WiredWX Hobby Weather ToolsLog in

 


descriptionSolvedOTL Log Part 2a

more_horiz
Greetings ! On 6/5/10, my computer became infected with the Malware Defender program. I successfully removed it using Malwarebytes. I also installed PCTools Spyware doctor, which found and removed some stuff, but I am still having trouble with pop up windows and page re-directs in IE and Firefox. It is impossible to browse or search the web. I also cannot update Windows Defender or the Operating System using Windows Update Service, since whatever is causing the problems seems to also block the updates from being installed. The computer is running much slower than normal. Also, I now receive a warning "host processes has stopped working". Not sure if its' related.

The OTL and Extras logfiles cannot be posted at this time, due to length I assume. thanks for any help.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4170

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

6/5/2010 4:44:58 AM
mbam-log-2010-06-05 (04-44-58).txt

Scan type: Quick scan
Objects scanned: 146210
Time elapsed: 21 minute(s), 12 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 16
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
C:WindowsSystem32net.net (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:WindowsSystem32czurmyow.dll (Adware.EZlife) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOTcscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{db7bda21-c7ea-466d-bd42-501d8d420b0b} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{db7bda21-c7ea-466d-bd42-501d8d420b0b} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{db7bda21-c7ea-466d-bd42-501d8d420b0b} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{db7bda21-c7ea-466d-bd42-501d8d420b0b} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTcscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTAppID{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTAppID{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTadgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTadgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTadshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTadshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSoftwareAntimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallAntimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallnet (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunkequzooyjpnfivqnq (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:WindowsSystem32net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:WindowsSystem32czurmyow.dll (Adware.EZlife) -> Delete on reboot.
C:UsersctfrenchAppDataLocalTemp2288.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:UsersctfrenchAppDataLocalTempsomxrcwaen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:WindowsTemp3A2.tmp (Rootkit.Dropper) -> Delete on reboot.
C:UsersGuestDesktopAntimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:UsersGuestAppDataRoamingMicrosoftInternet ExplorerQuick LaunchAntimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:WindowsSystem32vkofkrifeytkdz.dll (Trojan.Agent) -> Delete on reboot.

Last edited by ultraspinacle on 9th June 2010, 7:03 am; edited 1 time in total

descriptionSolvedOTL Log thread of my scan

more_horiz
This is an extremely long OTL log. SOrry - will take a few tries. IT WILL NOT PASTE ANY REGISTRY KEYS CONTAINING THE WORDS WINDOWS UPDATE AS 1 WORD. These instances are highlighted in bold. Wow, someone please tell me what this means!?


OTL logfile created on: 6/6/2010 9:56:24 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:UsersctfrenchDownloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
Drive C: | 139.41 Gb Total Space | 68.95 Gb Free Space | 49.46% Space Free | Partition Type: NTFS
Drive D: | 9.64 Gb Total Space | 3.37 Gb Free Space | 34.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CTFRENCH-PC
Current User Name: ctfrench
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/06 21:55:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:UsersctfrenchDownloadsOTL.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:Program FilesSpyware DoctorpctsTray.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:Program FilesSpyware DoctorpctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:Program FilesSpyware DoctorpctsAuxs.exe
PRC - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:Program FilesSpyware DoctorTFEngineTFService.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:Program FilesSpyware DoctorBDTBDTUpdateService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:Windowsexplorer.exe
PRC - [2009/04/10 23:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32audiodg.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
PRC - [2008/12/01 17:37:32 | 000,331,776 | ---- | M] (EMC) -- C:Program FilesRetrospectRetrospect Clientretroclient.exe
PRC - [2008/12/01 17:36:40 | 000,061,440 | ---- | M] (EMC) -- C:Program FilesRetrospectRetrospect ClientRemotSvc.exe
PRC - [2008/02/10 22:12:30 | 000,032,768 | ---- | M] (Logitech) -- C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
PRC - [2008/01/18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:Program FilesWindows DefenderMSASCui.exe
PRC - [2008/01/18 23:33:12 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32iashost.exe
PRC - [2007/11/15 11:12:04 | 000,784,912 | ---- | M] (Logitech, Inc.) -- C:Program FilesLogitechSetPointSetPoint.exe
PRC - [2007/11/15 11:08:26 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.exe
PRC - [2007/10/05 11:10:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
PRC - [2007/08/16 12:03:58 | 000,016,656 | ---- | M] (Novell, Inc.) -- C:Program FilesNovellClientXTierServicesxtsvcmgr.exe
PRC - [2007/08/16 12:03:12 | 000,027,920 | ---- | M] () -- C:WindowsSystem32nwtray.exe
PRC - [2007/05/10 23:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:Program FilesAdobeAcrobat 8.0Acrobatacrotray.exe
PRC - [2007/04/11 11:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:Program FilesWinZipWZQKPICK.EXE
PRC - [2007/02/13 11:29:00 | 000,035,328 | ---- | M] () -- C:Program FilesWinampwinampa.exe
PRC - [2007/01/14 03:25:16 | 000,520,192 | ---- | M] () -- C:WindowsSamsungPanelMgrSSMMgr.exe
PRC - [2006/10/09 21:43:44 | 000,729,088 | ---- | M] (Motorola Inc.) -- C:Program FilesMotorolaSMSERIALsm56hlpr.exe
PRC - [2006/09/29 13:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
PRC - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:Program FilesIntelIntel Matrix Storage ManagerIAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2010/06/06 21:55:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:UsersctfrenchDownloadsOTL.exe
MOD - [2010/02/02 09:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:Program FilesSpyware DoctorTFEngineTFWAH.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:Program FilesSpyware DoctorPCTGMhk.dll
MOD - [2009/04/10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:Windowswinsxsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0comctl32.dll
MOD - [2009/03/29 21:42:18 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:Windowswinsxsx86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4msvcr80.dll
MOD - [2009/03/29 21:42:18 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:Windowswinsxsx86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4msvcp80.dll
MOD - [2008/02/10 22:12:30 | 000,024,613 | ---- | M] (BackWeb) -- C:UsersctfrenchAppDataLocalTempIadHide5.dll
MOD - [2008/01/18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32msscript.ocx
MOD - [2007/11/15 11:10:38 | 000,062,480 | ---- | M] (Logitech, Inc.) -- C:Program FilesLogitechSetPointlgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:Program FilesSpyware DoctorpctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:Program FilesSpyware DoctorpctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:Program FilesSpyware DoctorTFEngineTFService.exe -- (ThreatFire)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:Program FilesSpyware DoctorBDTBDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/17 19:35:19 | 000,151,552 | ---- | M] (EMC Corporation) [Auto | Stopped] -- C:Program FilesRetrospectRetrospect Clientrthlpsvc.exe -- (Retrospect Helper)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/01 17:36:40 | 000,061,440 | ---- | M] (EMC) [Auto | Running] -- C:Program FilesRetrospectRetrospect ClientRemotSvc.exe -- (Retrospect Client)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)
SRV - [2007/11/15 11:09:42 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesLogitechBluetoothLBTServ.exe -- (LBTServ)
SRV - [2007/10/05 11:10:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/16 12:03:58 | 000,016,656 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:Program FilesNovellClientXTierServicesxtsvcmgr.exe -- (XTSvcMgr)
SRV - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:Program FilesIntelIntel Matrix Storage ManagerIAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:WindowsSystem32driverspctplsg.sys -- (pctplsg)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:Windowssystem32driversPCTCore.sys -- (PCTCore)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:WindowsSystem32driverspctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 09:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:Windowssystem32driversTfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 09:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:Windowssystem32driversTfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 09:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversTfNetMon.sys -- (TfNetMon)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversNETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversyk60x86.sys -- (yukonwlh)
DRV - [2007/10/31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversNETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/21 04:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversLUsbFilt.sys -- (LUsbFilt)
DRV - [2007/09/21 04:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversLMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 04:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversLHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/16 12:02:38 | 000,026,640 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:Program FilesNovellClientXTierDriversnicm.sys -- (NICM)
DRV - [2007/08/16 12:01:22 | 000,041,488 | ---- | M] () [Kernel | Auto | Running] -- C:Program FilesNovellClientXTierDriversncioctl.sys -- (NCIOCTL)
DRV - [2007/08/16 12:01:14 | 000,080,400 | ---- | M] () [File_System | Auto | Running] -- C:Program FilesNovellClientXTierDriversncfsd.sys -- (NCFSD)
DRV - [2007/01/04 21:28:02 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:WindowsSystem32driversSSPORT.SYS -- (SSPORT)
DRV - [2007/01/04 21:28:00 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:WindowsSystem32driversDGIVECP.SYS -- (DgiVecp)
DRV - [2006/12/19 17:35:34 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversSynTP.sys -- (SynTP)
DRV - [2006/12/12 14:49:56 | 001,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversigdkmd32.sys -- (igfx)
DRV - [2006/12/12 14:49:56 | 001,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversigdkmd32.sys -- (ialm)
DRV - [2006/11/07 19:14:08 | 000,812,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversstwrt.sys -- (STHDA)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversadp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverselxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversadpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversuliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversiastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversadpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversvsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversadpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversnvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversnfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversiirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverssisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversnvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversdjsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversarcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverslsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverssisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:Windowssystem32drivershpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversarc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversiteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversiteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverslsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverssymc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverslsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverssym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversmraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverssym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversmegasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversviaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverscmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversaliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversbrserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:Windowssystem32driversbrusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:Windowssystem32driversbrfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:Windowssystem32driversbrfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversbrserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversbrusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:36:49 | 000,108,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2006/11/02 00:30:56 | 002,589,184 | ---- | M] (Intel®️ Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversNETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 00:30:54 | 001,781,760 | ---- | M] (Intel®️ Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversNETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversE1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversbcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/09 21:47:58 | 000,981,504 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driverssmserial.sys -- (smserial)
DRV - [2006/09/29 12:59:58 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:Windowssystem32DRIVERSiaStor.sys -- (iaStor)
DRV - [2006/07/05 22:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:WindowsSystem32driverstifm21.sys -- (tifm21)
DRV - [2006/05/25 01:53:06 | 000,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:WindowsSystem32driversLBeepKE.sys -- (LBeepKE)
DRV - [2006/05/10 10:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversLHidKE.Sys -- (LHidKe)
DRV - [2006/05/10 10:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversLMOUKE.sys -- (LMouKE)
DRV - [2006/05/10 10:56:08 | 000,013,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversL8042Kbd.sys -- (L8042Kbd)
DRV - [2004/04/13 11:54:58 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversPalmUSBD.sys -- (PalmUSBD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6821

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://news.google.com/
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,StartPageCache = 1
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.google.com/"
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.ucla.edu/cgi/proxy"
FF - prefs.js..network.proxy.type: 2

FF - HKLMsoftwaremozillaMozilla Firefox 3.5.3extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2009/09/18 20:17:55 | 000,000,000 | ---D | M]
FF - HKLMsoftwaremozillaMozilla Firefox 3.5.3extensionsPlugins: C:Program FilesMozilla Firefoxplugins [2010/06/06 21:53:47 | 000,000,000 | ---D | M]

[2008/08/26 14:29:56 | 000,000,000 | ---D | M] -- C:UsersctfrenchAppDataRoamingMozillaExtensions
[2010/06/06 21:28:22 | 000,000,000 | ---D | M] -- C:UsersctfrenchAppDataRoamingMozillaFirefoxProfilesanlebn2n.defaultextensions
[2010/06/05 17:17:29 | 000,000,000 | ---D | M] (IE Tab) -- C:UsersctfrenchAppDataRoamingMozillaFirefoxProfilesanlebn2n.defaultextensions{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/06/23 13:58:32 | 000,001,712 | ---- | M] () -- C:UsersctfrenchAppDataRoamingMozillaFirefoxProfilesanlebn2n.defaultsearchpluginsaskcom.xml
[2008/05/27 09:09:00 | 000,001,340 | ---- | M] () -- C:UsersctfrenchAppDataRoamingMozillaFirefoxProfilesanlebn2n.defaultsearchpluginsbbc-news.xml
[2008/06/23 13:58:32 | 000,000,681 | ---- | M] () -- C:UsersctfrenchAppDataRoamingMozillaFirefoxProfilesanlebn2n.defaultsearchpluginswebster.xml
[2008/06/23 13:58:32 | 000,001,108 | ---- | M] () -- C:UsersctfrenchAppDataRoamingMozillaFirefoxProfilesanlebn2n.defaultsearchpluginswikipedia-en.xml
[2010/06/06 21:53:52 | 000,000,000 | ---D | M] -- C:Program FilesMozilla Firefoxextensions
[2010/06/06 21:53:52 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/06 21:53:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:Program FilesMozilla FirefoxpluginsnpdeployJava1.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:WindowsSystem32driversetchosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:Program FilesSpyware DoctorBDTPCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll (Microsoft Corporation)
O3 - HKLM..Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll (Microsoft Corporation)
O3 - HKLM..Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:Program FilesSpyware DoctorBDTPCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM..Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU..ToolbarWebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll (Microsoft Corporation)
O3 - HKCU..ToolbarWebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..Run: [Acrobat Assistant 8.0] C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe (Adobe Systems Inc.)
O4 - HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe (Intel Corporation)
O4 - HKLM..Run: [ISTray] C:Program FilesSpyware DoctorpctsTray.exe (PC Tools)
O4 - HKLM..Run: [Kernel and Hardware Abstraction Layer] C:WindowsKHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..Run: [NWTRAY] C:WindowsSystem32nwtray.exe ()
O4 - HKLM..Run: [Samsung PanelMgr] C:WindowsSamsungPanelMgrSSMMgr.exe ()
O4 - HKLM..Run: [SMSERIAL] C:Program FilesMotorolaSMSERIALsm56hlpr.exe (Motorola Inc.)
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe ()
O4 - HKLM..Run: [Windows Defender] C:Program FilesWindows DefenderMSASCui.exe (Microsoft Corporation)
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe (Logitech)
O4 - Startup: C:UsersctfrenchAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAdobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:UsersctfrenchAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:UsersctfrenchAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupWindows Calendar.lnk = C:Program FilesWindows CalendarWinCal.exe (Microsoft Corporation)
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0
O8 - Extra context menu item: Append to existing PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:Program FilesMicrosoft OfficeOffice12EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:Program FilesMicrosoft OfficeOffice12REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries�00000000001 - C:Program FilesCommon FilesPC ToolsLspPCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9Catalog_Entries�00000000002 - C:Program FilesCommon FilesPC ToolsLspPCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9Catalog_Entries�00000000003 - C:Program FilesCommon FilesPC ToolsLspPCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9Catalog_Entries�00000000028 - C:Program FilesCommon FilesPC ToolsLspPCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - ProtocolHandlerbw+0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw+0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw-0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw00 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw00s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw-0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw10 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw10s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw20 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw20s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw30 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw30s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw40 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw40s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw50 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw50s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw60 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw60s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw70 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw70s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw80 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw80s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw90 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbw90s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwa0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwa0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwb0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwb0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwc0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwc0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwd0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwd0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwe0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwe0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwf0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwf0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwg0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwg0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwh0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwh0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwi0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwi0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwj0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwj0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwk0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwk0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwl0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwl0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwm0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwm0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwn0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwn0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwo0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwo0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwp0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwp0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwq0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwq0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwr0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwr0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbws0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbws0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwt0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwt0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwu0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwu0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwv0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwv0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbww0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbww0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwx0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwx0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwy0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwy0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwz0 {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerbwz0s {66f97010-acca-497a-82d1-c724903ae4a3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlergrooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll (Microsoft Corporation)
O18 - ProtocolHandlerms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:Program FilesCommon Filesmicrosoft sharedHelphxds.dll (Microsoft Corporation)
O18 - ProtocolHandlerncbi8 {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:Program FilesInvitrogenVector NTI Advance 11Ncbi.dll (Informax Inc.)
O18 - ProtocolHandleroffline-8876480 {66F97010-ACCA-497A-82D1-C724903AE4A3} - C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - ProtocolHandlerwlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:Program FilesWindows LiveMailmailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)
O20 - WinlogonNotifyigfxcui: DllName - igfxdev.dll - C:WindowsSystem32igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (ncv1_0) - C:WindowsSystem32ncv1_0.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:autorun.inf -- [ NTFS ]
O33 - MountPoints2{7b6f79d2-2b6f-11de-b12e-00e0b8c2bdc3}Shell - "" = AutoRun
O33 - MountPoints2{7b6f79d2-2b6f-11de-b12e-00e0b8c2bdc3}ShellAutoRuncommand - "" = H:LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37 - HKLM...com [@ = comfile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:WindowsSystem32ias [2009/09/15 03:43:33 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:WindowsSystem32wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 0
MsConfig - State: "services" - 0
MsConfig - State: "bootini" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%Windows MailWinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {842BADB7-52ED-3A83-143B-44BC7D8BB184} - Microsoft Windows Media Player
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:Windowssystem32ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:Windowssystem32Rundll32.exe C:Windowssystem32mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{03F5D01C-F7DB-4F1A-9389-BF06ECDE5D44} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:Windowssystem32unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:Windowssystem32ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.clmp3enc - C:Program FilesCyberLinkPower2GoCLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:WindowsSystem32l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:WindowsSystem32iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/06/06 21:54:13 | 000,000,000 | ---D | C] -- C:ProgramDataSun
[2010/06/06 21:53:47 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:WindowsSystem32deployJava1.dll
[2010/06/06 21:53:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:WindowsSystem32javaws.exe
[2010/06/06 21:53:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WindowsSystem32javaw.exe
[2010/06/06 21:53:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WindowsSystem32java.exe
[2010/06/06 16:20:56 | 000,059,664 | --S- | C] (PC Tools) -- C:WindowsSystem32driversTfSysMon.sys
[2010/06/06 16:20:56 | 000,051,984 | --S- | C] (PC Tools) -- C:WindowsSystem32driversTfFsMon.sys
[2010/06/06 16:20:56 | 000,033,552 | --S- | C] (PC Tools) -- C:WindowsSystem32driversTfNetMon.sys
[2010/06/06 16:06:13 | 000,149,456 | ---- | C] (PC Tools) -- C:WindowsSGDetectionTool.dll
[2010/06/06 16:06:12 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:WindowsPCTBDCore.dll
[2010/06/06 16:06:12 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:WindowsPCTBDRes.dll
[2010/06/06 16:03:55 | 000,233,136 | ---- | C] (PC Tools) -- C:WindowsSystem32driverspctgntdi.sys
[2010/06/06 16:03:55 | 000,100,136 | ---- | C] (PC Tools) -- C:WindowsSystem32driverspctwfpfilter.sys
[2010/06/06 16:03:50 | 000,218,592 | ---- | C] (PC Tools) -- C:WindowsSystem32driversPCTCore.sys
[2010/06/06 16:03:50 | 000,088,040 | ---- | C] (PC Tools) -- C:WindowsSystem32driversPCTAppEvent.sys
[2010/06/06 16:03:39 | 000,063,360 | ---- | C] (PC Tools) -- C:WindowsSystem32driverspctplsg.sys
[2010/06/06 16:03:33 | 000,000,000 | ---D | C] -- C:Program FilesSpyware Doctor
[2010/06/06 16:03:33 | 000,000,000 | ---D | C] -- C:UsersctfrenchAppDataRoamingPC Tools
[2010/06/06 16:03:33 | 000,000,000 | ---D | C] -- C:ProgramDataPC Tools
[2010/06/06 16:03:33 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesPC Tools
[2010/06/06 16:02:51 | 036,599,360 | ---- | C] (PC Tools ) -- C:UsersctfrenchDesktopsdasetup.exe
[2010/06/05 20:30:31 | 000,000,000 | ---D | C] -- C:WindowsSystem32DRVSTORE
[2010/06/05 20:30:23 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:WindowsSystem32driversSBREDrv.sys
[2010/06/05 20:22:40 | 000,000,000 | ---D | C] -- C:ProgramDataLavasoft
[2010/06/05 20:22:40 | 000,000,000 | ---D | C] -- C:Program FilesLavasoft
[2010/06/05 17:49:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSystem32driversmbamswissarmy.sys
[2010/06/05 17:49:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSystem32driversmbam.sys
[2010/06/05 04:20:49 | 000,000,000 | ---D | C] -- C:UsersctfrenchAppDataRoamingMalwarebytes
[2010/06/05 04:20:34 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes
[2010/06/05 04:20:33 | 000,000,000 | ---D | C] -- C:Program FilesMalwarebytes' Anti-Malware
[2010/06/05 03:19:10 | 000,000,000 | ---D | C] -- C:UsersctfrenchAppDataLocalThreat Expert
[2010/06/05 03:10:39 | 000,000,000 | ---D | C] -- C:ProgramDataTEMP
[2010/06/02 23:05:34 | 000,000,000 | ---D | C] -- C:UsersctfrenchAppDataRoamingmIRC
[2010/06/02 23:05:34 | 000,000,000 | ---D | C] -- C:Program FilesmIRC
[2010/05/18 17:25:36 | 000,000,000 | ---D | C] -- C:UsersctfrenchDocumentsOutlines of manuscripts
[1 C:WindowsSystem32*.tmp files -> C:WindowsSystem32*.tmp -> ]
[1 C:Windows*.tmp files -> C:Windows*.tmp -> ]

descriptionSolvedOTL Log Part 2a

more_horiz
OTL run 1 part 2 This is an extremely long OTL log. SOrry - will take a few tries. IT WILL NOT PASTE ANY REGISTRY KEYS CONTAINING THE WORDS WINDOWS UPDATE AS 1 WORD. These instances are highlighted in bold below in part 4. Wow, someone please tell me what this means!?

========== Files Created - No Company Name ==========

[2010/06/06 16:18:36 | 000,024,918 | ---- | C] () -- C:UsersctfrenchDesktopPCTools AntiVirus.pdf
[2010/06/06 16:06:13 | 000,767,952 | ---- | C] () -- C:WindowsBDTSupport.dll
[2010/06/06 16:06:13 | 000,000,882 | ---- | C] () -- C:WindowsRegSDImport.xml
[2010/06/06 16:06:13 | 000,000,879 | ---- | C] () -- C:WindowsRegISSImport.xml
[2010/06/06 16:06:13 | 000,000,131 | ---- | C] () -- C:WindowsIDB.zip
[2010/06/06 16:06:12 | 001,152,444 | ---- | C] () -- C:WindowsUDB.zip
[2010/06/06 16:03:55 | 000,007,387 | ---- | C] () -- C:WindowsSystem32driverspctgntdi.cat
[2010/06/06 16:03:50 | 000,007,412 | ---- | C] () -- C:WindowsSystem32driversPCTAppEvent.cat
[2010/06/06 16:03:50 | 000,007,383 | ---- | C] () -- C:WindowsSystem32driverspctcore.cat
[2010/06/06 16:03:42 | 000,001,759 | ---- | C] () -- C:UsersPublicDesktopSpyware Doctor.lnk
[2010/06/06 16:03:39 | 000,007,383 | ---- | C] () -- C:WindowsSystem32driverspctplsg.cat
[2010/06/05 21:06:33 | 000,000,370 | ---- | C] () -- C:WindowstasksAd-Aware Update (Weekly).job
[2010/06/05 17:49:26 | 000,000,818 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes' Anti-Malware.lnk
[2010/06/04 13:30:06 | 000,032,768 | ---- | C] () -- C:UsersctfrenchDesktopProgram Evaluation Form 2010.doc
[2010/06/04 13:26:11 | 000,027,136 | ---- | C] () -- C:UsersctfrenchDocumentsFRENCH Missed Seminar2 6.4.10.doc
[2010/06/04 13:14:28 | 000,027,648 | ---- | C] () -- C:UsersctfrenchDocumentsFRENCH Seminar writeup1 6.4.10.doc
[2010/06/04 01:09:09 | 000,015,352 | ---- | C] () -- C:UsersctfrenchDesktopProgram Evaluation Form.docx
[2010/06/03 00:57:21 | 000,034,304 | ---- | C] () -- C:UsersctfrenchDocumentsbad bad to chad.doc
[2010/06/02 23:05:34 | 000,000,748 | ---- | C] () -- C:UsersPublicDesktopmIRC.lnk
[2010/06/02 21:54:01 | 000,030,208 | ---- | C] () -- C:UsersctfrenchDocumentsbad bad.doc
[2010/05/21 12:38:05 | 001,076,012 | ---- | C] () -- C:UsersctfrenchDocumentsdual control of caveolar membrane traffic by microtubules and actin JCELLSCI 02.pdf
[2010/05/21 12:11:58 | 000,063,518 | ---- | C] () -- C:UsersctfrenchDocumentsFrench MHQ 2010.pdf
[2010/05/18 23:44:29 | 000,135,317 | ---- | C] () -- C:UsersctfrenchDocumentssigma plant culture medium murashige skoog hoagland.pdf
[2010/05/18 19:29:31 | 000,000,497 | ---- | C] () -- C:UsersctfrenchDocumentsRT PCR 5.18.10 High Stringency.pcr
[2010/05/18 18:35:22 | 000,000,487 | ---- | C] () -- C:UsersctfrenchDocumentsRT PCR 5.18.10 Med Stringency.pcr
[2010/05/18 18:10:53 | 000,000,497 | ---- | C] () -- C:UsersctfrenchDocumentsRT PCR 5.18.10.pcr
[2010/05/18 18:04:34 | 000,000,488 | ---- | C] () -- C:UsersctfrenchDocumentsStandard.pcr
[2010/05/18 15:35:27 | 000,024,064 | ---- | C] () -- C:UsersctfrenchDesktopFrench Request Funds.doc
[2010/05/18 00:43:15 | 000,040,960 | ---- | C] () -- C:UsersctfrenchDocumentsBepD C-His clones.xls
[2010/05/17 13:43:46 | 000,464,807 | ---- | C] () -- C:UsersctfrenchDesktopFrench TERMINATION.pdf
[2010/05/17 13:39:59 | 000,004,236 | ---- | C] () -- C:UsersctfrenchDocumentsSignature.gif
[2010/05/17 13:39:35 | 000,053,984 | ---- | C] () -- C:UsersctfrenchDocumentsSignature.tif
[2010/05/17 13:11:47 | 000,029,696 | ---- | C] () -- C:UsersctfrenchDesktopAnnual Report Form.doc
[2010/05/17 13:10:53 | 000,496,850 | ---- | C] () -- C:UsersctfrenchDesktopFrench.pdf
[2010/05/13 01:48:25 | 000,002,073 | ---- | C] () -- C:UsersPublicDesktopGoogle Earth.lnk
[2010/05/12 23:59:06 | 000,257,603 | ---- | C] () -- C:UsersctfrenchDocumentsPassportApplicationComplete.pdf
[2010/05/12 23:21:28 | 000,075,264 | ---- | C] () -- C:UsersctfrenchDesktopW.Wong.CV.2010 (1).doc
[2010/05/12 20:11:55 | 000,158,582 | ---- | C] () -- C:UsersctfrenchDocumentsWendy Wong Recommendation.doc
[2010/05/12 00:49:25 | 000,075,264 | ---- | C] () -- C:UsersctfrenchDesktopW.Wong.CV.2010.doc
[2010/01/28 19:15:41 | 000,053,248 | ---- | C] () -- C:WindowsSystem32oemdspif.dll
[2009/12/14 14:53:41 | 000,000,108 | ---- | C] () -- C:WindowsVSWizard.ini
[2009/09/15 14:01:03 | 000,117,248 | ---- | C] () -- C:WindowsSystem32EhStorAuthn.dll
[2009/02/17 23:45:49 | 000,000,685 | ---- | C] () -- C:Windowswinmdi.ini
[2009/01/15 14:26:05 | 000,000,000 | ---- | C] () -- C:WindowsSxmW32.INI
[2008/12/20 20:49:18 | 000,022,723 | ---- | C] () -- C:WindowsSystem32sugo3l3.dll
[2008/12/15 16:48:08 | 000,000,029 | ---- | C] () -- C:WindowsVnti40.ini
[2008/12/01 17:34:20 | 000,065,536 | ---- | C] () -- C:WindowsSystem32shlwimp.dll
[2008/08/08 11:12:48 | 000,001,025 | ---- | C] () -- C:WindowsSystem32n85xp87.dll
[2008/08/08 11:12:48 | 000,001,025 | ---- | C] () -- C:WindowsSystem32grcauth2.dll
[2008/08/08 11:12:48 | 000,001,025 | ---- | C] () -- C:WindowsSystem32grcauth1.dll
[2008/08/08 11:12:48 | 000,000,341 | ---- | C] () -- C:WindowsSystem32f8puw1d.dll
[2008/08/08 11:12:48 | 000,000,100 | ---- | C] () -- C:WindowsSystem32prsgrc.dll
[2008/08/08 11:12:47 | 000,001,025 | ---- | C] () -- C:WindowsSystem32clauth2.dll
[2008/08/08 11:12:47 | 000,001,025 | ---- | C] () -- C:WindowsSystem32clauth1.dll
[2008/08/08 11:12:47 | 000,000,072 | ---- | C] () -- C:WindowsSystem32ssprs.dll
[2008/08/08 11:12:47 | 000,000,016 | -H-- | C] () -- C:WindowsSystem32gtgam4a.dll
[2008/06/18 14:51:06 | 000,147,456 | ---- | C] () -- C:WindowsSystem32igfxCoIn_v1504.dll
[2008/01/04 05:22:16 | 000,245,760 | R--- | C] () -- C:WindowsSystem32setupsup.dll
[2007/08/20 13:42:49 | 000,000,065 | ---- | C] () -- C:WindowsCtlSwtch.ini
[2007/08/16 12:03:10 | 000,234,768 | ---- | C] () -- C:WindowsSystem32nwshlxnt.dll
[2007/08/16 12:02:52 | 000,279,824 | ---- | C] () -- C:WindowsSystem32noveap.dll
[2007/08/16 12:02:10 | 000,024,336 | ---- | C] () -- C:WindowsSystem32ncv1_0.dll
[2007/08/16 12:01:40 | 000,902,416 | ---- | C] () -- C:WindowsSystem32ncnetprovider.dll
[2007/08/16 12:01:36 | 000,492,816 | ---- | C] () -- C:WindowsSystem32ncloginui.dll
[2007/08/16 12:01:32 | 000,111,888 | ---- | C] () -- C:WindowsSystem32nclangid.dll
[2007/08/16 12:01:10 | 000,181,520 | ---- | C] () -- C:WindowsSystem32nccredprovider.dll
[2007/08/16 12:01:02 | 000,013,072 | ---- | C] () -- C:WindowsSystem32nccredlogonext.dll
[2007/08/16 12:00:56 | 000,165,136 | ---- | C] () -- C:WindowsSystem32mapbase.dll
[2007/08/16 12:00:36 | 000,189,712 | ---- | C] () -- C:WindowsSystem32lgnwnt32.dll
[2007/08/09 13:17:59 | 000,032,768 | ---- | C] () -- C:Windowsunvise32.dll
[2007/05/23 12:37:19 | 000,210,944 | ---- | C] () -- C:WindowsSystem32Msvcrt10.dll
[2007/04/11 03:55:10 | 000,000,376 | ---- | C] () -- C:WindowsODBC.INI
[2007/01/02 05:44:45 | 001,060,424 | ---- | C] () -- C:WindowsSystem32WdfCoInstaller01000.dll
[2007/01/02 05:39:25 | 000,204,800 | ---- | C] () -- C:WindowsSystem32igfxCoIn_v1147.dll
[2007/01/02 05:39:22 | 000,077,824 | ---- | C] () -- C:WindowsSystem32hccutils.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:WindowsSystem32sysprepMCE.dll
[2006/11/02 03:25:21 | 000,061,440 | ---- | C] () -- C:WindowsSystem32igfxTMM.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:WindowsSystem32pacerprf.ini
[1996/03/21 23:32:26 | 000,162,304 | ---- | C] () -- C:WindowsSystem32DLWBC31.DLL

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >
[2009/04/10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:WindowsSystem32rsaenh.dll
[2009/04/10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:WindowsSystem32SLC.dll
[2009/03/08 04:33:04 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:WindowsSystem32vbscript.dll
[1 C:Windowssystem32*.tmp files -> C:Windowssystem32*.tmp -> ]

< %systemroot%system32*.exe /lockedfiles >
[1 C:Windowssystem32*.tmp files -> C:Windowssystem32*.tmp -> ]

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:WindowsSystem32configCOMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:WindowsSystem32configDEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:WindowsSystem32configSECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:WindowsSystem32configSOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:WindowsSystem32configSYSTEM.SAV

< %systemroot%system32*.sys >
[2006/11/02 00:09:42 | 000,009,029 | ---- | M] () -- C:WindowsSystem32ANSI.SYS
[2009/04/10 23:32:48 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32clfs.sys
[2006/11/02 00:09:45 | 000,027,097 | ---- | M] () -- C:WindowsSystem32country.sys
[2006/11/02 00:09:41 | 000,004,768 | ---- | M] () -- C:WindowsSystem32HIMEM.SYS
[2006/11/02 00:09:44 | 000,042,809 | ---- | M] () -- C:WindowsSystem32KEY01.SYS
[2006/11/02 00:09:44 | 000,042,537 | ---- | M] () -- C:WindowsSystem32KEYBOARD.SYS
[2006/11/02 00:09:29 | 000,027,866 | ---- | M] () -- C:WindowsSystem32NTDOS.SYS
[2006/11/02 00:09:35 | 000,029,146 | ---- | M] () -- C:WindowsSystem32NTDOS404.SYS
[2006/11/02 00:09:38 | 000,029,370 | ---- | M] () -- C:WindowsSystem32NTDOS411.SYS
[2006/11/02 00:09:40 | 000,029,274 | ---- | M] () -- C:WindowsSystem32NTDOS412.SYS
[2006/11/02 00:09:31 | 000,029,146 | ---- | M] () -- C:WindowsSystem32NTDOS804.SYS
[2006/11/02 00:09:20 | 000,033,952 | ---- | M] () -- C:WindowsSystem32NTIO.SYS
[2006/11/02 00:09:23 | 000,034,672 | ---- | M] () -- C:WindowsSystem32NTIO404.SYS
[2006/11/02 00:09:24 | 000,035,776 | ---- | M] () -- C:WindowsSystem32NTIO411.SYS
[2006/11/02 00:09:26 | 000,035,536 | ---- | M] () -- C:WindowsSystem32NTIO412.SYS
[2006/11/02 00:09:22 | 000,034,672 | ---- | M] () -- C:WindowsSystem32NTIO804.SYS
[2009/08/14 06:27:17 | 002,036,736 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32win32k.sys
[1 C:Windowssystem32*.tmp files -> C:Windowssystem32*.tmp -> ]

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2010/06/05 21:05:06 | 000,000,444 | ---- | M] () -- C:aaw7boot.log
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:bootmgr
[2006/06/11 17:36:06 | 000,008,192 | R-S- | M] () -- C:BOOTSECT.BAK
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:config.sys
[2007/05/29 15:08:14 | 000,000,000 | RHS- | M] () -- C:IO.SYS
[2007/05/29 15:08:14 | 000,000,000 | RHS- | M] () -- C:MSDOS.SYS
[2010/06/06 21:40:34 | 2450,989,056 | -HS- | M] () -- C:pagefile.sys
[2007/01/02 05:14:30 | 000,000,163 | ---- | M] () -- C:power2go.log
[2009/07/15 00:14:24 | 000,000,283 | ---- | M] () -- C:Recovery (D) - Shortcut.lnk
[2007/09/25 20:50:04 | 000,000,146 | ---- | M] () -- C:YServer.txt

< %PROGRAMFILES%*. >
[2007/10/05 11:04:36 | 000,000,000 | ---D | M] -- C:Program FilesAdobe
[2009/06/06 02:45:37 | 000,000,000 | ---D | M] -- C:Program FilesApple Software Update
[2007/11/17 08:31:18 | 000,000,000 | ---D | M] -- C:Program FilesCanon
[2010/06/06 16:03:33 | 000,000,000 | ---D | M] -- C:Program FilesCommon Files
[2007/01/02 05:14:22 | 000,000,000 | ---D | M] -- C:Program FilesCyberLink
[2009/05/06 23:17:57 | 000,000,000 | ---D | M] -- C:Program FilesEndNote X1
[2008/04/20 16:21:14 | 000,000,000 | ---D | M] -- C:Program Filesepson
[2009/09/15 16:07:07 | 000,000,000 | ---D | M] -- C:Program FilesGateway Games
[2010/05/13 01:48:06 | 000,000,000 | ---D | M] -- C:Program FilesGoogle
[2010/03/24 03:30:38 | 000,000,000 | ---D | M] -- C:Program FilesInformax Installations
[2009/12/17 01:52:12 | 000,000,000 | -H-D | M] -- C:Program FilesInstallShield Installation Information
[2007/01/02 05:02:58 | 000,000,000 | ---D | M] -- C:Program FilesIntel
[2010/03/26 23:30:56 | 000,000,000 | ---D | M] -- C:Program FilesInternet Explorer
[2010/03/24 03:30:58 | 000,000,000 | ---D | M] -- C:Program FilesInvitrogen
[2009/08/01 20:18:06 | 000,000,000 | ---D | M] -- C:Program FilesIpswitch
[2010/06/06 21:53:23 | 000,000,000 | ---D | M] -- C:Program FilesJava
[2010/06/05 21:20:19 | 000,000,000 | ---D | M] -- C:Program FilesLavasoft
[2007/08/20 13:40:19 | 000,000,000 | ---D | M] -- C:Program FilesLCS Lite
[2007/08/20 13:42:45 | 000,000,000 | ---D | M] -- C:Program FilesLeica
[2008/02/10 22:12:17 | 000,000,000 | ---D | M] -- C:Program FilesLogitech
[2010/06/05 17:49:26 | 000,000,000 | ---D | M] -- C:Program FilesMalwarebytes' Anti-Malware
[2009/04/01 00:03:21 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft
[2007/04/11 03:53:24 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft ActiveSync
[2007/01/02 05:15:42 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Digital Image 2006
[2009/08/01 19:43:49 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft FrontPage
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Games
[2009/08/01 19:51:50 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Image Composer
[2007/01/02 05:17:35 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Money 2006
[2009/08/01 19:43:11 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Office
[2010/06/06 00:23:11 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Silverlight
[2009/04/01 00:01:35 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft SQL Server Compact Edition
[2009/04/01 00:02:26 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Sync Framework
[2007/11/29 08:32:42 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Visual Studio
[2007/11/29 08:29:57 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Visual Studio 8
[2010/06/05 13:29:27 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Works
[2007/01/02 05:12:35 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft.NET
[2010/06/04 23:57:25 | 000,000,000 | ---D | M] -- C:Program FilesmIRC
[2007/01/02 05:07:39 | 000,000,000 | ---D | M] -- C:Program FilesMotorola
[2010/03/26 23:30:55 | 000,000,000 | ---D | M] -- C:Program FilesMovie Maker
[2010/06/06 21:44:44 | 000,000,000 | ---D | M] -- C:Program FilesMozilla Firefox
[2007/11/29 08:33:30 | 000,000,000 | ---D | M] -- C:Program FilesMSBuild
[2007/01/02 05:09:05 | 000,000,000 | ---D | M] -- C:Program FilesMSN Encarta Plus
[2007/04/10 21:22:44 | 000,000,000 | ---D | M] -- C:Program FilesMSXML 4.0
[2008/05/12 15:19:48 | 000,000,000 | ---D | M] -- C:Program FilesNovell
[2010/06/06 15:53:53 | 000,000,000 | ---D | M] -- C:Program FilespalmOne
[2009/06/06 02:47:06 | 000,000,000 | ---D | M] -- C:Program FilesQuickTime
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:Program FilesReference Assemblies
[2010/04/27 14:51:06 | 000,000,000 | ---D | M] -- C:Program FilesRetrospect
[2008/12/20 20:42:44 | 000,000,000 | ---D | M] -- C:Program FilesSamsung
[2006/06/11 17:01:18 | 000,000,000 | ---D | M] -- C:Program FilesSIFXINST
[2008/08/08 11:13:18 | 000,000,000 | ---D | M] -- C:Program FilesSigmaPlot
[2007/01/02 05:06:14 | 000,000,000 | ---D | M] -- C:Program FilesSigmaTel
[2009/02/21 21:49:12 | 000,000,000 | ---D | M] -- C:Program FilesSkyscape
[2010/06/06 22:05:34 | 000,000,000 | ---D | M] -- C:Program FilesSpyware Doctor
[2007/01/02 05:00:18 | 000,000,000 | ---D | M] -- C:Program FilesSynaptics
[2009/12/15 02:12:21 | 000,000,000 | ---D | M] -- C:Program FilesSystemRequirementsLab
[2007/07/15 04:41:42 | 000,000,000 | ---D | M] -- C:Program FilesUCLA STC
[2006/11/02 06:01:55 | 000,000,000 | -H-D | M] -- C:Program FilesUninstall Information
[2008/12/15 16:52:41 | 000,000,000 | ---D | M] -- C:Program FilesVector NTI 10 Distributive
[2010/03/24 03:06:48 | 000,000,000 | ---D | M] -- C:Program FilesVector NTI Advance
[2009/12/14 21:16:21 | 000,000,000 | ---D | M] -- C:Program FilesViewSonic
[2007/04/21 23:05:46 | 000,000,000 | ---D | M] -- C:Program FilesWinamp
[2009/09/15 14:21:56 | 000,000,000 | ---D | M] -- C:Program FilesWindows Calendar
[2009/09/15 14:21:55 | 000,000,000 | ---D | M] -- C:Program FilesWindows Defender
[2009/04/01 00:03:12 | 000,000,000 | ---D | M] -- C:Program FilesWindows Live
[2010/06/06 15:54:07 | 000,000,000 | ---D | M] -- C:Program FilesWindows Live Safety Center
[2009/04/01 00:00:37 | 000,000,000 | ---D | M] -- C:Program FilesWindows Live SkyDrive
[2010/03/26 23:30:55 | 000,000,000 | ---D | M] -- C:Program FilesWindows Mail
[2010/03/30 19:50:52 | 000,000,000 | ---D | M] -- C:Program FilesWindows Media Player
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:Program FilesWindows NT
[2009/09/15 14:21:55 | 000,000,000 | ---D | M] -- C:Program FilesWindows Photo Gallery
[2009/09/15 14:21:56 | 000,000,000 | ---D | M] -- C:Program FilesWindows Sidebar
[2009/02/17 23:44:29 | 000,000,000 | ---D | M] -- C:Program FilesWinMDI2.9
[2010/03/24 11:13:19 | 000,000,000 | ---D | M] -- C:Program FilesWinRAR
[2007/04/26 16:43:53 | 000,000,000 | ---D | M] -- C:Program FilesWinZip
[2009/08/10 22:49:33 | 000,000,000 | ---D | M] -- C:Program FilesWS_FTP
[2009/08/10 22:49:59 | 000,000,000 | ---D | M] -- C:Program FilesWS_FTPLE
[2007/09/26 13:54:17 | 000,000,000 | ---D | M] -- C:Program FilesYahoo!

< %appdata%*.* >

Last edited by ultraspinacle on 7th June 2010, 11:36 am; edited 2 times in total

descriptionSolvedOTL Log Part 3

more_horiz
< %appdata%*.* >


< MD5 for: AGP440.SYS >
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:WindowsSystem32DriverStoreFileRepositorymachine.inf_51b95d75AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:WindowsSystem32DriverStoreFileRepositorymachine.inf_f750e484AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:Windowswinsxsx86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97aAGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:Windowswinsxsx86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:WindowsSystem32driversAGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:WindowsSystem32DriverStoreFileRepositorymachine.inf_920a2c1fAGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:WindowsSystem32driversatapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:WindowsSystem32DriverStoreFileRepositorymshdc.inf_b12d8e84atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:Windowswinsxsx86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8atapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:WindowsSystem32DriverStoreFileRepositorymshdc.inf_cc18792datapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:Windowswinsxsx86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9catapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:WindowsSystem32DriverStoreFileRepositorymshdc.inf_c6c2e699atapi.sys
[2009/04/01 00:08:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:WindowsSystem32DriverStoreFileRepositorymshdc.inf_7de13c21atapi.sys
[2009/04/01 00:08:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:Windowswinsxsx86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42catapi.sys
[2009/04/01 00:08:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:Windowswinsxsx86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8batapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:WindowsSystem32cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:Windowswinsxsx86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6cngaudit.dll

< MD5 for: DISK.SYS >

descriptionSolvedOTL Log Part 3 b

more_horiz
< MD5 for: DISK.SYS >
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:WindowsSystem32driversdisk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:WindowsSystem32DriverStoreFileRepositorydisk.inf_5c850faddisk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:Windowswinsxsx86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6disk.sys
[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:WindowsSystem32DriverStoreFileRepositorydisk.inf_90722180disk.sys
[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:Windowswinsxsx86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835adisk.sys
[2006/11/02 02:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:WindowsSystem32DriverStoreFileRepositorydisk.inf_e0b0b355disk.sys

< MD5 for: EVENTLOG.DLL >
[2003/03/31 00:52:32 | 000,032,869 | ---- | M] () MD5=753AB2F1BD1EBAD9963EF29EFDFD9182 -- C:perlsitelibautoWin32EventLogEventLog.dll

< MD5 for: IASTOR.SYS >
[2006/09/29 14:16:20 | 000,495,896 | ---- | M] (Intel Corporation) MD5=C212BE4F068A02E54EB0CF6F5B23569B -- C:Program FilesIntelIntel Matrix Storage ManagerDriver64IaStor.sys
[2006/09/29 12:59:58 | 000,250,368 | ---- | M] (Intel Corporation) MD5=E9F704CA833BD24BFAA3B4A59707633A -- C:Program FilesIntelIntel Matrix Storage ManagerDriveriaStor.sys
[2006/09/29 12:59:58 | 000,250,368 | ---- | M] (Intel Corporation) MD5=E9F704CA833BD24BFAA3B4A59707633A -- C:WindowsSystem32driversiaStor.sys
[2006/09/29 12:59:58 | 000,250,368 | ---- | M] (Intel Corporation) MD5=E9F704CA833BD24BFAA3B4A59707633A -- C:WindowsSystem32DriverStoreFileRepositoryiaahci.inf_6a23f079iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:WindowsSystem32DriverStoreFileRepositoryiastorv.inf_c9df7691iaStorV.sys
[2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:Windowswinsxsx86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8fiaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:WindowsSystem32driversiaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:WindowsSystem32DriverStoreFileRepositoryiastorv.inf_37cdafa4iaStorV.sys

descriptionSolvedPart 3c

more_horiz
< MD5 for: NETLOGON.DLL >
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:Windowswinsxsx86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783netlogon.dll
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:WindowsSystem32netlogon.dll
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:Windowswinsxsx86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:Windowswinsxsx86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004/06/03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:UsersctfrenchAppDataLocalTempTemp1_drivers-mb-nVIDIA-Nvidia_NF-123_2K_XP_v5.10.zipWIN2K_XPIDEWin2KNvAtaBus.sys
[2004/06/03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:UsersctfrenchAppDataLocalTempTemp1_drivers-mb-nVIDIA-Nvidia_NF-123_2K_XP_v5.10.zipWIN2K_XPIDEWinXPNvAtaBus.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:WindowsSystem32driversnvstor.sys
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:WindowsSystem32DriverStoreFileRepositorynvraid.inf_733654ffnvstor.sys
[2008/01/18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:WindowsSystem32DriverStoreFileRepositorynvraid.inf_31c3d71dnvstor.sys
[2008/01/18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:Windowswinsxsx86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:Windowswinsxsx86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:Windowswinsxsx86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3escecli.dll
[2009/04/10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:WindowsSystem32scecli.dll
[2009/04/10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:Windowswinsxsx86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5escecli.dll

Last edited by ultraspinacle on 7th June 2010, 11:05 am; edited 1 time in total

descriptionSolvedpart 3d

more_horiz
< MD5 for: USBSTOR.SYS >
[2008/01/18 21:53:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:WindowsSystem32DriverStoreFileRepositoryusbstor.inf_b9f18584USBSTOR.SYS
[2008/01/18 21:53:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:Windowswinsxsx86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43USBSTOR.SYS
[2009/04/10 21:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:WindowsSystem32driversUSBSTOR.SYS
[2009/04/10 21:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:WindowsSystem32DriverStoreFileRepositoryusbstor.inf_72a6a3e5USBSTOR.SYS
[2009/04/10 21:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:Windowswinsxsx86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68fUSBSTOR.SYS
[2006/11/02 01:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:WindowsSystem32DriverStoreFileRepositoryusbstor.inf_bb2778a0USBSTOR.SYS

Last edited by ultraspinacle on 7th June 2010, 11:05 am; edited 1 time in total

descriptionSolvedpart 4

more_horiz
< HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindowsCurrentVersionwindows updateauto updateResultsInstall|LastSuccessTime /rs >
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindows UpdateAuto UpdateResultsInstallLastSuccessTime: 2010-06-06 04:34:08
========== Alternate Data Streams ==========
@Alternate Data Stream - 696 bytes -> C:UsersctfrenchDocumentsWHining to Ming 3.17.09.eml:OECustomProperty
@Alternate Data Stream - 205 bytes -> C:ProgramDataTEMP:DFC5A2B2
@Alternate Data Stream - 193 bytes -> C:ProgramDataTEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:ProgramDataTEMP:A8ADE5D8
< End of report >

Last edited by ultraspinacle on 7th June 2010, 11:35 am; edited 22 times in total

descriptionSolvedempty

more_horiz
[color

descriptionSolvedRe: OTL Log Part 2a

more_horiz
Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see this topic.

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:Program FilesEsetOnlineScannerlog.txt
  • Copy and paste that log as a reply to this topic

descriptionSolvedRe: OTL Log Part 2a

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum