GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


RunDLL error after removing thinkpoint

4 posters

descriptionRunDLL error after removing thinkpoint EmptyRunDLL error after removing thinkpoint

more_horiz
Hi,

i've just removed think point from my computer using rkill and OTL but now whenever i start my windows the following RunDLL errors would show up. how can i fix this? Please help me


RunDLL error after removing thinkpoint Comp_p12[/url][/img]
[img]RunDLL error after removing thinkpoint Comp_p12[/img]

OTL logfile created on: 19/10/2010 7:36:55 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Amelia\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.85 Gb Total Space | 104.03 Gb Free Space | 46.89% Space Free | Partition Type: NTFS
Drive D: | 11.03 Gb Total Space | 1.33 Gb Free Space | 12.03% Space Free | Partition Type: NTFS

Computer Name: A_MAK | User Name: Amelia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/19 19:35:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Amelia\Downloads\OTL.exe
PRC - [2010/09/17 06:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/08 01:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/13 02:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/07/06 05:34:02 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/29 04:15:02 | 002,633,976 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/04/10 05:41:02 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/03 00:11:53 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/03 00:11:52 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/07/21 19:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/21 19:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 11:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/03/02 15:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
PRC - [2008/12/24 10:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/11 12:54:44 | 000,090,112 | ---- | M] (brother) -- C:\Program Files\Brownie\brpjp04a.exe
PRC - [2008/01/08 09:28:02 | 000,864,256 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2005/08/11 16:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/10/19 19:35:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Amelia\Downloads\OTL.exe
MOD - [2010/08/21 15:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 11:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 11:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 11:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 11:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 11:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 11:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 11:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 11:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 11:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 11:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 11:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 03:00:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/03 00:11:52 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/07/21 19:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
SRV - [2009/07/14 11:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 11:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 11:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 11:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 11:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 11:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 11:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 11:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 11:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 11:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 11:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 11:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 11:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 11:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 11:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 11:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/03/02 15:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/24 10:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/08 00:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/08 00:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/11 17:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/22 02:45:12 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/21 19:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/14 11:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 11:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 11:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 11:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 11:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 11:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 11:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 11:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 11:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 11:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 11:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 11:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 11:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 11:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 11:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 11:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 11:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 11:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 11:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 11:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 11:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 11:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 11:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 11:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 11:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 11:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 11:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 11:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 11:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 11:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 11:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 11:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 11:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 11:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 11:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 11:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 11:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 11:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 10:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 10:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 10:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 09:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 09:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 09:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 09:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 09:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 09:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 09:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 09:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/14 09:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 09:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 09:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 09:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 09:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 09:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 09:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 09:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 09:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 08:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 08:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 08:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 08:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 08:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 08:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 08:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 08:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 08:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/04 00:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/11 07:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/04/29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/12/30 10:31:32 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/12/23 21:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/05 08:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/09/22 15:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Presario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 85 77 12 6C 6F CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "bbc.co.uk"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {8AFB1288-759D-4A40-BAEF-7AF29A5EAB69}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/10 05:46:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 01:44:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/07 18:19:38 | 000,000,000 | ---D | M]

[2010/03/06 00:59:27 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Mozilla\Extensions
[2010/10/19 19:31:16 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\uwvlfw5n.default\extensions
[2010/05/29 14:33:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\uwvlfw5n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/14 17:18:12 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\uwvlfw5n.default\extensions\searchrecs@veoh.com
[2010/03/06 00:37:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 02:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/07/06 05:34:06 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/06 05:34:06 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/06 05:34:06 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/06 05:34:06 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Ovobufuqosej] C:\Users\Amelia\AppData\Local\eqeribeci.DLL (MPC-HC Team)
O4 - HKCU..\Run: [Ppudafojocetuw] C:\Users\Amelia\AppData\Local\mptex32.DLL (trbarry@trbarry.com)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Amelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Amelia\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Amelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-SG\local\search.html ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.244.1.1 131.244.1.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Amelia\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Amelia\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)


========== Files/Folders - Created Within 90 Days ==========

[2010/10/19 19:14:17 | 000,000,000 | ---D | C] -- C:\Users\Amelia\AppData\Roaming\Malwarebytes
[2010/10/19 19:14:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/19 19:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/19 19:14:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/19 19:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/19 18:59:03 | 000,000,000 | ---D | C] -- C:\Users\Amelia\AppData\Local\{8AFB1288-759D-4A40-BAEF-7AF29A5EAB69}
[2010/10/19 18:48:11 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/19 18:47:21 | 000,000,000 | ---D | C] -- C:\Users\Amelia\AppData\Roaming\807D4BD0811E591DBDF0F4940C2BB302
[2010/10/07 18:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/09/20 16:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/09/16 03:02:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/13 04:15:42 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/13 04:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/11 01:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 01:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 01:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 01:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/11 01:27:47 | 000,000,000 | ---D | C] -- C:\Users\Amelia\AppData\Local\ElevatedDiagnostics
[2010/07/29 02:05:14 | 000,000,000 | ---D | C] -- C:\Users\Amelia\Desktop\South Africa 2004
[2009/07/14 09:24:44 | 000,209,408 | ---- | C] (MPC-HC Team) -- C:\Users\Amelia\AppData\Local\eqeribeci.dll
[2009/07/14 09:24:44 | 000,077,824 | ---- | C] (trbarry@trbarry.com) -- C:\Users\Amelia\AppData\Local\mptex32.dll

========== Files - Modified Within 90 Days ==========

[2010/10/19 19:14:09 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 19:02:56 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 19:02:56 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 18:59:12 | 000,000,120 | ---- | M] () -- C:\Users\Amelia\AppData\Local\Kqenujox.dat
[2010/10/19 18:59:12 | 000,000,000 | ---- | M] () -- C:\Users\Amelia\AppData\Local\Qgoyinod.bin
[2010/10/19 18:58:50 | 000,000,315 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/10/19 18:58:45 | 000,000,317 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/10/19 18:55:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/19 18:55:10 | 2339,573,760 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/19 18:50:46 | 000,000,010 | ---- | M] () -- C:\Users\Amelia\AppData\Roaming\install
[2010/10/19 18:49:19 | 000,000,187 | ---- | M] () -- C:\Users\Amelia\AppData\Roaming\29888.bat
[2010/10/19 18:49:05 | 000,000,187 | ---- | M] () -- C:\Users\Amelia\AppData\Roaming\22993.bat
[2010/10/18 03:06:04 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/10/18 00:12:36 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/16 19:21:10 | 000,670,492 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/16 19:21:10 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/14 13:07:44 | 000,441,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/07 18:19:46 | 000,001,552 | ---- | M] () -- C:\Users\Amelia\Desktop\DivX Movies.lnk
[2010/10/05 13:17:18 | 000,300,498 | ---- | M] () -- C:\Users\Amelia\Desktop\bd3_012940.pdf
[2010/09/13 04:16:58 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/13 04:16:54 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/08 01:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/08 01:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/08 00:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/08 00:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/18 17:10:11 | 000,074,665 | ---- | M] () -- C:\Users\Amelia\Desktop\QF_Boarding_Pass_ZM9F48_19AUG.pdf
[2010/08/11 02:01:53 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/08 02:11:15 | 000,003,400 | ---- | M] () -- C:\bootsqm.dat
[2010/07/30 13:10:35 | 000,010,395 | ---- | M] () -- C:\Users\Amelia\Documents\Amelia Mak.docx
[2010/07/29 04:10:27 | 236,498,139 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2010/10/19 19:14:09 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 18:59:12 | 000,000,120 | ---- | C] () -- C:\Users\Amelia\AppData\Local\Kqenujox.dat
[2010/10/19 18:59:12 | 000,000,000 | ---- | C] () -- C:\Users\Amelia\AppData\Local\Qgoyinod.bin
[2010/10/19 18:50:46 | 000,000,010 | ---- | C] () -- C:\Users\Amelia\AppData\Roaming\install
[2010/10/19 18:49:19 | 000,000,187 | ---- | C] () -- C:\Users\Amelia\AppData\Roaming\29888.bat
[2010/10/19 18:49:05 | 000,000,187 | ---- | C] () -- C:\Users\Amelia\AppData\Roaming\22993.bat
[2010/10/05 13:17:18 | 000,300,498 | ---- | C] () -- C:\Users\Amelia\Desktop\bd3_012940.pdf
[2010/09/13 04:16:58 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/18 17:10:11 | 000,074,665 | ---- | C] () -- C:\Users\Amelia\Desktop\QF_Boarding_Pass_ZM9F48_19AUG.pdf
[2010/08/11 01:48:53 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/08 02:11:15 | 000,003,400 | ---- | C] () -- C:\bootsqm.dat
[2010/07/30 13:10:18 | 000,010,395 | ---- | C] () -- C:\Users\Amelia\Documents\Amelia Mak.docx
[2010/03/06 01:38:58 | 000,000,189 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/03/06 01:38:51 | 000,000,000 | ---- | C] () -- C:\Users\Amelia\AppData\Local\QSwitch.txt
[2010/03/06 01:38:51 | 000,000,000 | ---- | C] () -- C:\Users\Amelia\AppData\Local\DSwitch.txt
[2010/03/06 01:38:51 | 000,000,000 | ---- | C] () -- C:\Users\Amelia\AppData\Local\AtStart.txt
[2010/03/06 01:38:49 | 000,000,315 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/03/06 01:37:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/20 12:16:18 | 000,000,030 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/26 15:31:20 | 000,892,928 | ---- | C] () -- C:\Windows\System32\YeppPlugIn.dll
[2009/12/26 15:31:20 | 000,102,400 | ---- | C] () -- C:\Windows\System32\smax10.dll
[2009/12/26 15:31:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\secumax.dll
[2009/12/26 15:31:19 | 000,249,856 | ---- | C] () -- C:\Windows\System32\CddbPlaylistSamsung.dll
[2009/12/26 15:31:19 | 000,139,264 | ---- | C] () -- C:\Windows\System32\yeppCddb.dll
[2009/11/24 12:27:03 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/25 11:04:45 | 000,003,766 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/10/25 11:04:45 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\798F09E6CB.sys
[2009/10/09 17:46:26 | 000,000,015 | ---- | C] () -- C:\Users\Amelia\AppData\Roaming\config.tcf
[2009/09/21 12:27:04 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009/09/21 12:27:04 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009/09/21 12:26:32 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2009/09/21 12:26:31 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2140.INI
[2009/09/21 12:26:23 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/09/21 12:23:25 | 000,000,317 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/09/22 15:49:24 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

========== LOP Check ==========

[2010/10/19 18:47:21 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\807D4BD0811E591DBDF0F4940C2BB302
[2010/03/06 00:59:01 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Desktopicon
[2010/10/19 18:59:20 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Dropbox
[2010/03/06 00:59:01 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Facebook
[2010/03/06 00:59:01 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\FloodLightGames
[2010/03/06 00:59:01 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Gamelab
[2010/04/17 01:02:27 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\ooVoo Details
[2010/03/06 00:59:29 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\OpenOffice.org
[2009/10/25 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Pixmantec
[2010/03/06 00:59:31 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\PlayFirst
[2010/04/11 19:29:45 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Red Kawa
[2010/03/06 00:59:42 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Sandlot Games
[2010/03/06 00:59:45 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\WildTangent
[2009/09/19 16:48:51 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Windows Live Writer
[2010/03/06 00:59:45 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\YoudaGames
[2010/03/06 01:48:27 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716}
[2010/10/18 00:12:36 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/10/06 12:18:20 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/05 22:12:34 | 001,048,576 | ---- | M] () -- C:\3069.bin
[2009/08/31 18:08:46 | 001,048,576 | ---- | M] () -- C:\3069_new.bin
[2010/03/05 22:16:08 | 000,040,232 | ---- | M] () -- C:\aaw7boot.log
[2009/06/11 07:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 11:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/06 18:15:01 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/08/08 02:11:15 | 000,003,400 | ---- | M] () -- C:\bootsqm.dat
[2009/06/11 07:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/19 18:55:10 | 2339,573,760 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/06 01:43:39 | 000,000,185 | ---- | M] () -- C:\hpqlb.log
[2010/10/19 18:55:16 | 3119,435,776 | -HS- | M] () -- C:\pagefile.sys
[2010/10/19 19:35:24 | 000,000,448 | ---- | M] () -- C:\rkill.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-19 08:36:29

========== Files - Unicode (All) ==========
[2010/01/25 01:47:13 | 000,003,545 | ---- | M] ()(C:\Users\Amelia\Documents\??3.rtf) -- C:\Users\Amelia\Documents\小傑3.rtf
[2010/01/25 01:45:04 | 000,003,545 | ---- | C] ()(C:\Users\Amelia\Documents\??3.rtf) -- C:\Users\Amelia\Documents\小傑3.rtf
[2009/12/17 02:17:42 | 000,000,799 | ---- | M] ()(C:\Users\Amelia\Documents\??.rtf) -- C:\Users\Amelia\Documents\小傑.rtf
[2009/12/17 02:17:41 | 000,000,799 | ---- | C] ()(C:\Users\Amelia\Documents\??.rtf) -- C:\Users\Amelia\Documents\小傑.rtf

< End of report >


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Amelia on 19/10/2010 at 19:35:16.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Amelia\Downloads\rkill(2).exe


Rkill completed on 19/10/2010 at 19:35:24.

Last edited by poky.woky on 19th October 2010, 3:30 pm; edited 2 times in total (Reason for editing : forgot to put in information)

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see this topic.

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :otl
    [2010/10/19 18:59:12 | 000,000,120 | ---- | M] () -- C:\Users\Amelia\AppData\Local\Kqenujox.dat
    [2010/10/19 18:59:12 | 000,000,000 | ---- | M] () -- C:\Users\Amelia\AppData\Local\Qgoyinod.bin
    [2010/10/19 18:58:50 | 000,000,315 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2010/10/19 18:50:46 | 000,000,010 | ---- | M] () -- C:\Users\Amelia\AppData\Roaming\install
    [2010/10/19 18:49:19 | 000,000,187 | ---- | M] () -- C:\Users\Amelia\AppData\Roaming\29888.bat
    [2010/10/19 18:49:05 | 000,000,187 | ---- | M] () -- C:\Users\Amelia\AppData\Roaming\22993.bat

    :commands
    [emptytemp]
    [reboot]


  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
i still get the same two runDLL errors..

All processes killed
========== OTL ==========
C:\Users\Amelia\AppData\Local\Kqenujox.dat moved successfully.
C:\Users\Amelia\AppData\Local\Qgoyinod.bin moved successfully.
C:\ProgramData\hpqp.ini moved successfully.
C:\Users\Amelia\AppData\Roaming\install moved successfully.
C:\Users\Amelia\AppData\Roaming\29888.bat moved successfully.
C:\Users\Amelia\AppData\Roaming\22993.bat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Amelia
->Temp folder emptied: 744701093 bytes
->Temporary Internet Files folder emptied: 828569962 bytes
->Java cache emptied: 75850648 bytes
->FireFox cache emptied: 44420012 bytes
->Flash cache emptied: 2942735 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26485341 bytes
RecycleBin emptied: 10032753151 bytes

Total Files Cleaned = 11,211.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10202010_121731

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Not a problem. We just needed to make sure those files/folders were gone.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
hi, here is the log for combofix (:

ComboFix 10-10-19.03 - Amelia 20/10/2010 20:10:44.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.2975.2018 [GMT 10:00]
Running from: c:\users\Amelia\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Amelia\AppData\Local\{8AFB1288-759D-4A40-BAEF-7AF29A5EAB69}
c:\users\Amelia\AppData\Local\{8AFB1288-759D-4A40-BAEF-7AF29A5EAB69}\chrome.manifest
c:\users\Amelia\AppData\Local\{8AFB1288-759D-4A40-BAEF-7AF29A5EAB69}\chrome\content\_cfg.js
c:\users\Amelia\AppData\Local\{8AFB1288-759D-4A40-BAEF-7AF29A5EAB69}\chrome\content\overlay.xul
c:\users\Amelia\AppData\Local\{8AFB1288-759D-4A40-BAEF-7AF29A5EAB69}\install.rdf
c:\users\Amelia\AppData\Roaming\Desktopicon
c:\users\Amelia\AppData\Roaming\Desktopicon\eBayShortcuts.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-20 to 2010-10-20 )))))))))))))))))))))))))))))))
.

2010-10-20 10:07 . 2010-10-20 10:08 -------- d-----w- C:\32788R22FWJFW
2010-10-20 02:17 . 2010-10-20 02:17 -------- d-----w- C:\_OTL
2010-10-19 09:14 . 2010-10-19 09:14 -------- d-----w- c:\users\Amelia\AppData\Roaming\Malwarebytes
2010-10-19 09:14 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-19 09:14 . 2010-10-19 09:14 -------- d-----w- c:\programdata\Malwarebytes
2010-10-19 09:14 . 2010-10-19 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 09:14 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 08:47 . 2010-10-19 08:47 -------- d-----w- c:\users\Amelia\AppData\Roaming\807D4BD0811E591DBDF0F4940C2BB302
2010-10-19 08:36 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D84031F3-44FE-4AA6-A72A-ADC32358449A}\mpengine.dll
2010-10-13 07:26 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 07:26 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 07:26 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 07:26 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 07:26 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 07:26 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 07:26 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-07 08:08 . 2010-10-07 08:19 -------- d-----w- c:\programdata\DivX
2010-09-29 04:24 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-29 04:24 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 02:34 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 02:34 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Amelia\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Amelia\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Amelia\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-07 864256]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-05-11 513080]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-06-23 468264]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-09 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Amelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Amelia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-26 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-02 1029456]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-08 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-24 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Contents of the 'Scheduled Tasks' folder

2010-10-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:12]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-SG\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\uwvlfw5n.default\
FF - prefs.js: browser.startup.homepage - bbc.co.uk
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Amelia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Ppudafojocetuw - c:\users\Amelia\AppData\Local\mptex32.dll
HKCU-Run-Ovobufuqosej - c:\users\Amelia\AppData\Local\eqeribeci.dll
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - c:\program files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-20 20:22:46
ComboFix-quarantined-files.txt 2010-10-20 10:22

Pre-Run: 123,794,038,784 bytes free
Post-Run: 123,692,167,168 bytes free

- - End Of File - - E5DE7A4FCE9882F3F7052FC5094BEE84

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:

    :filefind
    mptex32.dll

    :regfind
    mptex32


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
hi,

here's the log

SystemLook 04.09.10 by jpshortstuff
Log created at 15:12 on 21/10/2010 by Amelia
Administrator - Elevation successful

========== filefind ==========

Searching for "mptex32.dll"
No files found.

========== regfind ==========

Searching for "mptex32"
No data found.

-= EOF =-

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:

    :regfind
    mptex32.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
hi,

here's the log

SystemLook 04.09.10 by jpshortstuff
Log created at 16:10 on 22/10/2010 by Amelia
Administrator - Elevation successful

========== regfind ==========

Searching for "mptex32.dll"
No data found.

-= EOF =-

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Good.

Still getting the errors?

This file was causing the issues: c:\users\Amelia\AppData\Local\mptex32.dll

Let us finish checking for malware here...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4a9d50c2766763449569444e69d0f48d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-22 04:41:29
# local_time=2010-10-23 02:41:29 (+1000, E. Australia Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 2552387 2552387 0 0
# compatibility_mode=5893 16776573 100 94 0 39379314 0 0
# compatibility_mode=8192 67108863 100 0 683 683 0 0
# scanned=184140
# found=4
# cleaned=4
# scan_time=17566
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\Amelia\AppData\Roaming\Desktopicon\eBayShortcuts.exe.vir Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Public\Documents\Server\sphlp.dll Win32/Bamital.DZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Do you get those popups anymore?

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
nope, i don't get them already..

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
mm.. i can't do:
# Select the More Options tab
# In the System Restore and Shadow Backups select Clean up
# Select Delete on the pop up
# Select OK
# Select Delete

for the open disc scan because there is no "more options" tab.. i just get this
RunDLL error after removing thinkpoint Disc_c10

so, what should I do then?

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
That's odd. Goofy

Since you have an NT 6 system, let me see...

Start > Search Create a Restore Point. Click on result.


Select the C:\ system in the details body, and select Configure.

You will see a delete button at the bottom right, which is next to the info on deleting all restore points, select that Delete button.

That will do the job for you. Then, press OK if needed. Back at the main Restore Point screen, select Create. Then, give it a name, etc.

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
i still get the same thing.. /:
RunDLL error after removing thinkpoint Open_d10
RunDLL error after removing thinkpoint Open_d11
RunDLL error after removing thinkpoint Open_d12
RunDLL error after removing thinkpoint Open_d13

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
So, this did not work, which had nothing to do with Disk Cleanup:

DragonMaster Jay wrote:


Since you have an NT 6 system, let me see...

Start > Search Create a Restore Point. Click on result.


Select the C:\ system in the details body, and select Configure.

You will see a delete button at the bottom right, which is next to the info on deleting all restore points, select that Delete button.

That will do the job for you. Then, press OK if needed. Back at the main Restore Point screen, select Create. Then, give it a name, etc.

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
yea i guess.. so do i just click "clean up system files" since there isn't a "more options" tab?

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
No.

Have you turned System Restore off before?

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
nope, not that i remember.

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Ok. Let's continue without messing with System Restore. 😉

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
ok, so what's next?

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Post 14

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
hi (:

I ran everything except for the system restore one.. and here's the log for the security check :

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


my computer runs a little slow on start up.. like the explorer takes some time to load.. or just sometimes it takes longer than usual to shut it down..

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Hello.
Jay is away so I will be taking over.

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 22.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader 9.4

Once both are installed, please re-run Security Check and post the newer log.

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
hi (:

here's the new log, so what's next?

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.4.0
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Fail on Security Tool.

How is the machine running now?

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
fail on security tool?

mm.. it's just kinda slow on start up.. sometimes it has problems shutting down. my windows asked me to activate it on a few occasions even though i already have ages ago /:

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Lets see what we can do for making startup quicker.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
i keep getting this message when i run HijackThis
RunDLL error after removing thinkpoint Hijack10

so i run notepad for that file but it only has one line that says
"127.0.0.1 localhost"

after the scan, it can't save a logfile
RunDLL error after removing thinkpoint Notepa10

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Please right click the Hijack This launcher, select Run As Administrator, see if you can get a log now.

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
hi,
i can't make it run as administrator because there isn't that option for win7. is there something else that i could do?

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
bump

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Hi,

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
hi

here the olt.txt part 1

OTL logfile created on: 8/11/2010 3:40:27 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Amelia\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.85 Gb Total Space | 141.66 Gb Free Space | 63.85% Space Free | Partition Type: NTFS
Drive D: | 11.03 Gb Total Space | 1.26 Gb Free Space | 11.44% Space Free | Partition Type: NTFS

Computer Name: A_MAK | User Name: Amelia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/08 15:38:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Amelia\Desktop\OTL.exe
PRC - [2010/09/17 06:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/08 01:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/13 02:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/07/06 05:34:02 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 04:15:02 | 002,633,976 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/04/10 05:41:02 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/03 00:11:53 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/03 00:11:52 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/26 15:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Amelia\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/07/21 19:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/21 19:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/02 15:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/24 10:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2005/08/11 16:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/08 15:38:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Amelia\Desktop\OTL.exe
MOD - [2010/08/21 15:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 11:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 11:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 11:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 11:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 11:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 11:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 11:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 11:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 11:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 11:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 03:00:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/03 00:11:52 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/07/21 19:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
SRV - [2009/07/14 11:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 11:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 11:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 11:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 11:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 11:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 11:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 11:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 11:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 11:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 11:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 11:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 11:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 11:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 11:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 11:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/03/02 15:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/24 10:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/08 00:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/08 00:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/11 17:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/22 02:45:12 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/21 19:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/14 11:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 11:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 11:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 11:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 11:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 11:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 11:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 11:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 11:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 11:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 11:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 11:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 11:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 11:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 11:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 11:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 11:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 11:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 11:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 11:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 11:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 11:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 11:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 11:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 11:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 11:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 11:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 11:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 11:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 11:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 11:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 11:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 11:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 11:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 11:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 11:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 11:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 11:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 10:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 10:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 10:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 09:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 09:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 09:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 09:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 09:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 09:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 09:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 09:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/14 09:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 09:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 09:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 09:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 09:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 09:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 09:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 09:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 09:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 08:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 08:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 08:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 08:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 08:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 08:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 08:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 08:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 08:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/04 00:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/11 07:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/04/29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/12/30 10:31:32 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/12/23 21:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/05 08:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/09/22 15:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Presario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED EC A7 76 69 7A CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "bbc.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/10 05:46:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 01:44:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 20:14:20 | 000,000,000 | ---D | M]

[2010/03/06 00:59:27 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Mozilla\Extensions
[2010/11/07 21:12:19 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\uwvlfw5n.default\extensions
[2010/05/29 14:33:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\uwvlfw5n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/14 17:18:12 | 000,000,000 | ---D | M] -- C:\Users\Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\uwvlfw5n.default\extensions\searchrecs@veoh.com
[2010/11/02 20:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/02 20:04:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/02 20:04:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/13 02:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/07/06 05:34:06 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/06 05:34:06 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/06 05:34:06 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/06 05:34:06 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/20 20:19:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\Amelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Amelia\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Amelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.244.246.126
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Amelia\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Amelia\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2010/11/08 15:38:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Amelia\Desktop\OTL.exe
[2010/11/04 14:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/02 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/11/02 20:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/02 20:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/02 20:04:43 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/11/02 20:04:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/02 20:04:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/02 20:04:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/02 19:59:38 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Amelia\Desktop\jre-6u22-windows-i586.exe
[2010/11/01 17:36:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Amelia\Desktop\TFC.exe
[2010/10/27 17:32:13 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/10/27 17:32:13 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/10/27 17:32:13 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/27 17:32:13 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/27 17:32:06 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/10/22 21:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/20 20:22:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/20 20:22:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/20 20:22:49 | 000,000,000 | ---D | C] -- C:\Users\Amelia\AppData\Local\temp
[2010/10/20 20:08:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/20 20:07:20 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/10/19 19:14:17 | 000,000,000 | ---D | C] -- C:\Users\Amelia\AppData\Roaming\Malwarebytes
[2010/10/19 19:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/19 19:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/19 18:48:11 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/19 18:47:21 | 000,000,000 | ---D | C] -- C:\Users\Amelia\AppData\Roaming\807D4BD0811E591DBDF0F4940C2BB302
[2010/10/13 17:27:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 17:27:13 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 17:27:13 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 17:27:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 17:27:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 17:27:12 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 17:27:12 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 17:27:12 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 17:27:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 17:27:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 17:27:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/13 17:27:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 17:27:07 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 17:27:07 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 17:27:00 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 17:26:58 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 17:26:54 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/13 17:26:52 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll

========== Files - Modified Within 30 Days ==========

[2010/11/08 15:38:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Amelia\Desktop\OTL.exe
[2010/11/08 15:19:53 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 15:19:52 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 15:13:06 | 000,000,315 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/11/08 15:12:00 | 000,000,265 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/11/08 15:11:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/08 15:11:40 | 2339,573,760 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/08 00:11:28 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/05 16:15:50 | 000,670,492 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/05 16:15:50 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/05 01:05:29 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/11/04 14:19:09 | 000,002,993 | ---- | M] () -- C:\Users\Amelia\Desktop\HiJackThis.lnk
[2010/11/04 14:17:19 | 001,402,880 | ---- | M] () -- C:\Users\Amelia\Desktop\HiJackThis.msi
[2010/11/02 20:14:20 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/02 20:04:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/11/02 20:04:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/02 20:04:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/02 20:04:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/02 20:01:49 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Amelia\Desktop\jre-6u22-windows-i586.exe
[2010/11/01 17:44:11 | 000,869,051 | ---- | M] () -- C:\Users\Amelia\Desktop\SecurityCheck.exe
[2010/11/01 17:37:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Amelia\Desktop\TFC.exe
[2010/10/20 20:19:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/14 13:07:44 | 000,441,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/11/04 14:19:09 | 000,002,993 | ---- | C] () -- C:\Users\Amelia\Desktop\HiJackThis.lnk
[2010/11/04 14:17:02 | 001,402,880 | ---- | C] () -- C:\Users\Amelia\Desktop\HiJackThis.msi
[2010/11/02 20:14:20 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/01 17:43:45 | 000,869,051 | ---- | C] () -- C:\Users\Amelia\Desktop\SecurityCheck.exe
[2010/10/20 12:22:02 | 000,000,315 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/03/06 01:38:58 | 000,000,188 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/03/06 01:38:51 | 000,000,000 | ---- | C] () -- C:\Users\Amelia\AppData\Local\QSwitch.txt
[2010/03/06 01:38:51 | 000,000,000 | ---- | C] () -- C:\Users\Amelia\AppData\Local\DSwitch.txt
[2010/03/06 01:38:51 | 000,000,000 | ---- | C] () -- C:\Users\Amelia\AppData\Local\AtStart.txt
[2010/03/06 01:37:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/20 12:16:18 | 000,000,030 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/26 15:31:20 | 000,892,928 | ---- | C] () -- C:\Windows\System32\YeppPlugIn.dll
[2009/12/26 15:31:20 | 000,102,400 | ---- | C] () -- C:\Windows\System32\smax10.dll
[2009/12/26 15:31:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\secumax.dll
[2009/12/26 15:31:19 | 000,249,856 | ---- | C] () -- C:\Windows\System32\CddbPlaylistSamsung.dll
[2009/12/26 15:31:19 | 000,139,264 | ---- | C] () -- C:\Windows\System32\yeppCddb.dll
[2009/11/24 12:27:03 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/25 11:04:45 | 000,003,766 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/10/25 11:04:45 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\798F09E6CB.sys
[2009/10/09 17:46:26 | 000,000,015 | ---- | C] () -- C:\Users\Amelia\AppData\Roaming\config.tcf
[2009/09/21 12:27:04 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009/09/21 12:27:04 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009/09/21 12:26:32 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2009/09/21 12:26:31 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2140.INI
[2009/09/21 12:26:23 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/09/21 12:23:25 | 000,000,265 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/09/22 15:49:24 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll


descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
here's olt.txt part 2

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 11:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2009/10/25 11:04:45 | 000,000,008 | RHS- | M] () -- C:\Windows\System32\798F09E6CB.sys
[2009/07/14 07:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/07/14 11:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/14 07:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2009/07/14 07:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/14 07:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2009/07/14 07:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2010/05/17 19:53:11 | 000,003,766 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/07/14 07:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/14 07:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/14 07:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/14 07:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/14 07:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/14 07:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2009/07/14 07:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/14 07:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/14 07:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/14 07:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/09/01 12:34:52 | 002,327,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2006/11/03 00:09:50 | 001,419,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wdfcoinstaller01005.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/03/05 22:12:34 | 001,048,576 | ---- | M] () -- C:\3069.bin
[2009/08/31 18:08:46 | 001,048,576 | ---- | M] () -- C:\3069_new.bin
[2010/03/05 22:16:08 | 000,040,232 | ---- | M] () -- C:\aaw7boot.log
[2009/06/11 07:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 11:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/06 18:15:01 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/08/08 02:11:15 | 000,003,400 | ---- | M] () -- C:\bootsqm.dat
[2009/06/11 07:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/11/08 15:11:40 | 2339,573,760 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/06 01:43:39 | 000,000,185 | ---- | M] () -- C:\hpqlb.log
[2010/11/08 15:11:49 | 3119,435,776 | -HS- | M] () -- C:\pagefile.sys
[2010/10/19 19:35:24 | 000,000,448 | ---- | M] () -- C:\rkill.log

< %PROGRAMFILES%\*. >
[2010/03/06 00:25:53 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/03/06 00:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/10/09 18:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Alawar
[2010/09/13 16:48:56 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/03/06 00:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/03/06 00:26:19 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2010/03/06 00:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2010/08/11 01:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/03/06 00:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2010/03/06 00:26:32 | 000,000,000 | ---D | M] -- C:\Program Files\Brownie
[2010/11/02 20:05:12 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/03/06 00:27:54 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2010/03/06 00:30:02 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/10/18 02:51:49 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/08/13 03:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2010/10/22 21:37:20 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/03/06 01:49:42 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/03/06 00:34:06 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard Company
[2010/03/06 01:54:33 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/03/06 00:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2010/03/06 01:46:50 | 000,000,000 | ---D | M] -- C:\Program Files\IDT
[2010/05/17 23:53:07 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/03/06 00:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/14 13:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/08/11 01:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/08/11 01:48:51 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/03/06 00:36:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/03/06 00:36:54 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2010/03/06 00:36:54 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/09/02 03:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\LSI SoftModem
[2010/10/22 10:19:40 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/06 00:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/03/06 00:36:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/03/06 00:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/03/06 00:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Small Business
[2010/03/06 00:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2010/03/06 00:37:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/03/06 00:37:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/03/06 00:37:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 17:56:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/10/21 15:12:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/14 14:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/12 02:44:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/03/06 00:37:44 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2010/03/06 00:37:46 | 000,000,000 | R--D | M] -- C:\Program Files\Online Services
[2010/03/06 00:38:25 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/03/06 00:38:25 | 000,000,000 | ---D | M] -- C:\Program Files\Pixmantec
[2010/08/11 01:44:38 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/04/10 05:44:27 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/03/06 00:38:41 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/03/06 00:38:41 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2009/07/14 14:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/06 00:38:48 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2010/09/22 15:33:39 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/03/06 00:38:53 | 000,000,000 | ---D | M] -- C:\Program Files\SMINST
[2010/03/06 00:38:53 | 000,000,000 | ---D | M] -- C:\Program Files\SoftStylus
[2010/03/06 00:21:16 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/11/04 14:19:09 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/07/14 14:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/06 00:38:54 | 000,000,000 | ---D | M] -- C:\Program Files\Unity
[2010/10/22 22:46:25 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2010/03/06 00:38:54 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2010/07/27 20:50:27 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/07/27 20:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Detect
[2010/03/06 00:38:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/03/06 00:38:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/03/08 09:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/03/08 09:26:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/03/06 00:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/03/06 00:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2010/03/06 00:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/05/15 10:10:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 13:06:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 14:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/03/06 00:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/03/08 09:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 14:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/03/08 09:26:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/03/06 00:39:06 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/03/30 14:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader

< %appdata%\*.* >
[2009/10/09 17:46:26 | 000,000,015 | ---- | M] () -- C:\Users\Amelia\AppData\Roaming\config.tcf


< MD5 for: AGP440.SYS >
[2009/07/14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/14 11:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/14 11:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 11:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: EVENTLOG.DLL >
[2007/05/18 15:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 11:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 11:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 11:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 11:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/14 11:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 11:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 11:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 11:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 11:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 11:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/14 11:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 11:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/14 09:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/14 09:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS
[2009/07/14 09:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-06 04:45:29

========== Files - Unicode (All) ==========
[2010/01/25 01:47:13 | 000,003,545 | ---- | M] ()(C:\Users\Amelia\Documents\??3.rtf) -- C:\Users\Amelia\Documents\小傑3.rtf
[2010/01/25 01:45:04 | 000,003,545 | ---- | C] ()(C:\Users\Amelia\Documents\??3.rtf) -- C:\Users\Amelia\Documents\小傑3.rtf
[2009/12/17 02:17:42 | 000,000,799 | ---- | M] ()(C:\Users\Amelia\Documents\??.rtf) -- C:\Users\Amelia\Documents\小傑.rtf
[2009/12/17 02:17:41 | 000,000,799 | ---- | C] ()(C:\Users\Amelia\Documents\??.rtf) -- C:\Users\Amelia\Documents\小傑.rtf

< End of report >

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
this is extras.txt

OTL Extras logfile created on: 8/11/2010 3:40:27 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Amelia\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.85 Gb Total Space | 141.66 Gb Free Space | 63.85% Space Free | Partition Type: NTFS
Drive D: | 11.03 Gb Total Space | 1.26 Gb Free Space | 11.44% Space Free | Partition Type: NTFS

Computer Name: A_MAK | User Name: Amelia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24699835-8E58-4A5D-93E3-B89066703366}" = Brother HL-2140
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E0E6066-A687-448D-BFC4-D58BE3399C3B}" = SoftStylus
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{484B100E-6FBE-4631-BC55-5F872FD8E020}" = HP Wireless Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A57BF02-E8F8-4F2B-B76B-1CA50BA44449}" = Samsung Music Studio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"PROHYBRIDR" = 2007 Microsoft Office system
"RawShooter essentials 2005" = RawShooter essentials 2005
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnityWebPlayer" = Unity Web Player
"Veoh Web Player Beta" = Veoh Web Player
"Videora iPod touch Converter" = Videora iPod touch Converter 5.04
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 21/9/2009 3:46:47 AM | Computer Name = A_Mak | Source = avast! | ID = 33554522
Description =

Error - 25/11/2009 4:37:07 AM | Computer Name = A_Mak | Source = avast! | ID = 33554522
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Hello. I am back from vacation and will continue from here.

Educational Machines

We notice that you are currently running an educational machine or your own machine that is currently setup with a school's local network.

Please keep in mind that if there are restrictions for fixing machines on the network, we should no longer help out. Let us know if you are authorized to make fixes on the computer currently brought to attention.


System Damage

Your logs indicate minor to moderate system damage, which can be caused by the infections that were on your machine. When we say system damage, we mean that there are either system files infected/corrupted, or Registry entries that are corrupted.

Most of the time, these type of issues are fixable. However, there is still a chance that we cannot succeed. We will do our best to fix the damages on your machine, but we will not make promises.


System Files Integrity

We need to check a few files for infection/corruption.

Please open OTL -- Click the None button and then paste this in the Custom Scans box:

Code:

/md5start
eventlog.dll
shell32.dll
rundll32.exe
firewallapi.dll
/md5stop
HKEY_CLASSES_ROOT\exefile\shell\runas\command


Then click Run Scan. It shall launch a log. Please post it in your next reply.

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Hi,

welcome back. hmm. this is my computer, just that it's connected to the school's internet. the only thing i cannot do is download any P2P software like kazaa and imesh. other than that, i can do practically anything.. there isn't any restrictions on fixing my computer, as far as i know.

here is the log:

OTL logfile created on: 8/11/2010 11:56:19 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Amelia\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.85 Gb Total Space | 140.67 Gb Free Space | 63.41% Space Free | Partition Type: NTFS
Drive D: | 11.03 Gb Total Space | 1.27 Gb Free Space | 11.50% Space Free | Partition Type: NTFS

Computer Name: A_MAK | User Name: Amelia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: EVENTLOG.DLL >
[2007/05/18 15:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: FIREWALLAPI.DLL >
[2009/07/14 11:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) MD5=3F50200237961034FACE602373838980 -- C:\Windows\System32\FirewallAPI.dll
[2009/07/14 11:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) MD5=3F50200237961034FACE602373838980 -- C:\Windows\winsxs\x86_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_99ea919c2930530a\FirewallAPI.dll

< MD5 for: RUNDLL32.EXE >
[2009/07/14 11:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=51138BEEA3E2C21EC44D0932C71762A8 -- C:\Windows\System32\rundll32.exe
[2009/07/14 11:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=51138BEEA3E2C21EC44D0932C71762A8 -- C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe

< MD5 for: SHELL32.DLL >
[2009/07/14 11:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) MD5=518C6116079414E7074E726925D07A41 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16385_none_6bff8101734f8330\shell32.dll
[2010/02/18 17:32:54 | 012,868,096 | ---- | M] (Microsoft Corporation) MD5=7C2452DC91FB83BEE4AB4CBD4C62F707 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.20647_none_6cb661dc8c4ae032\shell32.dll
[2010/07/28 00:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) MD5=8679917A54A08CE5B923A2D0A511BABD -- C:\Windows\System32\shell32.dll
[2010/07/28 00:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) MD5=8679917A54A08CE5B923A2D0A511BABD -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16644_none_6c29c619732ff18a\shell32.dll
[2010/02/18 17:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation) MD5=A42D7CF85643157C0722B873C433E5A4 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16532_none_6c32938b7329a5c4\shell32.dll
[2010/07/27 23:59:50 | 012,869,120 | ---- | M] (Microsoft Corporation) MD5=E7BED39B2B28D726E3DFB898817A01D1 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.20765_none_6c9ec3568c5ce28d\shell32.dll

< HKEY_CLASSES_ROOT\exefile\shell\runas\command >
"" = "%1" %*
"IsolatedCommand" = "%1" %*

< End of report >

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Scan with VirusTotal

Please go to: VirusTotal


    RunDLL error after removing thinkpoint 79566475

  • Click the Browse button and search for the following file: C:\Windows\System32\shell32.dll
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the URL to the results in your next reply.

Also, do the same for this file:

C:\Windows\System32\rundll32.exe

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
MD5: 8679917a54a08ce5b923a2d0a511babd
Date first seen: 2010-08-03 10:16:58 (UTC)
Date last seen: 2010-11-07 00:42:04 (UTC)
Detection ratio: 0/43

http://www.virustotal.com/file-scan/report.html?id=755f4817bfeb8a1f8e5def319686375bca03112127ca7be7de8a78e65da5f4d4-1289308492

File name:
rundll32.exe
Submission date:
2010-11-09 13:23:28 (UTC)
Current status:
queued (#9) queued analysing finished
Result:
0/ 43 (0.0%)

http://www.virustotal.com/file-scan/report.html?id=5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124-1289309008

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
System File Checker utility

Go Start type in sfc /scannow
Press enter.

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.


Then, let me know if you still have the same error.

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
how would i know if the problem has been fixed?

i don't get the rundll32 error anymore.. but is it supposed to be running? my computer's just been acting funny, making icons i need disappear from the taskbar, stalling and being non responsive /:

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Most of the time, you would not have the error reproduce if it is fixed.

rundll32.exe is an important program in Windows and can run at anytime.

Download and run SVCHOST Diag.

Post the log from it when it launches.

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
mm.. it can create the file md5.exe? i let it run anyways, but then it couldn't produce the log file..

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Expected behavior, it probably failed because md5.exe is a Win32 application.

The actual program I created besides md5.exe is a Win64/Win32 application.

Let's see if this will work better:

Please download SpiderKill by DragonMaster Jay and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
SpiderKill by DragonMaster Jay


Microsoft Windows [Version 6.1.7600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is 12EB-2CCF

Directory of C:\Windows\System32\Drivers

28/10/2010 02:24 AM .
28/10/2010 02:24 AM ..
14/07/2009 09:51 AM 54,784 1394bus.sys
14/07/2009 09:52 AM 163,328 1394ohci.sys
14/07/2009 11:26 AM 274,496 acpi.sys
14/07/2009 09:16 AM 9,728 acpipmi.sys
14/07/2009 11:26 AM 422,976 adp94xx.sys
14/07/2009 11:26 AM 297,552 adpahci.sys
14/07/2009 11:26 AM 146,512 adpu320.sys
14/07/2009 09:12 AM 338,944 afd.sys
14/07/2009 09:55 AM 49,152 agilevpn.sys
14/07/2009 11:26 AM 53,312 AGP440.sys
14/07/2009 08:13 AM 1,035,776 AGRSM.sys
14/07/2009 11:26 AM 14,400 aliide.sys
14/07/2009 11:26 AM 53,312 AMDAGP.SYS
14/07/2009 11:26 AM 14,912 amdide.sys
14/07/2009 09:11 AM 55,296 amdk8.sys
14/07/2009 09:11 AM 52,736 amdppm.sys
14/07/2009 11:26 AM 79,952 amdsata.sys
14/07/2009 11:26 AM 159,312 amdsbs.sys
14/07/2009 11:26 AM 23,616 amdxata.sys
14/07/2009 09:36 AM 50,176 appid.sys
04/03/2009 06:23 PM ar-SA
14/07/2009 11:26 AM 76,368 arc.sys
14/07/2009 11:26 AM 86,608 arcsas.sys
08/09/2010 12:47 AM 17,744 aswFsBlk.sys
08/09/2010 12:47 AM 50,768 aswMonFlt.sys
08/09/2010 12:47 AM 23,376 aswRdr.sys
08/09/2010 12:52 AM 165,584 aswSP.sys
08/09/2010 12:52 AM 46,672 aswTdi.sys
14/07/2009 09:54 AM 17,920 asyncmac.sys
14/07/2009 11:26 AM 21,584 atapi.sys
14/07/2009 11:26 AM 133,200 ataport.sys
22/09/2009 02:45 AM 1,172,992 athr.sys
14/07/2009 08:02 AM 229,888 b57nd60x.sys
14/07/2009 11:26 AM 25,168 battc.sys
14/07/2009 09:45 AM 6,144 beep.sys
04/03/2009 06:23 PM bg-BG
14/07/2009 09:23 AM 35,328 blbdrive.sys
14/07/2009 09:14 AM 69,632 bowser.sys
14/07/2009 08:53 AM 13,568 BrFiltLo.sys
14/07/2009 08:53 AM 5,248 BrFiltUp.sys
14/07/2009 10:41 AM 78,336 bridge.sys
14/07/2009 10:57 AM 272,128 BrSerId.sys
14/07/2009 08:53 AM 62,336 BrSerWdm.sys
14/07/2009 08:53 AM 12,160 BrUsbMdm.sys
14/07/2009 08:53 AM 11,904 BrUsbSer.sys
14/07/2009 09:51 AM 56,320 bthmodem.sys
14/07/2009 08:02 AM 430,080 bxvbdx.sys
14/07/2009 09:11 AM 70,656 cdfs.sys
14/07/2009 09:11 AM 108,544 cdrom.sys
14/07/2009 09:51 AM 37,888 circlass.sys
14/07/2009 11:26 AM 140,864 Classpnp.sys
14/07/2009 09:19 AM 14,080 CmBatt.sys
14/07/2009 11:26 AM 15,952 cmdide.sys
14/07/2009 11:17 AM 369,568 cng.sys
14/07/2009 11:26 AM 19,024 compbatt.sys
14/07/2009 09:45 AM 31,232 CompositeBus.sys
14/07/2009 11:20 AM 35,408 crashdmp.sys
14/07/2009 11:20 AM 22,096 crcdisk.sys
04/03/2009 06:23 PM cs-CZ
04/03/2009 06:23 PM da-DK
04/03/2009 06:23 PM de-DE
14/07/2009 09:14 AM 78,336 dfsc.sys
14/07/2009 09:24 AM 32,256 discache.sys
14/07/2009 11:20 AM 57,424 disk.sys
13/07/2010 03:22 PM 26,504 Diskdump.sys
14/07/2009 11:20 AM 70,720 djsvs.sys
14/07/2009 10:41 AM 80,896 drmk.sys
14/07/2009 09:50 AM 5,120 drmkaud.sys
14/07/2009 11:20 AM 26,704 Dumpata.sys
14/07/2009 11:17 AM 55,584 dumpfve.sys
14/07/2009 09:25 AM 13,312 dxapi.sys
14/07/2009 09:25 AM 76,288 dxg.sys
02/10/2009 02:06 PM 728,648 dxgkrnl.sys
14/07/2009 09:25 AM 211,968 dxgmms1.sys
04/03/2009 06:23 PM el-GR
14/07/2009 11:20 AM 453,712 elxstor.sys
14/07/2009 02:56 PM en-US
14/07/2009 09:19 AM 7,168 errdev.sys
04/03/2009 06:23 PM es-ES
04/03/2009 06:23 PM et-EE
20/10/2010 08:19 PM etc
14/07/2009 08:02 AM 3,100,160 evbdx.sys
14/07/2009 09:14 AM 142,336 exfat.sys
14/07/2009 09:14 AM 148,480 fastfat.sys
14/07/2009 09:45 AM 25,088 fdc.sys
04/03/2009 06:23 PM fi-FI
14/07/2009 11:20 AM 58,448 fileinfo.sys
14/07/2009 09:15 AM 28,160 filetrace.sys
14/07/2009 09:45 AM 19,968 flpydisk.sys
14/07/2009 11:20 AM 198,208 fltMgr.sys
04/03/2009 06:23 PM fr-FR
14/07/2009 11:20 AM 46,160 fsdepends.sys
14/07/2009 11:20 AM 19,536 fs_rec.sys
26/09/2009 03:58 PM 194,488 fvevol.sys
14/07/2009 11:20 AM 187,472 FWPKCLNT.SYS
14/07/2009 11:20 AM 57,936 GAGP30KX.SYS
18/05/2009 04:17 PM 26,600 GEARAspiWDM.sys
11/06/2009 07:14 AM 3,440,660 gm.dls
11/06/2009 07:14 AM 646 gmreadme.txt
14/07/2009 08:54 AM 26,624 hcw85cir.sys
14/07/2009 09:50 AM 108,544 hdaudbus.sys
04/03/2009 06:23 PM he-IL
14/07/2009 09:19 AM 21,504 hidbatt.sys
14/07/2009 09:51 AM 91,136 hidbth.sys
14/07/2009 09:51 AM 55,808 hidclass.sys
14/07/2009 09:51 AM 37,888 hidir.sys
14/07/2009 09:51 AM 25,728 hidparse.sys
14/07/2009 09:51 AM 24,064 hidusb.sys
29/04/2009 08:46 AM 15,872 HpqKbFiltr.sys
14/07/2009 11:20 AM 67,152 HpSAMD.sys
04/03/2009 06:23 PM hr-HR
14/07/2009 09:12 AM 513,024 http.sys
04/03/2009 06:23 PM hu-HU
14/07/2009 11:20 AM 13,904 hwpolicy.sys
14/07/2009 09:11 AM 80,896 i8042prt.sys
14/07/2009 11:20 AM 332,352 iaStorV.sys
11/06/2009 07:19 AM 4,756,480 igdkmd32.sys
14/07/2009 11:20 AM 41,040 iirsp.sys
22/09/2008 03:49 PM 112,128 IntcHdmi.sys
14/07/2009 11:20 AM 15,424 intelide.sys
14/07/2009 09:11 AM 53,760 intelppm.sys
14/07/2009 09:54 AM 58,880 ipfltdrv.sys
14/07/2009 09:30 AM 65,536 IPMIDrv.sys
14/07/2009 09:54 AM 101,888 ipnat.sys
14/07/2009 09:53 AM 96,768 irda.sys
14/07/2009 09:53 AM 13,824 irenum.sys
14/07/2009 11:20 AM 46,656 isapnp.sys
04/03/2009 06:23 PM it-IT
04/03/2009 06:23 PM ja-JP
14/07/2009 11:20 AM 42,576 kbdclass.sys
14/07/2009 09:45 AM 28,160 kbdhid.sys
04/03/2009 06:23 PM ko-KR
04/03/2010 01:57 PM 190,976 ks.sys
14/07/2009 11:20 AM 67,664 ksecdd.sys
11/12/2009 05:44 PM 133,720 ksecpkg.sys
04/07/2009 12:49 AM 64,160 Lbd.sys
14/07/2009 09:53 AM 48,128 lltdio.sys
14/07/2009 11:20 AM 95,824 lsi_fc.sys
14/07/2009 11:20 AM 89,168 lsi_sas.sys
14/07/2009 11:20 AM 54,864 lsi_sas2.sys
14/07/2009 11:20 AM 96,848 lsi_scsi.sys
04/03/2009 06:23 PM lt-LT
14/07/2009 09:15 AM 86,528 luafv.sys
04/03/2009 06:23 PM lv-LV
14/07/2009 09:45 AM 18,432 mcd.sys
14/07/2009 11:20 AM 30,800 megasas.sys
14/07/2009 11:20 AM 235,584 MegaSR.sys
14/07/2009 09:55 AM 31,744 modem.sys
14/07/2009 09:25 AM 23,552 monitor.sys
14/07/2009 11:20 AM 41,552 mouclass.sys
14/07/2009 09:45 AM 26,112 mouhid.sys
14/07/2009 11:20 AM 78,416 mountmgr.sys
14/07/2009 11:20 AM 130,624 mpio.sys
14/07/2009 09:52 AM 60,416 mpsdrv.sys
14/07/2009 09:14 AM 115,712 mrxdav.sys
27/02/2010 05:32 PM 123,392 mrxsmb.sys
27/02/2010 05:32 PM 221,696 mrxsmb10.sys
27/02/2010 05:32 PM 95,744 mrxsmb20.sys
14/07/2009 11:20 AM 27,712 msahci.sys
14/07/2009 11:20 AM 115,792 msdsm.sys
14/07/2009 09:11 AM 22,528 msfs.sys
11/06/2009 07:27 AM 3 MsftWdf_Kernel_01009_Inbox_Critical.Wdf
14/07/2009 09:51 AM 4,096 mshidkmdf.sys
14/07/2009 11:20 AM 13,888 msisadrv.sys
14/07/2009 11:20 AM 186,960 msiscsi.sys
14/07/2009 09:45 AM 8,320 mskssrv.sys
14/07/2009 09:45 AM 5,888 mspclock.sys
14/07/2009 09:45 AM 5,504 mspqm.sys
14/07/2009 11:20 AM 162,896 msrpc.sys
14/07/2009 11:20 AM 28,240 mssmbios.sys
14/07/2009 09:45 AM 6,144 mstee.sys
14/07/2009 09:46 AM 12,288 MTConfig.sys
14/07/2009 11:20 AM 49,728 mup.sys
04/03/2009 06:23 PM nb-NO
14/07/2009 11:20 AM 710,720 ndis.sys
14/07/2009 09:52 AM 27,136 ndiscap.sys
14/07/2009 09:54 AM 20,992 ndistapi.sys
14/07/2009 09:53 AM 45,568 ndisuio.sys
14/07/2009 09:54 AM 118,784 ndiswan.sys
14/07/2009 09:54 AM 48,128 ndproxy.sys
14/07/2009 09:53 AM 36,352 netbios.sys
14/07/2009 09:12 AM 187,904 netbt.sys
14/07/2009 11:20 AM 240,208 netio.sys
14/07/2009 11:20 AM 44,624 nfrd960.sys
04/03/2009 06:23 PM nl-NL
14/07/2009 09:11 AM 35,328 npfs.sys
14/07/2009 09:12 AM 16,896 nsiproxy.sys
14/07/2009 11:20 AM 1,210,432 ntfs.sys
14/07/2009 09:11 AM 4,608 null.sys
14/07/2009 11:20 AM 117,312 nvraid.sys
14/07/2009 11:20 AM 142,416 nvstor.sys
14/07/2009 11:20 AM 105,024 NV_AGP.SYS
14/07/2009 09:52 AM 267,264 nwifi.sys
14/07/2009 09:51 AM 62,464 ohci1394.sys
14/07/2009 09:53 AM 104,448 pacer.sys
14/07/2009 09:45 AM 79,360 parport.sys
14/07/2009 11:20 AM 56,912 partmgr.sys
14/07/2009 09:45 AM 8,704 parvdm.sys
14/07/2009 11:20 AM 153,680 pci.sys
14/07/2009 11:20 AM 12,368 pciide.sys
14/07/2009 11:19 AM 42,560 pciidex.sys
14/07/2009 11:19 AM 180,288 pcmcia.sys
14/07/2009 11:19 AM 43,088 pcw.sys
14/07/2009 10:41 AM 586,752 PEAuth.sys
04/03/2009 06:23 PM pl-PL
14/07/2009 09:51 AM 177,152 portcls.sys
14/07/2009 09:11 AM 52,224 processr.sys
04/03/2009 06:23 PM pt-BR
04/03/2009 06:23 PM pt-PT
14/07/2009 11:19 AM 1,383,488 ql2300.sys
14/07/2009 11:19 AM 106,064 ql40xx.sys
14/07/2009 09:54 AM 31,744 qwavedrv.sys
14/07/2009 09:54 AM 11,776 rasacd.sys
14/07/2009 09:54 AM 78,848 rasl2tp.sys
14/07/2009 09:54 AM 77,824 raspppoe.sys
14/07/2009 09:54 AM 73,728 raspptp.sys
14/07/2009 09:54 AM 75,264 rassstp.sys
14/07/2009 09:14 AM 241,664 rdbss.sys
14/07/2009 10:02 AM 18,944 rdpbus.sys
14/07/2009 10:01 AM 6,656 RDPCDD.sys
14/07/2009 10:01 AM 6,656 RDPENCDD.sys
14/07/2009 10:01 AM 7,168 RDPREFMP.sys
14/07/2009 10:01 AM 177,152 rdpwd.sys
14/07/2009 11:19 AM 173,648 rdyboost.sys
14/07/2009 09:53 AM 117,248 rmcast.sys
14/07/2009 09:54 AM 33,280 RNDISMP.sys
04/03/2009 06:23 PM ro-RO
14/07/2009 09:55 AM 8,192 rootmdm.sys
14/07/2009 09:53 AM 60,928 rspndr.sys
23/12/2008 09:47 PM 138,240 Rtlh86.sys
30/12/2008 10:31 AM 60,416 RTSTOR.sys
04/03/2009 06:23 PM ru-RU
14/07/2009 11:19 AM 85,568 sbp2port.sys
14/07/2009 09:33 AM 26,624 scfilter.sys
14/07/2009 11:19 AM 140,368 scsiport.sys
14/07/2009 06:50 AM 20,480 secdrv.sys
14/07/2009 09:45 AM 17,920 serenum.sys
14/07/2009 09:45 AM 83,456 serial.sys
14/07/2009 09:45 AM 19,968 sermouse.sys
14/07/2009 09:45 AM 11,264 sffdisk.sys
14/07/2009 09:45 AM 12,288 sffp_mmc.sys
14/07/2009 09:45 AM 12,800 sffp_sd.sys
14/07/2009 09:45 AM 13,824 sfloppy.sys
14/07/2009 11:19 AM 52,304 SISAGP.SYS
14/07/2009 11:19 AM 40,016 sisraid2.sys
14/07/2009 11:19 AM 77,888 sisraid4.sys
04/03/2009 06:23 PM sk-SK
04/03/2009 06:23 PM sl-SI
14/07/2009 09:53 AM 71,168 smb.sys
14/07/2009 09:45 AM 17,408 smclib.sys
14/07/2009 11:19 AM 17,472 spldr.sys
14/07/2009 06:34 AM 405,504 spsys.sys
06/03/2010 12:41 AM sr-Latn-CS
27/08/2010 01:31 PM 310,784 srv.sys
27/08/2010 01:30 PM 308,736 srv2.sys
27/08/2010 01:30 PM 113,664 srvnet.sys
14/07/2009 11:19 AM 21,072 stexstor.sys
14/07/2009 11:19 AM 144,960 storport.sys
14/07/2009 09:50 AM 53,632 stream.sys
21/07/2009 07:33 PM 409,088 stwrt.sys
04/03/2009 06:23 PM sv-SE
14/07/2009 11:19 AM 12,240 swenum.sys
05/12/2008 08:55 AM 204,976 SynTP.sys
14/07/2009 09:45 AM 24,576 tape.sys
14/06/2010 04:12 PM 1,286,016 tcpip.sys
14/07/2009 09:54 AM 34,816 tcpipreg.sys
14/07/2009 09:12 AM 20,992 tdi.sys
14/07/2009 10:01 AM 17,920 tdpipe.sys
14/07/2009 10:01 AM 24,064 tdtcp.sys
14/07/2009 09:12 AM 74,240 tdx.sys
14/07/2009 11:19 AM 51,776 termdd.sys
04/03/2009 06:23 PM th-TH
04/03/2009 06:23 PM tr-TR
14/07/2009 10:01 AM 30,208 tssecsrv.sys
14/07/2009 09:54 AM 108,544 tunnel.sys
14/07/2009 11:19 AM 55,888 UAGP35.SYS
14/07/2009 09:14 AM 246,784 udfs.sys
04/03/2009 06:23 PM uk-UA
14/07/2009 11:19 AM 57,424 ULIAGPKX.SYS
14/07/2009 09:51 AM 39,936 umbus.sys
16/03/2010 05:24 PM UMDF
14/07/2009 09:51 AM 8,192 umpass.sys
14/07/2009 09:54 AM 15,872 usb8023.sys
19/04/2010 08:47 PM 41,984 usbaapl.sys
14/07/2009 09:51 AM 80,640 USBAUDIO.sys
14/07/2009 09:51 AM 25,856 USBCAMD.sys
14/07/2009 09:51 AM 25,856 USBCAMD2.sys
14/07/2009 09:51 AM 75,264 usbccgp.sys
14/07/2009 09:51 AM 86,016 usbcir.sys
14/07/2009 09:51 AM 5,888 usbd.sys
14/07/2009 09:51 AM 41,472 usbehci.sys
14/07/2009 09:52 AM 258,560 usbhub.sys
14/07/2009 09:51 AM 20,480 usbohci.sys
14/07/2009 09:51 AM 284,160 usbport.sys
14/07/2009 10:17 AM 19,968 usbprint.sys
14/07/2009 10:14 AM 26,112 usbrpm.sys
14/07/2009 09:51 AM 74,752 USBSTOR.SYS
14/07/2009 09:51 AM 24,064 usbuhci.sys
04/03/2010 02:04 PM 146,304 usbvideo.sys
14/07/2009 11:19 AM 32,832 vdrvroot.sys
14/07/2009 09:25 AM 25,088 vga.sys
14/07/2009 09:25 AM 26,112 vgapnp.sys
14/07/2009 11:19 AM 159,824 vhdmp.sys
14/07/2009 11:19 AM 53,328 VIAAGP.SYS
14/07/2009 09:11 AM 52,736 viac7.sys
14/07/2009 11:19 AM 16,976 viaide.sys
14/07/2009 09:25 AM 111,616 videoprt.sys
14/07/2009 11:19 AM 53,312 volmgr.sys
14/07/2009 11:19 AM 297,040 volmgrx.sys
14/07/2009 11:19 AM 245,328 volsnap.sys
14/07/2009 11:19 AM 141,904 vsmraid.sys
14/07/2009 09:52 AM 19,968 vwifibus.sys
14/07/2009 09:52 AM 48,128 vwififlt.sys
14/07/2009 09:52 AM 14,336 vwifimp.sys
14/07/2009 09:46 AM 21,632 wacompen.sys
14/07/2009 09:55 AM 63,488 wanarp.sys
14/07/2009 09:24 AM 35,328 watchdog.sys
14/07/2009 11:19 AM 19,024 wd.sys
14/07/2009 11:19 AM 445,008 Wdf01000.sys
03/11/2006 12:09 AM 1,419,232 wdfcoinstaller01005.dll
14/07/2009 11:19 AM 38,480 WdfLdr.sys
14/07/2009 09:53 AM 9,728 wfplwf.sys
14/07/2009 11:19 AM 19,008 wimmount.sys
14/07/2009 09:51 AM 34,944 winusb.sys
14/07/2009 09:19 AM 11,264 wmiacpi.sys
14/07/2009 11:19 AM 14,912 wmilib.sys
14/07/2009 09:55 AM 16,384 ws2ifsl.sys
14/07/2009 09:50 AM 92,672 WUDFPf.sys
14/07/2009 09:50 AM 132,224 WUDFRd.sys
294 File(s) 44,155,461 bytes

Directory of C:\Windows\System32\Drivers\ar-SA

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\bg-BG

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\cs-CZ

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\da-DK

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\de-DE

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\el-GR

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\en-US

14/07/2009 02:56 PM .
14/07/2009 02:56 PM ..
14/07/2009 12:09 PM 11,776 1394ohci.sys.mui
14/07/2009 12:06 PM 9,216 acpi.sys.mui
14/07/2009 12:08 PM 14,848 afd.sys.mui
14/07/2009 12:07 PM 2,560 AGP440.sys.mui
14/07/2009 12:03 PM 2,560 AMDAGP.SYS.mui
14/07/2009 12:07 PM 2,048 amdide.sys.mui
14/07/2009 12:07 PM 14,336 amdk8.sys.mui
14/07/2009 12:07 PM 14,336 amdppm.sys.mui
14/07/2009 12:06 PM 3,072 ataport.sys.mui
14/07/2009 12:05 PM 3,072 atikmdag.sys.mui
14/07/2009 12:04 PM 9,728 b57nd60x.sys.mui
14/07/2009 12:04 PM 7,168 battc.sys.mui
14/07/2009 12:08 PM 5,120 bcm4sbxp.sys.mui
14/07/2009 12:09 PM 25,600 bfe.dll.mui
14/07/2009 12:02 PM 2,560 BrParwdm.sys.mui
14/07/2009 12:04 PM 10,240 BrSerIb.sys.mui
14/07/2009 12:09 PM 10,240 BrSerId.sys.mui
14/07/2009 12:09 PM 2,048 bthenum.sys.mui
14/07/2009 12:02 PM 4,608 bthpan.sys.mui
14/07/2009 12:07 PM 7,680 bthport.sys.mui
14/07/2009 12:09 PM 2,560 BTHUSB.SYS.mui
14/07/2009 12:06 PM 2,048 cdrom.sys.mui
14/07/2009 12:08 PM 2,048 disk.sys.mui
14/07/2009 12:06 PM 2,560 Dot4usb.sys.mui
14/07/2009 12:03 PM 5,120 e100b325.sys.mui
14/07/2009 12:06 PM 19,968 e1e6032.sys.mui
14/07/2009 12:09 PM 16,896 E1G60I32.sys.mui
14/07/2009 12:02 PM 10,240 e1k6032.sys.mui
14/07/2009 12:09 PM 10,752 e1q6032.sys.mui
14/07/2009 12:08 PM 19,968 e1y6032.sys.mui
14/07/2009 12:03 PM 5,120 fltmgr.sys.mui
14/07/2009 12:04 PM 14,336 fvevol.sys.mui
14/07/2009 12:04 PM 2,560 GAGP30KX.SYS.mui
14/07/2009 12:07 PM 3,072 getn62.sys.mui
14/07/2009 12:06 PM 4,096 hdaudbus.sys.mui
14/07/2009 12:09 PM 3,072 HdAudio.sys.mui
14/07/2009 12:07 PM 3,072 hidbth.sys.mui
14/07/2009 12:07 PM 32,256 http.sys.mui
14/07/2009 12:04 PM 10,240 i8042prt.sys.mui
14/07/2009 12:05 PM 14,336 intelppm.sys.mui
14/07/2009 12:07 PM 5,632 IPMIDrv.sys.mui
14/07/2009 12:03 PM 3,584 ipnat.sys.mui
14/07/2009 12:05 PM 3,584 isapnp.sys.mui
14/07/2009 12:10 PM 9,728 k57nd60x.sys.mui
14/07/2009 12:04 PM 4,096 kbdclass.sys.mui
14/07/2009 12:09 PM 2,560 kbdhid.sys.mui
14/07/2009 12:07 PM 9,728 ltmdmnt.sys.mui
14/07/2009 12:08 PM 6,144 luafv.sys.mui
14/07/2009 12:06 PM 3,584 modem.sys.mui
14/07/2009 12:08 PM 4,096 mouclass.sys.mui
14/07/2009 12:06 PM 2,560 mouhid.sys.mui
14/07/2009 12:07 PM 2,560 mountmgr.sys.mui
14/07/2009 12:07 PM 26,624 mpio.sys.mui
14/07/2009 12:10 PM 5,632 msdsm.sys.mui
14/07/2009 12:01 PM 3,072 mssmbios.sys.mui
14/07/2009 12:04 PM 2,560 MTConfig.sys.mui
14/07/2009 12:01 PM 35,328 ndis.sys.mui
14/07/2009 12:09 PM 5,632 ndiscap.sys.mui
14/07/2009 12:01 PM 3,072 ndisuio.sys.mui
14/07/2009 12:08 PM 59,904 ntfs.sys.mui
14/07/2009 12:02 PM 2,560 NV_AGP.SYS.mui
14/07/2009 12:06 PM 13,824 nwifi.sys.mui
14/07/2009 12:09 PM 11,776 ohci1394.sys.mui
14/07/2009 12:07 PM 15,360 pacer.sys.mui
14/07/2009 12:01 PM 3,584 parport.sys.mui
14/07/2009 12:08 PM 2,560 partmgr.sys.mui
14/07/2009 12:04 PM 2,560 parvdm.sys.mui
14/07/2009 12:04 PM 8,192 pci.sys.mui
14/07/2009 12:02 PM 4,096 pcmcia.sys.mui
14/07/2009 12:04 PM 2,560 pnpmem.sys.mui
14/07/2009 12:02 PM 3,584 portcls.sys.mui
14/07/2009 12:02 PM 14,336 processr.sys.mui
14/07/2009 12:03 PM 3,584 pscr.sys.mui
14/07/2009 12:04 PM 2,560 qwavedrv.sys.mui
14/07/2009 12:02 PM 4,608 rdbss.sys.mui
14/07/2009 12:07 PM 3,072 RNDISMP.sys.mui
14/07/2009 12:02 PM 3,072 rndismp6.sys.mui
14/07/2009 12:07 PM 3,072 rndismpx.sys.mui
14/07/2009 12:05 PM 2,560 scfilter.sys.mui
14/07/2009 12:04 PM 3,072 scsiport.sys.mui
14/07/2009 12:09 PM 10,240 serial.sys.mui
14/07/2009 12:04 PM 5,120 sermouse.sys.mui
14/07/2009 12:08 PM 2,560 serscan.sys.mui
14/07/2009 12:08 PM 2,560 SISAGP.SYS.mui
14/07/2009 12:08 PM 2,560 srv.sys.mui
14/07/2009 12:08 PM 44,032 tcpip.sys.mui
14/07/2009 12:06 PM 4,096 tpm.sys.mui
14/07/2009 12:03 PM 7,680 tunnel.sys.mui
14/07/2009 12:04 PM 2,560 UAGP35.SYS.mui
14/07/2009 12:04 PM 2,560 ULIAGPKX.SYS.mui
14/07/2009 12:07 PM 3,072 umbus.sys.mui
14/07/2009 12:04 PM 11,776 usbhub.sys.mui
14/07/2009 12:02 PM 24,576 usbport.sys.mui
14/07/2009 12:03 PM 2,048 usbrpm.sys.mui
14/07/2009 12:02 PM 3,584 vdrvroot.sys.mui
14/07/2009 12:05 PM 3,584 vhdmp.sys.mui
14/07/2009 12:07 PM 2,560 VIAAGP.SYS.mui
14/07/2009 12:09 PM 14,336 viac7.sys.mui
14/07/2009 12:09 PM 2,560 volmgrx.sys.mui
14/07/2009 12:03 PM 23,552 volsnap.sys.mui
14/07/2009 12:06 PM 2,048 vwifibus.sys.mui
14/07/2009 12:10 PM 4,096 wacompen.sys.mui
14/07/2009 12:09 PM 2,048 wd.sys.mui
14/07/2009 12:07 PM 2,560 wdf01000.sys.mui
14/07/2009 12:04 PM 2,048 ws2ifsl.sys.mui
14/07/2009 12:03 PM 32,256 yk62x86.sys.mui
106 File(s) 878,080 bytes

Directory of C:\Windows\System32\Drivers\es-ES

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\et-EE

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

20/10/2010 08:19 PM .
20/10/2010 08:19 PM ..
20/10/2010 08:19 PM 27 hosts
19/09/2006 07:41 AM 761 hosts.msn
11/06/2009 07:39 AM 3,683 lmhosts.sam
11/06/2009 07:39 AM 407 networks
11/06/2009 07:39 AM 1,358 protocol
11/06/2009 07:39 AM 17,463 services
6 File(s) 23,699 bytes

Directory of C:\Windows\System32\Drivers\fi-FI

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\fr-FR

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\he-IL

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\hr-HR

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\hu-HU

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\it-IT

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\ja-JP

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\ko-KR

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\lt-LT

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\lv-LV

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\nb-NO

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\nl-NL

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\pl-PL

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\pt-BR

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\pt-PT

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\ro-RO

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\ru-RU

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\sk-SK

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\sl-SI

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\sr-Latn-CS

06/03/2010 12:41 AM .
06/03/2010 12:41 AM ..
04/03/2009 06:23 PM 8,192 bthport.sys.mui
1 File(s) 8,192 bytes

Directory of C:\Windows\System32\Drivers\sv-SE

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\th-TH

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\tr-TR

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\uk-UA

04/03/2009 06:23 PM .
04/03/2009 06:23 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\UMDF

16/03/2010 05:24 PM .
16/03/2010 05:24 PM ..
14/07/2009 02:56 PM en-US
14/07/2009 11:16 AM 226,816 WpdFs.dll
14/07/2009 11:16 AM 844,288 WpdMtpDr.dll
2 File(s) 1,071,104 bytes

Directory of C:\Windows\System32\Drivers\UMDF\en-US

14/07/2009 02:56 PM .
14/07/2009 02:56 PM ..
14/07/2009 12:04 PM 2,560 WpdMtpDr.dll.mui
14/07/2009 12:09 PM 6,144 WUDFUsbccidDriver.dll.mui
2 File(s) 8,704 bytes

Total Files Listed:
411 File(s) 46,145,240 bytes
110 Dir(s) 146,467,020,800 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is 12EB-2CCF

Directory of C:\Windows\System32\Drivers

01/09/2009 06:37 PM 0 103C_HP_cNB_Presario CQ61 Notebook PC_Y5335KV_0U_QCNF92760WC_E511736-371_4A_I3069_SQuanta_V21.0B_F.06_T090603_WV3-1_L409_M2975_J250_7Intel_867A_92.00_#090901_N10EC8136;168C002B_(VJ980PA#ABG)_XMOBILE_CN10_Z.MRK
06/03/2010 12:21 AM 0 Msft_Kernel_SynTP_01007.Wdf
05/09/2009 05:00 PM 0 Msft_User_WpdFs_01_00_00.Wdf
10/03/2010 08:16 PM 0 Msft_User_WpdFs_01_09_00.Wdf
16/03/2010 05:24 PM 0 Msft_User_WpdMtpDr_01_09_00.Wdf
5 File(s) 0 bytes
0 Dir(s) 146,467,020,800 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
Dwm.exe 1552 High C:\Windows\system32\Dwm.exe
Explorer.EXE 1580 Normal C:\Windows\Explorer.EXE
SynTPEnh.exe 1840 Above Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
hpwuSchd2.exe 1856 Normal C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
issch.exe 1884 Normal C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
QLBCTRL.exe 1916 Normal C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
sttray.exe 1972 Normal C:\Program Files\IDT\WDM\sttray.exe
HPWAMain.exe 1980 Normal C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
QPService.exe 1988 Normal C:\Program Files\HP\QuickPlay\QPService.exe
winampa.exe 1996 Normal C:\Program Files\Winamp\winampa.exe
realsched.exe 2004 Normal C:\Program Files\Common Files\Real\Update_OB\realsched.exe
iTunesHelper.exe 1252 Normal C:\Program Files\iTunes\iTunesHelper.exe
AvastUI.exe 1572 Normal C:\Program Files\Alwil Software\Avast5\AvastUI.exe
taskhost.exe 1896 Normal C:\Windows\system32\taskhost.exe
jusched.exe 2484 Normal C:\Program Files\Common Files\Java\Java Update\jusched.exe
AdobeARM.exe 2508 Normal C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
LightScribeControlPanel.exe 2664 Normal C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
ONENOTEM.EXE 2900 Normal C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
soffice.exe 2984 Normal C:\Program Files\OpenOffice.org 3\program\soffice.exe
soffice.bin 3036 Normal C:\Program Files\OpenOffice.org 3\program\soffice.bin
isuspm.exe 4076 Normal c:\program files\common files\installshield\updateservice\isuspm.exe
agent.exe 2888 Normal C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
hpqToaster.exe 4772 Normal C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
AAWTray.exe 504 Normal C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
wuauclt.exe 4980 Normal C:\Windows\system32\wuauclt.exe
firefox.exe 5692 Normal C:\Program Files\Mozilla Firefox\firefox.exe
cmd.exe 5604 Normal C:\Windows\system32\cmd.exe
conhost.exe 5196 Normal C:\Windows\system32\conhost.exe
processes.exe 1696 Normal C:\Users\Amelia\Desktop\SpiderKill\SpiderKill\processes.exe


*********************Modules of explorer.exe and svchost.exe*******************
Module information for 'Explorer.EXE'(1580)
MODULE BASE SIZE PATH
Explorer.EXE 420000 2625536 C:\Windows\Explorer.EXE 6.1.7600.16385 (win7_rtm.090713-1255) Windows Explorer
ntdll.dll 77940000 1294336 C:\Windows\SYSTEM32\ntdll.dll 6.1.7600.16385 (win7_rtm.090713-1255) NT Layer DLL
kernel32.dll 77030000 868352 C:\Windows\system32\kernel32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows NT BASE API Client DLL
KERNELBASE.dll 75d10000 303104 C:\Windows\system32\KERNELBASE.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows NT BASE API Client DLL
ADVAPI32.dll 77680000 655360 C:\Windows\system32\ADVAPI32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Advanced Windows 32 Base API
msvcrt.dll 76230000 704512 C:\Windows\system32\msvcrt.dll 7.0.7600.16385 (win7_rtm.090713-1255) Windows NT CRT DLL
sechost.dll 77b50000 102400 C:\Windows\SYSTEM32\sechost.dll 6.1.7600.16385 (win7_rtm.090713-1255) Host for SCM/SDDL/LSA Lookup APIs
RPCRT4.dll 75ed0000 659456 C:\Windows\system32\RPCRT4.dll 6.1.7600.16385 (win7_rtm.090713-1255) Remote Procedure Call Runtime
GDI32.dll 77aa0000 319488 C:\Windows\system32\GDI32.dll 6.1.7600.16385 (win7_rtm.090713-1255) GDI Client DLL
USER32.dll 77320000 823296 C:\Windows\system32\USER32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Multi-User Windows USER API Client DLL
LPK.dll 77a80000 40960 C:\Windows\system32\LPK.dll 6.1.7600.16385 (win7_rtm.090713-1255) Language Pack
USP10.dll 762e0000 643072 C:\Windows\system32\USP10.dll 1.0626.7600.16385 (win7_rtm.090713-1255) Uniscribe Unicode script processor
SHLWAPI.dll 76380000 356352 C:\Windows\system32\SHLWAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Shell Light-weight Utility Library
SHELL32.dll 763e0000 12881920 C:\Windows\system32\SHELL32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Shell Common Dll
ole32.dll 75fb0000 1425408 C:\Windows\system32\ole32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft OLE for Windows
OLEAUT32.dll 775f0000 585728 C:\Windows\system32\OLEAUT32.dll 6.1.7600.16385 6.1.7600.16385
EXPLORERFRAME.dll 714b0000 1503232 C:\Windows\system32\EXPLORERFRAME.dll 6.1.7600.16385 (win7_rtm.090713-1255) ExplorerFrame
DUser.dll 74500000 192512 C:\Windows\system32\DUser.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows DirectUser Engine
DUI70.dll 74530000 729088 C:\Windows\system32\DUI70.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows DirectUI Engine
IMM32.dll 77300000 126976 C:\Windows\system32\IMM32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 76120000 835584 C:\Windows\system32\MSCTF.dll 6.1.7600.16385 (win7_rtm.090713-1255) MSCTF Server DLL
UxTheme.dll 74780000 262144 C:\Windows\system32\UxTheme.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft UxTheme Library
POWRPROF.dll 74dd0000 151552 C:\Windows\system32\POWRPROF.dll 6.1.7600.16385 (win7_rtm.090713-1255) Power Profile Helper DLL
SETUPAPI.dll 777a0000 1691648 C:\Windows\system32\SETUPAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Setup API
CFGMGR32.dll 75d60000 159744 C:\Windows\system32\CFGMGR32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Configuration Manager DLL
DEVOBJ.dll 75cf0000 73728 C:\Windows\system32\DEVOBJ.dll 6.1.7600.16385 (win7_rtm.090713-1255) Device Information Set DLL
dwmapi.dll 74490000 77824 C:\Windows\system32\dwmapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Desktop Window Manager API
slc.dll 739e0000 40960 C:\Windows\system32\slc.dll 6.1.7600.16385 (win7_rtm.090713-1255) Software Licensing Client Dll
gdiplus.dll 745f0000 1638400 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft GDI+
Secur32.dll 75940000 32768 C:\Windows\system32\Secur32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Security Support Provider Interface
SSPICLI.DLL 75970000 106496 C:\Windows\system32\SSPICLI.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Security Support Provider Interface
PROPSYS.dll 747d0000 1003520 C:\Windows\system32\PROPSYS.dll 7.00.7600.16385 (win7_rtm.090713-1255) Microsoft Property System
CRYPTBASE.dll 759e0000 49152 C:\Windows\system32\CRYPTBASE.dll 6.1.7600.16385 (win7_rtm.090713-1255) Base cryptographic API DLL
comctl32.dll 74950000 1695744 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll 5.82 (win7_rtm.090713-1255) Common Controls Library
WindowsCodecs.dll 742b0000 1028096 C:\Windows\system32\WindowsCodecs.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Windows Codecs Library
profapi.dll 75a90000 45056 C:\Windows\system32\profapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) User Profile Basic API
apphelp.dll 75990000 307200 C:\Windows\system32\apphelp.dll 6.1.7600.16385 (win7_rtm.090713-1255) Application Compatibility Client Library
CLBCatQ.DLL 77110000 536576 C:\Windows\system32\CLBCatQ.DLL 2001.12.8530.16385 (win7_rtm.090713-1255) COM+ Configuration Catalog
DropboxExt.13.dll 10000000 94208 C:\Users\Amelia\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll 1.0.0.13 Dropbox Shell Extension
dbghelp.dll 71bb0000 962560 C:\Windows\system32\dbghelp.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Image Helper
MSVCP71.dll 7c3a0000 503808 C:\Users\Amelia\AppData\Roaming\Dropbox\bin\MSVCP71.dll 7.10.3077.0 Microsoft® C++ Runtime Library
MSVCR71.dll 7c340000 352256 C:\Users\Amelia\AppData\Roaming\Dropbox\bin\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
EhStorShell.dll 711b0000 200704 C:\Windows\system32\EhStorShell.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Enhanced Storage Shell Extension DLL
ntshrui.dll 71140000 454656 C:\Windows\system32\ntshrui.dll 6.1.7600.16385 (win7_rtm.090713-1255) Shell extensions for sharing
srvcli.dll 757b0000 102400 C:\Windows\system32\srvcli.dll 6.1.7600.16385 (win7_rtm.090713-1255) Server Service Client DLL
cscapi.dll 71d10000 45056 C:\Windows\system32\cscapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Offline Files Win32 API
IconCodecService.dll 71130000 24576 C:\Windows\system32\IconCodecService.dll 6.1.7600.16385 (win7_rtm.090713-1255) Converts a PNG part of the icon to a legacy bmp icon
CRYPTSP.dll 75510000 90112 C:\Windows\system32\CRYPTSP.dll 6.1.7600.16385 (win7_rtm.090713-1255) Cryptographic Service Provider API
rsaenh.dll 752b0000 241664 C:\Windows\system32\rsaenh.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Enhanced Cryptographic Provider
RpcRtRemote.dll 75a80000 57344 C:\Windows\system32\RpcRtRemote.dll 6.1.7600.16385 (win7_rtm.090713-1255) Remote RPC Extension
SndVolSSO.DLL 744c0000 229376 C:\Windows\system32\SndVolSSO.DLL 6.1.7600.16385 (win7_rtm.090713-1255) SCA Volume
HID.DLL 744b0000 36864 C:\Windows\system32\HID.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Hid User Library
MMDevApi.dll 748d0000 233472 C:\Windows\System32\MMDevApi.dll 6.1.7600.16385 (win7_rtm.090713-1255) MMDevice API
timedate.cpl 710b0000 491520 C:\Windows\system32\timedate.cpl 6.1.7600.16385 (win7_rtm.090713-1255) Time Date Control Panel Applet
ATL.DLL 73a00000 81920 C:\Windows\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
actxprxy.dll 71060000 319488 C:\Windows\system32\actxprxy.dll 6.1.7600.16385 (win7_rtm.090713-1255) ActiveX Interface Marshaling Library
ntmarta.dll 73b00000 135168 C:\Windows\system32\ntmarta.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows NT MARTA provider
WLDAP32.dll 771a0000 282624 C:\Windows\system32\WLDAP32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Win32 LDAP API DLL
shdocvw.dll 71030000 188416 C:\Windows\System32\shdocvw.dll 6.1.7600.16385 (win7_rtm.090713-1255) Shell Doc Object and Control Library
LINKINFO.dll 71020000 36864 C:\Windows\system32\LINKINFO.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Volume Tracking
msutb.dll 70ff0000 180224 C:\Windows\system32\msutb.dll 6.1.7600.16385 (win7_rtm.090713-1255) MSUTB Server DLL
USERENV.dll 750f0000 94208 C:\Windows\system32\USERENV.dll 6.1.7600.16385 (win7_rtm.090713-1255) Userenv
SAMLIB.dll 74910000 73728 C:\Windows\system32\SAMLIB.dll 6.1.7600.16385 (win7_rtm.090713-1255) SAM Library DLL
samcli.dll 74150000 61440 C:\Windows\system32\samcli.dll 6.1.7600.16385 (win7_rtm.090713-1255) Security Accounts Manager Client DLL
netutils.dll 74170000 36864 C:\Windows\system32\netutils.dll 6.1.7600.16385 (win7_rtm.090713-1255) Net Win32 API Helpers DLL
msls31.dll 70f20000 172032 C:\Windows\system32\msls31.dll 3.10.349.0 Microsoft Line Services library file
tiptsf.dll 70ec0000 360448 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 6.1.7600.16385 (win7_rtm.090713-1255) Tablet PC Input Panel Text Services Framework
authui.dll 74bf0000 1798144 C:\Windows\system32\authui.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Authentication UI
CRYPTUI.dll 74af0000 1015808 C:\Windows\system32\CRYPTUI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Trust UI Provider
CRYPT32.dll 75bd0000 1163264 C:\Windows\system32\CRYPT32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Crypto API32
MSASN1.dll 75b00000 49152 C:\Windows\system32\MSASN1.dll 6.1.7600.16415 (win7_gdr.090828-1615) ASN.1 Runtime APIs
urlmon.dll 75d90000 1265664 C:\Windows\system32\urlmon.dll 8.00.7600.16385 (win7_rtm.090713-1255) OLE32 Extensions for Win32
iertutil.dll 773f0000 2068480 C:\Windows\system32\iertutil.dll 8.00.7600.16671 (win7_gdr.100907-1501) Run time utility for Internet Explorer
gameux.dll 70c40000 2588672 C:\Windows\System32\gameux.dll 6.1.7600.16385 (win7_rtm.090713-1255) Games Explorer
XmlLite.dll 74460000 192512 C:\Windows\System32\XmlLite.dll 1.3.1000.0 Microsoft XmlLite Library
wer.dll 70be0000 393216 C:\Windows\System32\wer.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Error Reporting DLL
stobject.dll 6fb20000 233472 C:\Windows\system32\stobject.dll 6.1.7600.16385 (win7_rtm.090713-1255) Systray shell service object
BatMeter.dll 6fa60000 749568 C:\Windows\system32\BatMeter.dll 6.1.7600.16385 (win7_rtm.090713-1255) Battery Meter Helper DLL
WINSTA.dll 75a50000 167936 C:\Windows\system32\WINSTA.dll 6.1.7600.16385 (win7_rtm.090713-1255) Winstation Library
WTSAPI32.dll 74290000 53248 C:\Windows\system32\WTSAPI32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Remote Desktop Session Host Server SDK APIs
WINTRUST.dll 75b10000 184320 C:\Windows\system32\WINTRUST.dll 6.1.7600.16493 (win7_gdr.091228-1501) Microsoft Trust Verification APIs
es.dll 73990000 290816 C:\Windows\system32\es.dll 2001.12.8530.16385 (win7_rtm.090713-1255) COM+
prnfldr.dll 6e270000 409600 C:\Windows\system32\prnfldr.dll 6.1.7600.16385 (win7_rtm.090713-1255) prnfldr dll
WINSPOOL.DRV 70ae0000 331776 C:\Windows\system32\WINSPOOL.DRV 6.1.7600.16385 (win7_rtm.090713-1255) Windows Spooler Driver
dxp.dll 6e200000 409600 C:\Windows\system32\dxp.dll 6.1.7600.16385 (win7_rtm.090713-1255) Device Stage Shell Extension
Syncreg.dll 6d490000 65536 C:\Windows\system32\Syncreg.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Synchronization Framework Registration
ehSSO.dll 6d480000 32768 C:\Windows\ehome\ehSSO.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Media Center Shell Service Object
netshell.dll 6d210000 2510848 C:\Windows\System32\netshell.dll 6.1.7600.16385 (win7_rtm.090713-1255) Network Connections Shell
IPHLPAPI.DLL 738e0000 114688 C:\Windows\System32\IPHLPAPI.DLL 6.1.7600.16385 (win7_rtm.090713-1255) IP Helper API
NSI.dll 76110000 24576 C:\Windows\system32\NSI.dll 6.1.7600.16385 (win7_rtm.090713-1255) NSI User-mode interface DLL
WINNSI.DLL 738d0000 28672 C:\Windows\System32\WINNSI.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Network Store Information RPC interface
nlaapi.dll 74450000 65536 C:\Windows\System32\nlaapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Network Location Awareness 2
wpdshserviceobj.dll 6d1f0000 118784 C:\Windows\system32\wpdshserviceobj.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Portable Device Shell Service Object
PortableDeviceTypes.dll 6d1c0000 176128 C:\Windows\system32\PortableDeviceTypes.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 6d130000 561152 C:\Windows\system32\PortableDeviceApi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Portable Device API Components
srchadmin.dll 6d050000 315392 C:\Windows\System32\srchadmin.dll 7.00.7600.16385 (win7_rtm.090713-1255) Indexing Options
Actioncenter.dll 6cf80000 761856 C:\Windows\System32\Actioncenter.dll 6.1.7600.16385 (win7_rtm.090713-1255) Action Center
wevtapi.dll 756b0000 270336 C:\Windows\System32\wevtapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Eventing Consumption and Configuration API
AUDIOSES.DLL 73e50000 221184 C:\Windows\system32\AUDIOSES.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Audio Session
AltTab.dll 6cf70000 57344 C:\Windows\System32\AltTab.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Shell Alt Tab
pnidui.dll 6cdc0000 1761280 C:\Windows\System32\pnidui.dll 6.1.7600.16385 (win7_rtm.090713-1255) Network System Icon
QUtil.dll 6cda0000 94208 C:\Windows\System32\QUtil.dll 6.1.7600.16385 (win7_rtm.090713-1255) Quarantine Utilities
bthprops.cpl 6ccf0000 720896 C:\Windows\System32\bthprops.cpl 6.1.7600.16385 (win7_rtm.090713-1255) Bluetooth Control Panel Applet
ieframe.dll 6e9e0000 11005952 C:\Windows\System32\ieframe.dll 8.00.7600.16385 (win7_rtm.090713-1255) Internet Browser
PSAPI.DLL 771f0000 20480 C:\Windows\system32\PSAPI.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Process Status Helper
OLEACC.dll 73f20000 245760 C:\Windows\System32\OLEACC.dll 7.0.0.0 (win7_rtm.090713-1255) Active Accessibility Core Component
dhcpcsvc6.DLL 73720000 53248 C:\Windows\system32\dhcpcsvc6.DLL 6.1.7600.16385 (win7_rtm.090713-1255) DHCPv6 Client
WS2_32.dll 761f0000 217088 C:\Windows\system32\WS2_32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Socket 2.0 32-Bit DLL
dhcpcsvc.DLL 734f0000 73728 C:\Windows\system32\dhcpcsvc.DLL 6.1.7600.16385 (win7_rtm.090713-1255) DHCP Client Service
fxsst.dll 6cc10000 860160 C:\Windows\system32\fxsst.dll 6.1.7600.16385 (win7_rtm.090713-1255) Fax Service
FXSAPI.dll 6cbd0000 237568 C:\Windows\system32\FXSAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Fax API Support DLL
FXSRESM.DLL 6cac0000 929792 C:\Windows\system32\FXSRESM.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Fax Resource DLL
VERSION.dll 74f90000 36864 C:\Windows\system32\VERSION.dll 6.1.7600.16385 (win7_rtm.090713-1255) Version Checking and File Installation Libraries
msiltcfg.dll 6ad60000 28672 C:\Windows\system32\msiltcfg.dll 5.0.7600.16385 (win7_rtm.090713-1255) Windows Installer Configuration API Stub
msi.dll 70620000 2359296 C:\Windows\system32\msi.dll 5.0.7600.16385 Windows Installer
SyncCenter.dll 6a2d0000 2154496 C:\Windows\System32\SyncCenter.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Sync Center
WINMM.dll 73fe0000 204800 C:\Windows\system32\WINMM.dll 6.1.7600.16385 (win7_rtm.090713-1255) MCI API DLL
wdmaud.drv 720d0000 196608 C:\Windows\system32\wdmaud.drv 6.1.7600.16385 (win7_rtm.090713-1255) Winmm audio system driver
ksuser.dll 720c0000 16384 C:\Windows\system32\ksuser.dll 6.1.7600.16385 (win7_rtm.090713-1255) User CSA Library
AVRT.dll 747c0000 28672 C:\Windows\system32\AVRT.dll 6.1.7600.16385 (win7_rtm.090713-1255) Multimedia Realtime Runtime
msacm32.drv 720a0000 32768 C:\Windows\system32\msacm32.drv 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Sound Mapper
MSACM32.dll 69d00000 81920 C:\Windows\system32\MSACM32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft ACM Audio Filter
midimap.dll 72090000 28672 C:\Windows\system32\midimap.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft MIDI Mapper
msohevi.dll 670a0000 65536 C:\Program Files\Microsoft Office\Office12\msohevi.dll 12.0.6413.1000 2007 Microsoft Office component
MSVCR80.dll 6f890000 634880 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll 8.00.50727.4927 Microsoft® C Runtime Library
npmproxy.dll 67060000 32768 C:\Windows\System32\npmproxy.dll 6.1.7600.16385 (win7_rtm.090713-1255) Network List Manager Proxy
mssprxy.dll 64e50000 49152 C:\Windows\system32\mssprxy.dll 7.00.7600.16385 (win7_rtm.090713-1255) Microsoft Search Proxy
MsftEdit.dll 6ab50000 606208 C:\Windows\system32\MsftEdit.dll 5.41.21.2509 Rich Text Edit Control, v4.1
UIAnimation.dll 70fc0000 110592 C:\Windows\System32\UIAnimation.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Animation Manager
Wlanapi.dll 66080000 90112 C:\Windows\system32\Wlanapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows WLAN AutoConfig Client Side API DLL
wlanutil.dll 73470000 24576 C:\Windows\system32\wlanutil.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Wireless LAN 802.11 Utility DLL
wwanapi.dll 70f70000 294912 C:\Windows\system32\wwanapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Mbnapi
wwapi.dll 70f60000 40960 C:\Windows\system32\wwapi.dll 08.01.02.00 (win7_rtm.090713-1255) WWAN API
QAgent.dll 70ab0000 188416 C:\Windows\System32\QAgent.dll 6.1.7600.16385 (win7_rtm.090713-1255) Quarantine Agent Proxy
imapi2.dll 6aae0000 409600 C:\Windows\system32\imapi2.dll 6.1.7600.16385 (win7_rtm.090713-1255) Image Mastering API v2
hgcpl.dll 70a50000 323584 C:\Windows\System32\hgcpl.dll 6.1.7600.16385 (win7_rtm.090713-1255) HomeGroup Control Panel
provsvc.dll 6aab0000 176128 C:\Windows\System32\provsvc.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows HomeGroup
SXS.DLL 759f0000 389120 C:\Windows\system32\SXS.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Fusion 2.5
wkscli.dll 74160000 61440 C:\Windows\system32\wkscli.dll 6.1.7600.16385 (win7_rtm.090713-1255) Workstation Service Client DLL
wscinterop.dll 6a920000 106496 C:\Windows\System32\wscinterop.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Health Center WSC Interop
WSCAPI.dll 719f0000 61440 C:\Windows\System32\WSCAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Security Center API
wscui.cpl 65d00000 1155072 C:\Windows\System32\wscui.cpl 6.1.7600.16385 (win7_rtm.090713-1255) Action Center
werconcpl.dll 64c40000 1073152 C:\Windows\System32\werconcpl.dll 6.1.7600.16385 (win7_rtm.090713-1255) PRS CPL
framedynos.dll 66300000 217088 C:\Windows\System32\framedynos.dll 6.1.7600.16385 (win7_rtm.090713-1255) WMI SDK Provider Framework
wercplsupport.dll 65cc0000 73728 C:\Windows\System32\wercplsupport.dll 6.1.7600.16385 (win7_rtm.090713-1255) Problem Reports and Solutions
msxml6.dll 732e0000 1404928 C:\Windows\System32\msxml6.dll 6.30.7600.16385 MSXML 6.0 SP3
WININET.dll 77200000 999424 C:\Windows\system32\WININET.dll 8.00.7600.16385 (win7_rtm.090713-1255) Internet Extensions for Win32
Normaliz.dll 77a90000 12288 C:\Windows\system32\Normaliz.dll 6.1.7600.16385 (win7_rtm.090713-1255) Unicode Normalization DLL
dnsapi.DLL 75390000 278528 C:\Windows\system32\dnsapi.DLL 6.1.7600.16385 (win7_rtm.090713-1255) DNS Client API DLL
hcproviders.dll 65c80000 36864 C:\Windows\System32\hcproviders.dll 6.1.7600.16385 (win7_rtm.090713-1255) Action Center Providers
ieproxy.dll 65c50000 176128 C:\Program Files\Internet Explorer\ieproxy.dll 8.00.7600.16671 (win7_gdr.100907-1501) IE ActiveX Interface Marshaling Library
DEVRTL.dll 75290000 57344 C:\Windows\system32\DEVRTL.dll 6.1.7600.16385 (win7_rtm.090713-1255) Device Management Run Time Library
MPR.dll 718b0000 73728 C:\Windows\system32\MPR.dll 6.1.7600.16385 (win7_rtm.090713-1255) Multiple Provider Router DLL
drprov.dll 74db0000 32768 C:\Windows\System32\drprov.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Remote Desktop Session Host Server Network Provider
ntlanman.dll 6c9e0000 81920 C:\Windows\System32\ntlanman.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft® Lan Manager
davclnt.dll 6aa90000 90112 C:\Windows\System32\davclnt.dll 6.1.7600.16385 (win7_rtm.090713-1255) Web DAV Client DLL
DAVHLPR.dll 70aa0000 32768 C:\Windows\System32\DAVHLPR.dll 6.1.7600.16385 (win7_rtm.090713-1255) DAV Helper DLL
MLANG.dll 66450000 188416 C:\Windows\system32\MLANG.dll 6.1.7600.16385 (win7_rtm.090713-1255) Multi Language Support DLL
NetworkExplorer.dll 64aa0000 1671168 C:\Windows\system32\NetworkExplorer.dll 6.1.7600.16385 (win7_rtm.090713-1255) Network Explorer
StructuredQuery.dll 72030000 376832 C:\Windows\System32\StructuredQuery.dll 7.00.7600.16587 (win7_gdr.100504-1502) Structured Query
SearchFolder.dll 64f70000 651264 C:\Windows\system32\SearchFolder.dll 6.1.7600.16385 (win7_rtm.090713-1255) SearchFolder
van.dll 73110000 651264 C:\Windows\system32\van.dll 6.1.7600.16385 (win7_rtm.090713-1255) View Available Networks
RasMM.dll 6a5f0000 864256 C:\Windows\system32\RasMM.dll 6.1.7600.16385 (win7_rtm.090713-1255) RAS Media Manager
RASAPI32.dll 74050000 335872 C:\Windows\system32\RASAPI32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Remote Access API
rasman.dll 74030000 86016 C:\Windows\system32\rasman.dll 6.1.7600.16385 (win7_rtm.090713-1255) Remote Access Connection Manager
WWanMM.dll 69d50000 684032 C:\Windows\system32\WWanMM.dll 08.01.02.00 (win7_rtm.090713-1255) WWan Media Manager
WlanMM.dll 68ad0000 757760 C:\Windows\system32\WlanMM.dll 6.1.7600.16385 (win7_rtm.090713-1255) Dot11 Media and AdHoc Managers
wlanhlp.dll 73f00000 94208 C:\Windows\system32\wlanhlp.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Wireless LAN 802.11 Client Side Helper API
OneX.DLL 73530000 212992 C:\Windows\system32\OneX.DLL 6.1.7600.16385 (win7_rtm.090713-1255) IEEE 802.1X supplicant library
eappprxy.dll 73510000 69632 C:\Windows\system32\eappprxy.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft EAPHost Peer Client DLL
eappcfg.dll 734c0000 192512 C:\Windows\system32\eappcfg.dll 6.1.7600.16385 (win7_rtm.090713-1255) Eap Peer Config
bcrypt.dll 75620000 94208 C:\Windows\system32\bcrypt.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Cryptographic Primitives Library
bcryptprimitives.dll 751f0000 249856 C:\Windows\system32\bcryptprimitives.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Cryptographic Primitives Library
zipfldr.dll 72f30000 335872 C:\Windows\system32\zipfldr.dll 6.1.7600.16385 (win7_rtm.090713-1255) Compressed (zipped) Folders
thumbcache.dll 730f0000 90112 C:\Windows\system32\thumbcache.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Thumbnail Cache
wpdshext.dll 6f460000 2326528 C:\Windows\system32\wpdshext.dll 6.1.7600.16385 (win7_rtm.090713-1255) Portable Devices Shell Extension
audiodev.dll 71ff0000 258048 C:\Windows\system32\audiodev.dll 6.1.7600.16385 (win7_rtm.090713-1255) Portable Media Devices Shell Extension
WMVCore.DLL 62430000 2519040 C:\Windows\system32\WMVCore.DLL 12.0.7600.16385 (win7_rtm.090713-1255) Windows Media Playback/Authoring DLL
WMASF.DLL 6ac10000 249856 C:\Windows\system32\WMASF.DLL 12.0.7600.16385 (win7_rtm.090713-1255) Windows Media ASF DLL
EhStorAPI.dll 72f90000 139264 C:\Windows\system32\EhStorAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Enhanced Storage API




******************************************
EOF

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
Excellent.

Have you attempted to run Windows in Safe Mode and have gotten this error?

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
hi

i didn't get this error when i ran windows in safe mode..

descriptionRunDLL error after removing thinkpoint EmptyRe: RunDLL error after removing thinkpoint

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum