itself and factory resets clear out where viruses hide.

Is there a truly free malware removal tool? ›

The easiest way to remove malware from your computer is to use a free virus removal tool like Avast One, which scans for and removes existing malware, as well as prevents future infections. Avast One is compatible with all devices, so you can scan for, detect, and remove malware on Mac, iPhone, and Android too.

Which software is used to remove virus from computer system? ›

Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

How to remove virus without antivirus using command prompt? ›

How to Remove Virus Using CMD
  1. Type cmd in the search bar, right-click "Command Prompt" and choose "Run as an administrator".
  2. Type F: and press "Enter".
  3. Type attrib -s -h -r /s /d *.
  4. Type dir and hit "Enter".
  5. For your information, a virus name may contain words like "autorun" and with ". inf" as the extension.
Feb 22, 2023

What do fake virus pop-ups look like? ›

These alerts are often called “virus alerts” or “error messages.” They appear as boxes or windows with scary-looking text and images that claim your computer is infected. They may also be advertising banners, fake error messages, or other types of alerts that warn you about a virus.

Does Google tell you if you have a virus? ›

No. When Google says you have a virus on your phone, you are being scammed. Specifically, cybercriminals are trying to trick you into installing malware, submitting personal data, or paying for virus removal. Unfortunately, fake virus warnings on Android phones are very common these days.

What does a fake virus notification look like? ›

Fake virus warnings commonly appear on your screen as pop-ups warning you about some urgent malware threat and encouraging you to act immediately and download their product. Fake virus warnings can also appear as fake spyware warnings or fake system notifications.

Are virus warning pop-ups real? ›

If a pop-up claims that you have a virus and you need to pay to get rid of it, it's definitely a scam. Legitimate antivirus software companies don't work like this. They offer a subscription to protect your device, and they don't chase you around the web asking you to pay.

Why do I keep getting malware pop-ups? ›

Pop-up ads on Chrome most likely keep appearing because the browser has been infected with a virus. It can be either a browser hijacker which changes the browser settings, or adware. In the latter case, pop-up ads are appearing not only on your browser but also while using the device in general.

Is the virus warning on my computer real? ›

A pop-up window claiming to have scanned your computer and found evidence of viruses would cause anyone alarm. However, if it comes from a company or program other than your own security software, or if it appears in a different format than you're used to, then tread carefully, as it's likely to be a scam.

Should I disable malicious software removal tool? ›

You do not have to disable or remove your antivirus program when you install the MSRT. However, if prevalent, malicious software has infected your computer, the antivirus program may detect this malicious software and may prevent the removal tool from removing it when the removal tool runs.

Does Windows 10 Malicious Software Removal Tool run automatically? ›

So long as you have Windows Updates enabled on your system, you can trust that this tool will run automatically by itself.

How do I block fake virus warnings in Windows 10? ›

Close Your Web Browser — “Virus Alert from Microsoft” always shows in your web browser. So first, try to close your web browser normally. If that doesn't work, press “Ctrl+Shift+Delete” to open your Task Manager. Find your web browser among the running processes, and click “End Task” to force it to close.

What is the hardest malware to detect? ›

Rootkits. The rootkit malware is dangerous and extremely hard to detect.

What is the deadliest malware? ›

1. Mydoom. Considered by many to be the most dangerous computer virus in history, the Mydoom virus cost around $38 billion worth of damage in 2004.

What is the king of malware? ›

EMOTET first emerged in 2014 and quickly became one of the most dangerous botnets of the last decade. The so-called King of Malware, it rampaged across the world infecting computers through emails, incurring significant damage.

Can hackers see you through your phone camera? ›

Can hackers watch through your camera? If a hacker installs spyware on your phone then there is a good chance they will be able to access your camera and turn it on/off as they please. They may also be able to access any photos or videos you have previously taken.

Which malware is used by hackers to spy? ›

Spyware. Spyware collects information about users' activities without their knowledge or consent. This can include passwords, pins, payment information and unstructured messages. The use of spyware is not limited to the desktop browser: it can also operate in a critical app or on a mobile phone.

Can malware spy on you? ›

Spyware. Although it sounds like a James Bond gadget, it's actually a type of malware that infects your PC or mobile device and gathers information about you, including the sites you visit, the things you download, your usernames and passwords, payment information, and the emails you send and receive.

What is the malicious code? ›

Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system.

What is an example of a malicious code? ›

Taking advantage of common system vulnerabilities, malicious code examples include computer viruses, worms, Trojan horses, logic bombs, spyware, adware, and backdoor programs. Visiting infected websites or clicking on a bad email link or attachment are ways for malicious code to sneak its way into a system.

How can I tell if my phone is being monitored by a spy app? ›

9 Signs You Have Spyware on Your Phone
  • You Use Too Much Data. ...
  • Your Battery Is Draining Fast. ...
  • Your Phone Is Overheating. ...
  • You Hear Weird Sounds During Calls. ...
  • Your Phone Feels Sluggish. ...
  • You Notice Suspicious Changes and Charges. ...
  • Your Phone Shows Signs of Activity When in Stand-By Mode. ...
  • Your Phone Takes a Long Time to Shut Down.
Feb 5, 2023

Does *# 21 tell you if your phone is tapped? ›

You can find out if your phone has been tapped using unconditional data forwarding with the help of MMI codes. On GSM networks, dial *#21# to list, and ##21# to clear your unconditional data forwarding settings. CDMA network customers can view and modify these settings too by dialing **21*.

Is my partner monitoring my phone? ›

The signs/symptoms that your phone is being spied on.
  • Your phone feels sluggish. Hacking software (commonly called 'Spyware') can be very resource intensive on your device. ...
  • The battery is draining too fast. ...
  • High data usage. ...
  • Suspicious activity.
Jan 17, 2023

What does hidden spyware look like? ›

You'll see a small teardrop symbol in your phone's notification bar when an app is using your device location. If you see this appear when you're not using apps allowed to access location data, this could indicate spyware is running and tracking your location.

What apps should not be on my phone? ›

Dangerous Android Apps You Should Stay Away From
  • UC Browser.
  • CLEANit.
  • Dolphin Browser.
  • Virus Cleaner - Antivirus Free & Phone Cleaner.
  • SuperVPN Free VPN Client.
  • RT News.
  • Super Clean - Master of Cleaner.
  • Fildo Music.
Dec 27, 2021

How do you tell if someone has hidden apps on their phone? ›

From the app drawer, tap the three dots in the upper-right corner of the screen. Tap Hide apps. The list of apps that are hidden from the app list displays. If this screen is blank or the Hide apps option is missing, no apps are hidden.

What is the 3 digit number to see if your phone is tapped? ›

Press *#*#4636#*#* or *#*#197328640#*#* to see if anyone is watching your movements. These are Utility Net Monitor Codes. Dialing these codes can tell you if you're being tracked or monitored through your mobile phone.

How do I clean spyware off my phone? ›

Remove any spyware by restoring your Android to its factory settings
  1. Go to Settings.
  2. Select Backup and reset.
  3. Select Factory data reset.
  4. Tap Reset phone.
  5. Confirm your action by typing your PIN or password.
  6. Decide if you wish your phone to restore from backup or start fresh.

How do I know if my phone has spyware malware? ›

10 signs a mobile device has been infected with malware
  1. Slow performance. ...
  2. Random reboots. ...
  3. Strange text messages. ...
  4. Overheating. ...
  5. Unusually high data usage. ...
  6. Unfamiliar apps in the device app list. ...
  7. Battery draining fast. ...
  8. Taking a long time to shut down.
Nov 1, 2022

How do I find hidden antivirus on my computer? ›

Users using the classic start menu: Start > Settings > Control Panel > Security Center. Users using start menu: Start > Control Panel > Security Center.

What is an example of a hidden virus? ›

The virus that causes cold sores is an example of a hidden virus. It can remain inactive for months or years inside nerve cells in the face. While hidden, the virus causes no symptoms.

How do I see all my viruses? ›

The best way to check for malware on your phone is to use a mobile security app like free AVG Antivirus for Android. Run a scan. After installing AVG Antivirus, open the app and run an antivirus scan to find malware hidden in your device's system.

How do I track a device using Command Prompt? ›

The easiest way to do this is with the “tracert” command in the command prompt.
...
How to Trace an IP Address Using the Command Prompt
  1. Open the Command Prompt. ...
  2. Ping the Website You Want to Trace. ...
  3. Run the “Tracert” Command on the IP. ...
  4. Put These IPs Into an IP Lookup Tool.
May 31, 2022

How to get system information remotely in cmd? ›

SystemInfo is a built-in Windows command line that displays some basic info about not only about your local computer but any remote computers on the same network as well. Simply use the /s switch in the command followed by the name of the remote computer, like below.

What causes multiple viral infections? ›

In adults, recurrent infections are usually due to an anatomic lesion, a functional disorder, or to a secondary cause of immunosuppression.

Why do I keep getting viruses one after the other? ›

Your immune system is compromised

Having an immune system disorder means that your immune system is less able to fight off bacterial and viral infections. Individuals with immune system disorders get sick more often and for longer than those without them.

How do I get rid of multiple viruses on my iPhone? ›

How to Get Rid of Viruses From an iPhone
  1. Delete Suspicious Apps. Inspect the apps on your phone and ask yourself if any of them seem suspicious. ...
  2. Clear Website Data and Browsing History. It's essential to know how to clear your website data because an iPhone virus can still live in this form of storage. ...
  3. Restart Your iPhone.

Why do I have 3 viruses? ›

"Your System Is Infected With 3 Viruses!" is a fake alert stating that a Mac computer is infected with some viruses. This (and other) fake messages are often displayed on untrustworthy, deceptive websites that trick people into purchasing software or services.

What does it mean when you have multiple infections at once? ›

Co-infection occurs when two or more infectious agents infect the same person at the same time, and it is highly concerning with regards to respiratory diseases such as COVID-19, influenza (flu) and Respiratory Syncytial Virus (RSV).

Why do I get recurring viruses? ›

Reactivation of a latent infection may be triggered by various stimuli, including changes in cell physiology, superinfection by another virus, and physical stress or trauma. Host immunosuppression is often associated with reactivation of a number of persistent virus infections.

How many infections is too many? ›

Recurrent infections are infections that are too great in number, too severe, or too long lasting. Recurrent infections are defined as two or more severe infections in one year, three or more respiratory infections (eg, sinusitis, otitis, bronchitis) in one year, or the need for antibiotics for two months/year.

Why is my immune system so weak? ›

Bad diet rich in saturated fats, sugar, and salt, smoking and drinking alcohol, too much or not enough physical exercise, bad hygiene (especially not washing your hands well), stress and lack of having fun and relaxation have a negative impact on our immune system.

Why am I constantly ill? ›

A lack of sleep, poor diet, anxiety, or stress can often cause a person to feel sick. These factors can make a person more susceptible to infection and illness. However, always feeling sick can also signify pregnancy or chronic illness. When sick, a person may experience stomach discomfort and vomiting.

Why is my immune system weak? ›

Also, infections like the flu virus, mono (mononucleosis), and measles can weaken the immune system for a brief time. Your immune system can also be weakened by smoking, alcohol, and poor nutrition.

How do I completely remove a virus from my phone? ›

How to remove a virus from an Android phone
  1. Clear your cache and downloads. Open Settings, go to Apps & notifications, and select Chrome. ...
  2. Restart your Android device in safe mode. ...
  3. Find and remove malicious apps. ...
  4. Activate Google Play Protect. ...
  5. Install anti-malware software.
Sep 30, 2022

How do I find hidden viruses on my iPhone? ›

How to check your iPhone for malware
  1. Look for unfamiliar apps. If you're anything like the average smartphone user, you've probably downloaded dozens (if not hundreds) of apps. ...
  2. Check your data usage. ...
  3. Check power consumption. ...
  4. Keep an eye on pop-up ads. ...
  5. Scan your phone using antivirus software.
Nov 6, 2022

Does resetting an iPhone remove viruses? ›

Does Factory Reset Remove Viruses from Your Phone? The short answer is “yes”! By returning the phone settings to factory model, the reset option automatically deletes viruses and any infected file or program on your device. It's an extreme option and works pretty much every time—except in some very rare cases.

Can Apple get rid of a virus? ›

If you're still having trouble or viruses on your iPhone, call Apple's support or set an appointment with a specialist. They have software that will do a hard scan on your device and remove malicious files that might have escaped your hard reset.

What are 3 three diseases that can be caused by a virus? ›

Viruses cause familiar infectious diseases such as the common cold, flu and warts. They also cause severe illnesses such as HIV/AIDS, Ebola, and COVID-19. Viruses are like hijackers.

What is the virus that almost everyone has? ›

Epstein Barr virus (EBV) is a herpesvirus in which over 90% of the population worldwide has been infected.

References

Top Articles
Latest Posts
Article information

Author: Rob Wisoky

Last Updated:

Views: 5679

Rating: 4.8 / 5 (68 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Rob Wisoky

Birthday: 1994-09-30

Address: 5789 Michel Vista, West Domenic, OR 80464-9452

Phone: +97313824072371

Job: Education Orchestrator

Hobby: Lockpicking, Crocheting, Baton twirling, Video gaming, Jogging, Whittling, Model building

Introduction: My name is Rob Wisoky, I am a smiling, helpful, encouraging, zealous, energetic, faithful, fantastic person who loves writing and wants to share my knowledge and understanding with you.