Programs won't start :(

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Programs won't start :(21st November 2012, 2:37 am

OTL logfile created on: 11/20/2012 8:53:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 774.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 105.97 Gb Total Space | 8.34 Gb Free Space | 7.87% Space Free | Partition Type: NTFS
Drive E: | 7.47 Gb Total Space | 3.26 Gb Free Space | 43.55% Space Free | Partition Type: FAT32

Computer Name: ANTONIO-LAPTOP | User Name: Antonio | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/19 16:08:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
PRC - [2010/02/19 16:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\explorer.exe

========== Modules (SafeList) ==========

MOD - [2012/11/07 18:37:34 | 000,301,264 | ---- | M] (COMODO) -- C:\WINDOWS2\system32\guard32.dll
MOD - [2011/04/19 16:08:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/11/15 09:21:16 | 001,868,432 | ---- | M] () [Auto | Stopped] -- C:\Program Files\COMODO\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/11/07 18:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/10/13 13:00:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/07 13:20:05 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Stopped] -- C:\Program Files\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2012/10/07 13:16:48 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Stopped] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2012/01/19 00:07:12 | 000,313,216 | ---- | M] (SonicWALL Inc.) [Auto | Stopped] -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -- (SONICWALL_NetExtender)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/02/19 16:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)

========== Driver Services (SafeList) ==========

DRV - [2012/11/07 18:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Stopped] -- C:\WINDOWS2\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/11/07 18:38:13 | 000,018,096 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2012/10/07 13:23:23 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Stopped] -- C:\WINDOWS2\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012/10/07 13:18:35 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Stopped] -- C:\WINDOWS2\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012/10/07 13:17:27 | 000,044,992 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS2\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012/10/07 13:16:50 | 000,208,320 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS2\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2012/04/18 21:52:10 | 000,044,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\SysProt\SysProt\SysProtDrv.sys -- (SysProtDrv.sys)
DRV - [2011/07/28 05:26:56 | 000,021,888 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\NxDrv.sys -- (NxDrv)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/10/11 00:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/07/16 21:26:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/07/16 21:26:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/16 21:26:46 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/07/10 15:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 15:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 15:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/06/08 00:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/05 17:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/21 03:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/18 14:17:40 | 000,033,592 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS2\system32\drivers\DLADHK_M.SYS -- (DLADHK_M)
DRV - [2006/08/11 11:35:20 | 000,013,688 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\DLADiagM.SYS -- (DLADiagM)
DRV - [2006/08/11 11:35:18 | 000,030,744 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\DLAPMonM.SYS -- (DLAPMonM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS2\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2001/07/13 12:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS2\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[2011/04/18 23:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/04/14 14:34:49 | 000,000,027 | ---- | M]) - C:\WINDOWS2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS2\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS2\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS2\System32\nwiz.exe ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS2\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS2\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS2\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [X-Lite] C:\Program Files\CounterPath\X-Lite\X-Lite.exe (CounterPath)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1333902171578 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} https://fw.rpgny.com:4433/SWTSC.cab (SWTSC Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found
O20 - AppInit_DLLs: (C:\WINDOWS2\system32\guard32.dll) - C:\WINDOWS2\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS2\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/03 17:56:48 | 000,588,800 | R--- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ]
O32 - AutoRun File - [2004/08/03 17:56:48 | 000,188,711 | R--- | M] () - C:\AUTOCONV.EX_ -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 07:00:00 | 000,029,413 | R--- | M] () - C:\AUTODISC.DL_ -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | R--- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 07:00:00 | 000,000,860 | R--- | M] () - C:\AUTOEXEC.NT_ -- [ NTFS ]
O32 - AutoRun File - [2004/08/03 17:56:48 | 000,580,608 | R--- | M] (Microsoft Corporation) - C:\AUTOFMT.EXE -- [ NTFS ]
O32 - AutoRun File - [2004/08/03 17:56:48 | 000,005,630 | R--- | M] () - C:\AUTOLFN.EX_ -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: CLPSLS - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Reg Error: Value error.
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Reg Error: Value error.
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS2\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS2\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS2\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS2\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS2\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS2\system32\rundll32.exe" "C:\WINDOWS2\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.divxa32 - C:\WINDOWS2\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS2\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS2\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS2\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS2\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS2\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS2\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS2\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - ff_vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS2\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS2\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS2\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS2\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS2\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS2\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS2\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS2\System32\xvidvfw.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2012/11/20 20:03:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
[2012/10/30 09:00:38 | 000,000,000 | ---D | C] -- C:\2008.Fallout_3-_The_Unofficial_Soundtrack
[2012/10/30 08:57:06 | 000,000,000 | ---D | C] -- C:\XX, The
[2012/10/30 08:56:12 | 000,000,000 | ---D | C] -- C:\Muse - Black Holes And Revelations [2006][CD+Vid+Cov]
[2012/10/30 08:35:21 | 000,059,520 | ---- | C] (Tracker Software Products (Canada) Ltd.) -- C:\WINDOWS2\System32\pxc50pm.dll
[2012/10/30 08:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012/10/30 08:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2012/10/30 08:33:57 | 000,943,016 | ---- | C] (M-Files Corporation) -- C:\WINDOWS2\MFRes33D469B7-CFB7-41fc-A94A-A83BEBE59D46.dll
[2012/10/29 16:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\CounterPath Corporation
[2012/10/29 16:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\CounterPath
[2012/10/29 16:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\CounterPath X-Lite
[2012/10/29 16:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Outlook Security Manager
[2012/10/29 16:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\CounterPath
[2012/10/29 10:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/10/29 09:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\SonicWALL SSL-VPN NetExtender
[2012/10/29 09:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\SonicWALL
[1 C:\WINDOWS2\*.tmp files -> C:\WINDOWS2\*.tmp -> ]
[1 C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\*.tmp files -> C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/20 19:53:41 | 000,002,048 | ---- | M] () -- C:\WINDOWS2\bootstat.dat
[2012/11/20 19:45:03 | 001,474,832 | ---- | M] () -- C:\WINDOWS2\System32\drivers\sfi.dat
[2012/11/20 19:43:27 | 000,028,029 | ---- | M] () -- C:\WINDOWS2\System32\nvModes.001
[2012/11/20 19:43:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/20 19:43:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS2\tasks\WGASetup.job
[2012/11/20 19:42:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
[2012/11/18 21:56:02 | 000,000,888 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/18 09:44:40 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\Microsoft Office Word 2003 (2).lnk
[2012/11/18 09:35:25 | 000,169,472 | ---- | M] () -- C:\WINDOWS2\System32\nvapps.xml
[2012/11/17 15:14:04 | 000,001,016 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1417001333-1644491937-1003UA.job
[2012/11/17 09:10:10 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/17 09:01:00 | 000,000,832 | ---- | M] () -- C:\WINDOWS2\tasks\Adobe Flash Player Updater.job
[2012/11/17 00:14:29 | 000,000,964 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1417001333-1644491937-1003Core.job
[2012/11/16 19:46:10 | 000,269,392 | ---- | M] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2012/11/16 01:01:18 | 000,471,416 | ---- | M] () -- C:\WINDOWS2\System32\perfh009.dat
[2012/11/16 01:01:18 | 000,075,876 | ---- | M] () -- C:\WINDOWS2\System32\perfc009.dat
[2012/11/16 00:48:58 | 000,001,393 | ---- | M] () -- C:\WINDOWS2\imsins.BAK
[2012/11/14 22:18:52 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\Google Chrome.lnk
[2012/11/14 22:18:52 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/07 18:38:17 | 000,099,080 | ---- | M] (COMODO) -- C:\WINDOWS2\System32\drivers\inspect.sys
[2012/11/07 18:38:16 | 000,032,640 | ---- | M] (COMODO) -- C:\WINDOWS2\System32\drivers\cmdhlp.sys
[2012/11/07 18:38:14 | 000,497,952 | ---- | M] (COMODO) -- C:\WINDOWS2\System32\drivers\cmdGuard.sys
[2012/11/07 18:38:13 | 000,018,096 | ---- | M] (COMODO) -- C:\WINDOWS2\System32\drivers\cmderd.sys
[2012/11/07 18:37:35 | 000,034,024 | ---- | M] (COMODO) -- C:\WINDOWS2\System32\cmdcsr.dll

Re: Programs won't start :(21st November 2012, 2:39 am

[2012/11/07 18:37:34 | 000,301,264 | ---- | M] (COMODO) -- C:\WINDOWS2\System32\guard32.dll
[2012/10/31 15:20:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS2\tasks\AppleSoftwareUpdate.job
[2012/10/31 09:03:18 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\Work PC.RDP
[2012/10/29 16:13:01 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\X-Lite.lnk
[2012/10/29 10:42:10 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\My Documents\Default.rdp
[2012/10/29 09:23:42 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\SonicWALL SSL-VPN NetExtender.lnk
[2012/10/22 03:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\System32\win32k.sys
[2012/10/22 03:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\win32k.sys
[1 C:\WINDOWS2\*.tmp files -> C:\WINDOWS2\*.tmp -> ]
[1 C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\*.tmp files -> C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/29 16:13:00 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\X-Lite.lnk
[2012/10/29 10:42:42 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\Work PC.RDP
[2012/10/29 10:42:10 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\My Documents\Default.rdp
[2012/10/29 09:23:42 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\SonicWALL SSL-VPN NetExtender.lnk
[2012/04/22 22:03:26 | 000,044,992 | ---- | C] () -- C:\WINDOWS2\System32\drivers\oahlp32.sys
[2012/04/22 22:03:25 | 000,208,320 | ---- | C] () -- C:\WINDOWS2\System32\drivers\OADriver.sys
[2012/04/21 11:27:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS2\System32\iacenc.dll
[2012/04/08 20:34:16 | 001,474,832 | ---- | C] () -- C:\WINDOWS2\System32\drivers\sfi.dat
[2012/03/29 00:16:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2011/09/11 22:00:43 | 000,056,640 | ---- | C] () -- C:\WINDOWS2\System32\mlfcache.dat
[2011/08/03 19:30:33 | 000,645,632 | ---- | C] () -- C:\WINDOWS2\System32\xvidcore.dll
[2011/08/03 19:30:33 | 000,240,640 | ---- | C] () -- C:\WINDOWS2\System32\xvidvfw.dll
[2010/10/17 00:05:33 | 000,014,976 | ---- | C] () -- C:\WINDOWS2\System32\drivers\SBKUPNT.SYS
[2010/10/17 00:05:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS2\System32\DEVLOAD.EXE
[2010/10/17 00:05:31 | 000,000,543 | ---- | C] () -- C:\WINDOWS2\SWISV3.INI
[2010/10/17 00:05:20 | 000,000,288 | ---- | C] () -- C:\WINDOWS2\SKNIFE.INI
[2010/10/17 00:04:45 | 000,002,799 | ---- | C] () -- C:\WINDOWS2\SKLANG.INI
[2010/10/02 23:07:04 | 000,000,139 | ---- | C] () -- C:\WINDOWS2\wininit.ini
[2010/10/02 22:57:23 | 000,198,144 | ---- | C] () -- C:\WINDOWS2\System32\_psisdecd.dll
[2010/10/02 13:47:05 | 000,000,076 | ---- | C] () -- C:\WINDOWS2\CT4CET.bin
[2010/09/28 18:58:52 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\LUInstall.LiveUpdate
[2010/09/26 18:28:10 | 000,000,379 | ---- | C] () -- C:\WINDOWS2\ODBC.INI
[2010/09/26 09:43:09 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/26 09:11:30 | 000,028,029 | ---- | C] () -- C:\WINDOWS2\System32\nvModes.dat
[2010/09/26 08:51:40 | 001,626,112 | ---- | C] () -- C:\WINDOWS2\System32\nwiz.exe
[2010/09/26 08:51:39 | 001,703,936 | ---- | C] () -- C:\WINDOWS2\System32\nvwdmcpl.dll
[2010/09/26 08:51:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS2\System32\nvwimg.dll
[2010/09/26 08:51:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS2\System32\nvshell.dll
[2010/09/26 08:51:35 | 001,482,752 | ---- | C] () -- C:\WINDOWS2\System32\nview.dll
[2010/09/26 08:51:34 | 001,339,392 | ---- | C] () -- C:\WINDOWS2\System32\nvdspsch.exe
[2010/09/26 08:51:28 | 000,442,368 | ---- | C] () -- C:\WINDOWS2\System32\nvappbar.exe
[2010/09/26 08:51:26 | 000,425,984 | ---- | C] () -- C:\WINDOWS2\System32\keystone.exe
[2010/09/19 21:47:22 | 000,002,048 | ---- | C] () -- C:\WINDOWS2\bootstat.dat
[2010/09/19 21:20:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS2\System32\emptyregdb.dat
[2010/09/19 15:30:26 | 000,004,205 | ---- | C] () -- C:\WINDOWS2\ODBCINST.INI
[2010/09/19 15:26:57 | 000,269,392 | ---- | C] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2010/05/24 14:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS2\System32\ff_samplerate.dll
[2010/05/24 14:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS2\System32\ffmpegmt.dll
[2010/05/24 14:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS2\System32\ff_libfaad2.dll
[2010/05/24 14:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS2\System32\TomsMoComp_ff.dll
[2010/05/24 14:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS2\System32\ff_kernelDeint.dll
[2010/05/24 14:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS2\System32\ff_libdts.dll
[2010/05/24 14:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS2\System32\ff_libmad.dll
[2010/05/24 14:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS2\System32\libmpeg2_ff.dll
[2010/05/24 14:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS2\System32\ff_liba52.dll
[2010/05/24 14:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS2\System32\ff_tremor.dll
[2010/05/24 14:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS2\System32\ff_unrar.dll
[2010/05/19 15:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS2\System32\mkx.dll
[2010/05/19 15:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS2\System32\avi.dll
[2010/05/19 15:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS2\System32\mp4.dll
[2010/05/19 15:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS2\System32\ogm.dll
[2010/05/19 15:58:24 | 000,113,152 | ---- | C] () -- C:\WINDOWS2\System32\dsmux.exe
[2010/05/19 15:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS2\System32\ts.dll
[2010/05/19 15:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS2\System32\dxr.dll
[2010/05/19 15:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS2\System32\avs.dll
[2010/05/19 15:57:38 | 000,137,728 | ---- | C] () -- C:\WINDOWS2\System32\mkv2vfr.exe
[2010/05/19 15:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS2\System32\avss.dll
[2010/05/19 15:57:20 | 000,358,400 | ---- | C] () -- C:\WINDOWS2\System32\gdsmux.exe
[2010/05/19 15:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS2\System32\mkzlib.dll
[2010/05/19 15:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS2\System32\mkunicode.dll
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS2\System32\ac3config.exe
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS2\System32\mmfinfo.dll
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS2\System32\qt-dx331.dll
[2007/12/20 02:16:30 | 000,016,480 | ---- | C] () -- C:\WINDOWS2\System32\rixdicon.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS2\System32\Registration.ini
[2006/11/02 11:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS2\System32\sherlock2.exe
[2004/08/03 18:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS2\System32\dcache.bin
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS2\System32\secupd.dat
[2004/07/17 04:48:44 | 000,249,270 | ---- | C] () -- C:\WINDOWS2\System32\_004814_.tmp.dll
[2004/07/17 04:48:44 | 000,022,040 | ---- | C] () -- C:\WINDOWS2\System32\_004782_.tmp.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS2\System32\OUTLPERF.INI
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS2\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS2\System32\mlang.dat
[2001/08/23 07:00:00 | 000,471,416 | ---- | C] () -- C:\WINDOWS2\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS2\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS2\System32\dssec.dat
[2001/08/23 07:00:00 | 000,075,876 | ---- | C] () -- C:\WINDOWS2\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS2\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS2\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS2\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS2\System32\noise.dat

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\InstallInfo\\ReinstallCommand: "C:\Program Files\Comodo\Dragon\dragon.exe" --make-default-browser [2012/11/15 09:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\InstallInfo\\HideIconsCommand: "C:\Program Files\Comodo\Dragon\dragon.exe" --hide-icons [2012/11/15 09:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\InstallInfo\\ShowIconsCommand: "C:\Program Files\Comodo\Dragon\dragon.exe" --show-icons [2012/11/15 09:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\shell\open\command\\: "C:\Program Files\Comodo\Dragon\dragon.exe" [2012/11/15 09:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -reinstall [2012/08/28 07:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -hide [2012/08/28 07:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -show [2012/08/28 07:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\InstallInfo\\ReinstallCommand: "C:\Program Files\Comodo\Dragon\dragon.exe" --make-default-browser [2012/11/15 09:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\InstallInfo\\HideIconsCommand: "C:\Program Files\Comodo\Dragon\dragon.exe" --hide-icons [2012/11/15 09:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\InstallInfo\\ShowIconsCommand: "C:\Program Files\Comodo\Dragon\dragon.exe" --show-icons [2012/11/15 09:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\shell\open\command\\: "C:\Program Files\Comodo\Dragon\dragon.exe" [2012/11/15 09:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -reinstall [2012/08/28 07:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -hide [2012/08/28 07:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -show [2012/08/28 07:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/11/07 18:38:13 | 000,018,096 | ---- | M] (COMODO) -- C:\WINDOWS2\system32\drivers\cmderd.sys
[2012/11/07 18:38:14 | 000,497,952 | ---- | M] (COMODO) -- C:\WINDOWS2\system32\drivers\cmdGuard.sys
[2012/11/07 18:38:16 | 000,032,640 | ---- | M] (COMODO) -- C:\WINDOWS2\system32\drivers\cmdhlp.sys
[2012/11/07 18:38:17 | 000,099,080 | ---- | M] (COMODO) -- C:\WINDOWS2\system32\drivers\inspect.sys
[2012/10/07 13:16:50 | 000,208,320 | ---- | M] () -- C:\WINDOWS2\system32\drivers\OADriver.sys
[2012/10/07 13:17:27 | 000,044,992 | ---- | M] () -- C:\WINDOWS2\system32\drivers\oahlp32.sys
[2012/10/07 13:18:35 | 000,027,648 | ---- | M] (Emsisoft) -- C:\WINDOWS2\system32\drivers\OAmon.sys
[2012/10/07 13:23:23 | 000,031,920 | ---- | M] (Emsisoft) -- C:\WINDOWS2\system32\drivers\OAnet.sys

< %systemroot%\System32\config\*.sav >
[2010/09/19 15:25:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS2\system32\config\default.sav
[2010/09/19 15:25:32 | 000,659,456 | ---- | M] () -- C:\WINDOWS2\system32\config\software.sav
[2010/09/19 15:25:32 | 000,913,408 | ---- | M] () -- C:\WINDOWS2\system32\config\system.sav

< %SYSTEMDRIVE%\*.exe /md5 >
[2004/08/03 17:56:48 | 000,588,800 | R--- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\AUTOCHK.EXE
[2004/08/03 17:56:48 | 000,580,608 | R--- | M] (Microsoft Corporation) MD5=DAAA427046A60901A82448F75DEC0BEB -- C:\AUTOFMT.EXE
[2001/08/23 07:00:00 | 000,015,872 | R--- | M] (Microsoft Corporation) MD5=9F06D6991CAB51B1199817A4479A799F -- C:\EXPAND.EXE
[2008/02/26 20:55:18 | 013,905,056 | R--- | M] (AOL LLC.) MD5=E928F35585686962AA7BF146FA970045 -- C:\Install_AIM.exe
[2004/08/03 18:02:46 | 000,329,728 | R--- | M] (Microsoft Corporation) MD5=9E39EDEEC9905E499886F530975A94A1 -- C:\NETSETUP.EXE

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2011/07/10 22:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/12/01 21:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2011/08/03 20:10:36 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2011/12/26 16:25:41 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/12/26 17:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/12/20 02:43:16 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2012/04/08 12:57:38 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2012/10/30 08:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/11/16 00:12:17 | 000,000,000 | ---D | M] -- C:\Program Files\COMODO
[2004/08/10 14:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/12/20 02:46:55 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/06/16 01:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\Convert AVI to MP4
[2012/10/29 16:12:48 | 000,000,000 | ---D | M] -- C:\Program Files\CounterPath
[2007/12/20 02:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2007/12/20 02:45:06 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Live! Cam
[2007/12/20 02:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/07/03 19:14:32 | 000,000,000 | ---D | M] -- C:\Program Files\dcmsvc
[2007/12/20 03:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2007/12/20 02:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2007/12/20 03:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/12/29 09:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
[2011/08/12 11:41:33 | 000,000,000 | ---D | M] -- C:\Program Files\Dev-Cpp
[2007/12/20 02:43:02 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/09/29 02:05:59 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2011/04/23 15:21:50 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/04/26 03:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\eSoftware
[2010/04/02 16:20:03 | 000,000,000 | ---D | M] -- C:\Program Files\GMATPrep
[2010/10/10 19:41:03 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/10/02 22:44:55 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2007/12/20 02:43:55 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2007/12/20 02:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\Intel, Inc
[2008/07/25 21:13:09 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2012/09/22 00:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/09/18 20:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/09/18 20:06:30 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2012/04/22 19:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/06/14 19:41:02 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
[2012/07/26 04:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/10 16:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2012/04/20 20:11:47 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/07/03 18:36:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2004/08/10 14:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2012/03/22 18:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2007/12/29 09:40:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 9
[2007/12/20 03:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2007/12/20 03:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2012/03/01 20:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/26 18:25:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/18 22:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2012/10/29 16:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/12/20 02:42:53 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2012/04/21 16:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/20 10:45:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/13 03:02:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/08/31 13:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/12/18 23:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 14:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/03/10 22:08:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2007/12/29 08:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/12/20 02:38:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007/12/20 03:02:10 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2012/04/20 20:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/12/20 02:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2010/03/31 01:42:50 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro PDF
[2012/10/30 11:17:10 | 000,000,000 | ---D | M] -- C:\Program Files\Online Armor
[2004/08/10 14:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2012/04/21 16:09:52 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/01/05 21:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\PictureMover
[2012/06/30 09:19:24 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/12/29 18:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/03/13 03:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/12/20 02:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2007/12/20 02:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2012/10/29 09:23:40 | 000,000,000 | ---D | M] -- C:\Program Files\SonicWALL
[2010/09/28 20:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2012/04/12 19:19:09 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/07/10 17:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2007/12/20 02:24:24 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2012/10/30 08:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Tracker Software
[2007/12/20 02:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/12/23 02:04:47 | 000,000,000 | ---D | M] -- C:\Program Files\TrendMicro
[2012/04/11 23:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\UltimateZip
[2010/09/28 18:55:56 | 000,000,000 | ---D | M] -- C:\Program Files\UltimateZip 2007
[2004/08/10 14:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2012/07/22 15:19:09 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2007/12/29 10:58:27 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/07/03 19:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Warner Bros. Digital Copy Manager
[2007/12/30 03:03:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2009/04/26 03:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2008/02/03 03:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2009/06/22 03:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2012/04/20 20:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2012/04/20 20:03:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/10 14:02:52 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2004/08/10 14:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/09/29 02:17:52 | 000,000,000 | ---D | M] -- C:\Program Files\XP Codec Pack
[2011/08/03 19:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2008/02/03 03:01:52 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

Re: Programs won't start :(21st November 2012, 2:40 am

< %appdata%\*.* >
[2010/09/19 15:28:48 | 000,000,062 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Application Data\desktop.ini

< MD5 for: AFD.SYS >
[2011/08/17 08:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS2\system32\dllcache\afd.sys
[2011/08/17 08:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS2\system32\drivers\afd.sys
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS2\$NtUninstallKB951748$\afd.sys
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS2\ServicePackFiles\i386\afd.sys
[2008/10/16 10:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS2\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 05:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 05:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS2\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 04:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/08/14 04:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS2\$NtServicePackUninstall$\afd.sys
[2004/08/04 06:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\i386\afd.sys
[2004/08/04 06:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2004/08/03 16:14:16 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS2\$NtUninstallKB951748_0$\afd.sys
[2008/08/14 04:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/08/14 04:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS2\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/10/16 09:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS2\$NtUninstallKB2592799$\afd.sys
[2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\system32\dllcache\afd.sys
[2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS2\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS2\$NtUninstallKB2509553$\afd.sys
[2008/06/20 05:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/06/20 05:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS2\$NtUninstallKB956803_0$\afd.sys
[2008/06/20 06:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 06:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS2\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 05:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 05:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS2\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 06:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 06:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2008/06/20 06:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS2\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 06:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS2\$NtUninstallKB956803$\afd.sys
[2011/08/17 08:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS2\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/08 23:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/08 23:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/03 18:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab:atapi.sys
[2012/04/19 22:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp3.cab:atapi.sys
[2012/04/19 22:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS2\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS2\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS2\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\cmdcons\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\ERDNT\cache\atapi.sys
[2004/08/03 15:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004/08/04 06:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\i386\cryptsvc.dll
[2004/08/04 06:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2004/08/03 17:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS2\$NtServicePackUninstall$\cryptsvc.dll
[2004/08/03 17:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS2\ERDNT\cache\cryptsvc.dll
[2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS2\ServicePackFiles\i386\cryptsvc.dll
[2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS2\system32\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
[2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\system32\dnsrslvr.dll
[2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS2\$NtUninstallKB2509553$\dnsrslvr.dll
[2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS2\ServicePackFiles\i386\dnsrslvr.dll
[2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS2\system32\dllcache\dnsrslvr.dll
[2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS2\system32\dnsrslvr.dll
[2008/02/20 13:49:36 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=6333C7E182E5B6247500188D28214DEF -- C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
[2004/08/04 06:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\i386\dnsrslvr.dll
[2004/08/04 06:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
[2004/08/03 17:56:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\WINDOWS2\$NtServicePackUninstall$\dnsrslvr.dll
[2008/02/20 00:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=AAC8FFBFD61E784FA3BAC851D4A0BD5F -- C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
[2009/04/20 12:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINDOWS2\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

< MD5 for: ES.DLL >
[2012/10/31 17:14:04 | 000,008,728 | ---- | M] () MD5=07C0EEFCED87271FD2844DA8EE8B6042 -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\Locales\es.dll
[2008/04/13 19:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
[2008/04/13 19:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\ServicePackFiles\i386\es.dll
[2008/04/13 19:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS2\$NtUninstallKB950974$\es.dll
[2008/04/13 19:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS2\ServicePackFiles\i386\es.dll
[2012/08/17 17:27:53 | 000,008,728 | ---- | M] () MD5=328868A14EB90E6A8EA9F3FC59FC49BB -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\Locales\es.dll
[2005/07/25 23:39:45 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=34BBD9ACC1538818F2C878898C64E793 -- C:\WINDOWS\$NtUninstallKB950974_0$\es.dll
[2012/10/10 05:05:14 | 000,008,728 | ---- | M] () MD5=543EC1FF66953631A17477AEC9C7A111 -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\Locales\es.dll
[2008/07/07 15:32:22 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=60D1A6342238378BFB7545C81EE3606C -- C:\WINDOWS\$NtServicePackUninstall$\es.dll
[2008/07/07 15:32:22 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=60D1A6342238378BFB7545C81EE3606C -- C:\WINDOWS2\$NtServicePackUninstall$\es.dll
[2005/07/25 23:20:28 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=95F5FEA4C6DE2C3F28784D0DCC8F0DD3 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
[2008/07/07 15:06:43 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=A4AB3DCA4A383F0DF4988ABDEB84F9A4 -- C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
[2008/07/07 15:06:43 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=A4AB3DCA4A383F0DF4988ABDEB84F9A4 -- C:\WINDOWS2\$hf_mig$\KB950974\SP2QFE\es.dll
[2004/08/04 06:00:00 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=ACD36A2DD7D1E9D8A060AA651DC07E63 -- C:\i386\es.dll
[2004/08/04 06:00:00 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=ACD36A2DD7D1E9D8A060AA651DC07E63 -- C:\WINDOWS\$NtUninstallKB902400$\es.dll
[2004/08/03 17:56:44 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=ACD36A2DD7D1E9D8A060AA651DC07E63 -- C:\WINDOWS2\$NtUninstallKB950974_0$\es.dll
[2004/08/03 17:56:44 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=ACD36A2DD7D1E9D8A060AA651DC07E63 -- C:\WINDOWS2\ERDNT\cache\es.dll
[2012/10/03 20:14:58 | 000,008,728 | ---- | M] () MD5=CA2C5AA0DAC841157AE8680A48700073 -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.92\Locales\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS2\$hf_mig$\KB950974\SP3GDR\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS2\system32\dllcache\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS2\system32\es.dll
[2012/08/29 21:57:44 | 000,008,728 | ---- | M] () MD5=F01EB2548FC7BAEC80C00941089000DE -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\Locales\es.dll
[2008/07/07 15:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
[2008/07/07 15:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS2\$hf_mig$\KB950974\SP3QFE\es.dll
[2012/09/25 04:41:57 | 000,008,728 | ---- | M] () MD5=FABB2C5368FC626FB1D2A214028DF8EF -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\Locales\es.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS2\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS2\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/03 17:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS2\$NtServicePackUninstall$\explorer.exe
[2004/08/03 17:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS2\ERDNT\cache\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2004/08/04 06:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\i386\ipnathlp.dll
[2004/08/04 06:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
[2004/08/03 17:56:44 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS2\$NtServicePackUninstall$\ipnathlp.dll
[2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
[2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll
[2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS2\ServicePackFiles\i386\ipnathlp.dll
[2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS2\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS2\ServicePackFiles\i386\ipsec.sys
[2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS2\system32\drivers\ipsec.sys
[2004/08/04 06:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\i386\ipsec.sys
[2004/08/04 06:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2004/08/03 16:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS2\$NtServicePackUninstall$\ipsec.sys
[2004/08/03 16:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS2\ERDNT\cache\ipsec.sys

< MD5 for: NETBT.SYS >
[2004/08/04 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\i386\netbt.sys
[2004/08/04 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2004/08/03 16:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS2\$NtServicePackUninstall$\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS2\ServicePackFiles\i386\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS2\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
[2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS2\ServicePackFiles\i386\netman.dll
[2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS2\system32\netman.dll
[2005/08/22 13:24:55 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=3516D8A18B36784B1005B950B84232E1 -- C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
[2005/08/22 13:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=36739B39267914BA69AD0610A0299732 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll
[2004/08/04 06:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\i386\netman.dll
[2004/08/04 06:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS\$NtUninstallKB905414$\netman.dll
[2004/08/03 17:56:46 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS2\$NtServicePackUninstall$\netman.dll
[2004/08/03 17:56:46 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS2\ERDNT\cache\netman.dll

< MD5 for: QMGR.DLL >
[2004/08/04 06:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\i386\qmgr.dll
[2004/08/04 06:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2004/08/03 17:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS2\$NtServicePackUninstall$\qmgr.dll
[2004/08/03 17:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS2\ERDNT\cache\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS2\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS2\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS2\system32\qmgr.dll

< MD5 for: RPCSS.DLL >
[2009/02/09 05:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=01095FEBF33BEEA00C2A0730B9B3EC28 -- C:\WINDOWS2\$NtServicePackUninstall$\rpcss.dll
[2009/02/09 05:01:53 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=24B5D53B9ACCC1E2EDCF0A878D6659D4 -- C:\WINDOWS2\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[2008/04/13 19:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/13 19:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2008/04/13 19:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS2\$NtUninstallKB956572$\rpcss.dll
[2008/04/13 19:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS2\ServicePackFiles\i386\rpcss.dll
[2004/08/04 06:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\i386\rpcss.dll
[2004/08/04 06:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll
[2004/08/03 17:56:46 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS2\$NtUninstallKB956572_0$\rpcss.dll
[2004/08/03 17:56:46 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS2\ERDNT\cache\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS2\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS2\system32\dllcache\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS2\system32\rpcss.dll
[2009/02/09 05:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2009/02/09 05:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS2\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2005/07/25 23:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2005/04/28 14:31:11 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=C8061F289E000703E7672916B7FE1571 -- C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[2005/07/25 23:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=CE94A2BD25E3E9F4D46A7373FF455C6D -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2005/04/28 14:35:01 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=DA383FB39A6F1C445F3AFC94B3EB1248 -- C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS2\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS2\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS2\ServicePackFiles\i386\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS2\$NtServicePackUninstall$\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS2\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS2\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS2\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS2\system32\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2004/08/03 17:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS2\$NtUninstallKB956572_0$\services.exe
[2004/08/03 17:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS2\ERDNT\cache\services.exe

< MD5 for: SR.SYS >
[2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
[2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS2\ServicePackFiles\i386\sr.sys
[2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS2\system32\drivers\sr.sys
[2004/08/04 06:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\i386\sr.sys
[2004/08/04 06:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys
[2004/08/03 16:06:26 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS2\$NtServicePackUninstall$\sr.sys

< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS2\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS2\system32\srsvc.dll
[2004/08/04 06:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\i386\srsvc.dll
[2004/08/04 06:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
[2004/08/03 17:56:46 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS2\$NtServicePackUninstall$\srsvc.dll
[2004/08/03 17:56:46 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS2\ERDNT\cache\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS2\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS2\system32\svchost.exe
[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/03 17:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS2\$NtServicePackUninstall$\svchost.exe
[2004/08/03 17:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS2\ERDNT\cache\svchost.exe

< MD5 for: TCPIP.SYS >
[2006/04/20 06:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 05:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 05:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS2\$NtServicePackUninstall$\tcpip.sys
[2007/10/30 11:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 05:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008/06/20 05:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS2\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 12:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 14:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 14:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/04/13 14:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS2\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 14:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS2\ServicePackFiles\i386\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS2\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS2\system32\dllcache\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS2\system32\drivers\tcpip.sys
[2004/08/04 06:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\i386\tcpip.sys
[2004/08/04 06:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2004/08/03 16:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS2\$NtUninstallKB951748_0$\tcpip.sys
[2004/08/03 16:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS2\ERDNT\cache\tcpip.sys
[2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS2\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS2\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 07:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/03 17:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS2\$NtServicePackUninstall$\userinit.exe
[2004/08/03 17:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS2\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS2\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS2\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS2\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS2\system32\drivers\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
[2004/08/03 16:00:18 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS2\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/03 17:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS2\$NtServicePackUninstall$\winlogon.exe
[2004/08/03 17:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS2\ERDNT\cache\winlogon.exe
[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS2\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS2\system32\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
[2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\wbem\wmisvc.dll
[2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS2\ServicePackFiles\i386\wmisvc.dll
[2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS2\system32\wbem\wmisvc.dll
[2004/08/04 06:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\i386\wmisvc.dll
[2004/08/04 06:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll
[2004/08/03 17:56:48 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\WINDOWS2\$NtServicePackUninstall$\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2004/08/04 06:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\i386\wscsvc.dll
[2004/08/04 06:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll
[2004/08/03 17:56:48 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\WINDOWS2\$NtServicePackUninstall$\wscsvc.dll
[2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
[2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll
[2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS2\ServicePackFiles\i386\wscsvc.dll
[2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS2\system32\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2004/08/04 06:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\i386\wuauserv.dll
[2004/08/04 06:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
[2004/08/03 17:56:48 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\WINDOWS2\$NtServicePackUninstall$\wuauserv.dll
[2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\wuauserv.dll
[2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS2\ServicePackFiles\i386\wuauserv.dll
[2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS2\system32\wuauserv.dll

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS2\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS2\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS2\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS2\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

< End of report >

Re: Programs won't start :(21st November 2012, 2:40 am

OTL Extras logfile created on: 11/20/2012 8:53:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 774.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 105.97 Gb Total Space | 8.34 Gb Free Space | 7.87% Space Free | Partition Type: NTFS
Drive E: | 7.47 Gb Total Space | 3.26 Gb Free Space | 43.55% Space Free | Partition Type: FAT32

Computer Name: ANTONIO-LAPTOP | User Name: Antonio | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{426E4F54-EFFE-4C5B-A02A-23CFE8C3C679}" = X-Lite
"{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1" = PDF-XChange 2012
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Any Video Converter_is1" = Any Video Converter 3.2.5
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Comodo Dragon" = Comodo Dragon
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OnlineArmor_is1" = Online Armor 5.5
"SonicWALL SSL-VPN NetExtender" = SonicWALL SSL-VPN NetExtender
"UltimateZip 6.0_is1" = UltimateZip 6.0
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"wxdevcpp" = wxDev-C++ Web-based Installer
"XP Codec Pack" = XP Codec Pack
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2012 12:18:49 PM | Computer Name = ANTONIO-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.7.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 10/31/2012 9:00:23 AM | Computer Name = ANTONIO-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.7.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 10/31/2012 11:57:08 PM | Computer Name = ANTONIO-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.7.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 11/2/2012 7:57:49 PM | Computer Name = ANTONIO-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.7.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 11/4/2012 3:02:54 PM | Computer Name = ANTONIO-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.7.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 11/5/2012 8:37:02 PM | Computer Name = ANTONIO-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.7.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 11/7/2012 9:19:05 PM | Computer Name = ANTONIO-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.7.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 11/14/2012 10:56:18 PM | Computer Name = ANTONIO-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.7.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 11/16/2012 1:11:46 AM | Computer Name = ANTONIO-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.7.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 11/16/2012 8:51:47 PM | Computer Name = ANTONIO-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.7.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

[ System Events ]
Error - 11/20/2012 8:54:58 PM | Computer Name = ANTONIO-LAPTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 11/20/2012 8:54:58 PM | Computer Name = ANTONIO-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD APPDRV cmdGuard Fips intelppm IPSec MRxSmb NetBIOS NetBT OADevice oahlpXX OAmon OAnet RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
WS2IFSL

Error - 11/20/2012 8:55:50 PM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/20/2012 9:03:18 PM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/20/2012 9:04:31 PM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/20/2012 9:05:30 PM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/20/2012 9:12:39 PM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/20/2012 9:49:16 PM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/20/2012 9:55:01 PM | Computer Name = ANTONIO-LAPTOP | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 11/20/2012 9:55:01 PM | Computer Name = ANTONIO-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

< End of report >

Re: Programs won't start :(21st November 2012, 2:42 am

# AdwCleaner v2.008 - Logfile created 11/20/2012 at 21:19:13
# Updated 17/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Antonio - ANTONIO-LAPTOP
# Boot Mode : Safe mode
# Running from : C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

*************************

AdwCleaner[S1].txt - [1228 octets] - [20/11/2012 21:19:13]

########## EOF - C:\AdwCleaner[S1].txt - [1288 octets] ##########

Re: Programs won't start :(22nd November 2012, 2:51 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
You stated that programs won't start but you managed to run OTL and adwCleaner. What sort of programs won't run?

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Programs won't start :( NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

Programs won't start :( NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Programs won't start :( RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Programs won't start :( Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Re: Programs won't start :(22nd November 2012, 6:01 am

ComboFix 12-11-21.01 - Antonio 11/22/2012 0:31.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.674 [GMT -5:00]
Running from: c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows2\MFRes33D469B7-CFB7-41fc-A94A-A83BEBE59D46.dll
c:\windows2\system32\_004771_.tmp.dll
c:\windows2\system32\_004772_.tmp.dll
c:\windows2\system32\_004773_.tmp.dll
c:\windows2\system32\_004774_.tmp.dll
c:\windows2\system32\_004781_.tmp.dll
c:\windows2\system32\_004782_.tmp.dll
c:\windows2\system32\_004783_.tmp.dll
c:\windows2\system32\_004784_.tmp.dll
c:\windows2\system32\_004786_.tmp.dll
c:\windows2\system32\_004787_.tmp.dll
c:\windows2\system32\_004790_.tmp.dll
c:\windows2\system32\_004791_.tmp.dll
c:\windows2\system32\_004793_.tmp.dll
c:\windows2\system32\_004794_.tmp.dll
c:\windows2\system32\_004795_.tmp.dll
c:\windows2\system32\_004797_.tmp.dll
c:\windows2\system32\_004800_.tmp.dll
c:\windows2\system32\_004801_.tmp.dll
c:\windows2\system32\_004805_.tmp.dll
c:\windows2\system32\_004806_.tmp.dll
c:\windows2\system32\_004808_.tmp.dll
c:\windows2\system32\_004811_.tmp.dll
c:\windows2\system32\_004813_.tmp.dll
c:\windows2\system32\_004814_.tmp.dll
c:\windows2\system32\_004815_.tmp.dll
c:\windows2\system32\_004816_.tmp.dll
c:\windows2\system32\_004817_.tmp.dll
c:\windows2\system32\_004820_.tmp.dll
c:\windows2\system32\_004821_.tmp.dll
c:\windows2\system32\_004822_.tmp.dll
c:\windows2\system32\_004823_.tmp.dll
c:\windows2\system32\_004824_.tmp.dll
c:\windows2\system32\_004829_.tmp.dll
c:\windows2\system32\_004831_.tmp.dll
c:\windows2\system32\_004832_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
.
.
2012-10-30 14:00 . 2012-10-30 14:06 -------- d-----w- C:\2008.Fallout_3-_The_Unofficial_Soundtrack
2012-10-30 13:57 . 2012-10-30 13:57 -------- d-----w- C:\XX, The
2012-10-30 13:56 . 2012-10-30 14:06 -------- d-----w- C:\Muse - Black Holes And Revelations [2006][CD+Vid+Cov]
2012-10-30 13:35 . 2012-08-14 22:08 59520 ----a-w- c:\windows2\system32\pxc50pm.dll
2012-10-30 13:35 . 2012-10-30 13:35 -------- d-----w- c:\program files\Tracker Software
2012-10-30 13:34 . 2012-10-30 13:34 -------- d-----w- c:\program files\Common Files\Motive
2012-10-29 21:16 . 2012-10-29 21:16 -------- d-----w- c:\documents and settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\CounterPath Corporation
2012-10-29 21:16 . 2012-10-29 21:16 -------- d-----w- c:\documents and settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\CounterPath
2012-10-29 21:12 . 2012-10-29 21:12 -------- d-----w- c:\program files\Common Files\Outlook Security Manager
2012-10-29 21:12 . 2012-10-29 21:12 -------- d-----w- c:\program files\CounterPath
2012-10-29 15:41 . 2012-11-01 04:22 -------- d-----w- c:\documents and settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\LogMeIn Rescue Applet
2012-10-29 14:23 . 2012-10-29 14:23 -------- d-----w- c:\program files\SonicWALL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 23:38 . 2012-03-12 01:13 99080 ----a-w- c:\windows2\system32\drivers\inspect.sys
2012-11-07 23:38 . 2012-03-12 01:13 32640 ----a-w- c:\windows2\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2012-03-12 01:13 497952 ----a-w- c:\windows2\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2012-03-12 01:13 18096 ----a-w- c:\windows2\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2012-03-12 01:13 34024 ----a-w- c:\windows2\system32\cmdcsr.dll
2012-11-07 23:37 . 2012-03-12 01:13 301264 ----a-w- c:\windows2\system32\guard32.dll
2012-10-22 08:37 . 2012-04-20 03:28 1866368 ----a-w- c:\windows2\system32\win32k.sys
2012-10-13 18:00 . 2012-04-02 02:04 696760 ----a-w- c:\windows2\system32\FlashPlayerApp.exe
2012-10-13 18:00 . 2011-06-03 16:01 73656 ----a-w- c:\windows2\system32\FlashPlayerCPLApp.cpl
2012-10-07 18:23 . 2012-04-23 03:03 31920 ----a-w- c:\windows2\system32\drivers\OAnet.sys
2012-10-07 18:18 . 2012-04-23 03:03 27648 ----a-w- c:\windows2\system32\drivers\OAmon.sys
2012-10-07 18:17 . 2012-04-23 03:03 44992 ----a-w- c:\windows2\system32\drivers\oahlp32.sys
2012-10-07 18:16 . 2012-04-23 03:03 208320 ----a-w- c:\windows2\system32\drivers\OADriver.sys
2012-10-02 18:04 . 2004-08-03 22:56 58368 ----a-w- c:\windows2\system32\synceng.dll
2012-08-28 15:14 . 2004-08-03 22:56 916992 ----a-w- c:\windows2\system32\wininet.dll
2012-08-28 15:14 . 2004-08-03 22:56 43520 ----a-w- c:\windows2\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-03 22:56 1469440 ----a-w- c:\windows2\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-03 20:59 385024 ----a-w- c:\windows2\system32\html.iec
2012-08-24 13:53 . 2004-08-03 22:56 177664 ----a-w- c:\windows2\system32\wintrust.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"X-Lite"="c:\program files\CounterPath\X-Lite\X-Lite.exe" [2012-06-22 5070760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvCplDaemon"="c:\windows2\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows2\system32\NvMcTray.dll" [2008-02-22 86016]
"IMJPMIG8.1"="c:\windows2\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows2\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"OEM02Mon.exe"="c:\windows2\OEM02Mon.exe" [2007-05-10 36864]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-10-07 2415104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2012-01-19 1103744]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-10-07 366440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows2\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows2\system32\drivers\cmderd.sys [3/11/2012 8:13 PM 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows2\system32\drivers\cmdGuard.sys [3/11/2012 8:13 PM 497952]
R1 DLADiagM;DLADiagM;c:\windows2\system32\drivers\DLADiagM.SYS [10/2/2010 11:07 PM 13688]
R1 DLAPMonM;DLAPMonM;c:\windows2\system32\drivers\DLAPMonM.SYS [10/2/2010 11:07 PM 30744]
R1 OADevice;OADriver;c:\windows2\system32\drivers\OADriver.sys [4/22/2012 10:03 PM 208320]
R1 OAmon;OAmon;c:\windows2\system32\drivers\OAmon.sys [4/22/2012 10:03 PM 27648]
R1 OAnet;OAnet;c:\windows2\system32\drivers\OAnet.sys [4/22/2012 10:03 PM 31920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 4:00 PM 148744]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\COMODO\Dragon\dragon_updater.exe [11/15/2012 9:21 AM 1868432]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [4/22/2012 10:03 PM 216072]
R2 SBKUPNT;SBKUPNT;c:\windows2\system32\drivers\SBKUPNT.SYS [10/17/2010 12:05 AM 14976]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows2\system32\drivers\NxDrv.sys [7/28/2011 5:26 AM 21888]
S1 DLADHK_M;DLADHK_M;c:\windows2\system32\drivers\DLADHK_M.SYS [10/2/2010 11:07 PM 33592]
S1 oahlpXX;Online Armor helper driver;c:\windows2\system32\drivers\oahlp32.sys [4/22/2012 10:03 PM 44992]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\OAsrv.exe [4/22/2012 10:03 PM 4463864]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\SysProt\SysProt\SysProtDrv.sys [4/14/2012 2:52 PM 44288]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-22 c:\windows2\Tasks\Adobe Flash Player Updater.job
- c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:00]
.
2012-10-31 c:\windows2\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-11-22 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
2012-11-22 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
2012-11-22 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1417001333-1644491937-1003Core.job
- c:\documents and settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-30 00:57]
.
2012-11-22 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1417001333-1644491937-1003UA.job
- c:\documents and settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-30 00:57]
.
2012-11-22 c:\windows2\Tasks\WGASetup.job
- c:\windows2\system32\KB905474\wgasetup.exe [2012-04-14 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://doom9.org/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2071804A-A828-43D8-A35A-D5C9CD092067}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{49BC8CC8-7CF0-4AF7-9A0E-2CE9A812FBEC}: NameServer = 8.26.56.26,156.154.70.22
DPF: {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} - hxxps://fw.rpgny.com:4433/SWTSC.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-Svc2dll - c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\svcxdcl32.exe
HKU-Default-Run-dplaysvr - c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\dplaysvr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-22 00:42
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS2\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS2\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows2\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows2\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(668)
c:\windows2\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(576)
c:\windows2\system32\cmdcsr.dll
.
Completion time: 2012-11-22 00:44:50
ComboFix-quarantined-files.txt 2012-11-22 05:44
.
Pre-Run: 8,881,053,696 bytes free
Post-Run: 9,151,295,488 bytes free
.
- - End Of File - - 15C9C791D86DC985E07D9EFAF7EAD1E2

Re: Programs won't start :(22nd November 2012, 8:33 pm

P2P - I see you have P2P software installed on your machine. (uTorrent)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Programs won't start :( AswMBR_Scan

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Programs won't start :( AswMBR_SaveLog

On completion of the scan click save log, save it to your desktop and post in your next reply
*************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
At the bottom of the page
- Hidden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Re: Programs won't start :(23rd November 2012, 2:31 pm

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
COMODO Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Re: Programs won't start :(23rd November 2012, 2:36 pm

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-23 00:24:26
-----------------------------
00:24:26.671 OS Version: Windows 5.1.2600 Service Pack 3
00:24:26.671 Number of processors: 2 586 0xF0D
00:24:26.671 ComputerName: ANTONIO-LAPTOP UserName: Antonio
00:24:27.375 Initialze error C000010E - driver not loaded
00:24:28.671 write error "aswEngin.dll". The process cannot access the file because it is being used by another process.
00:29:54.671 AVAST engine defs: 12112201
00:31:30.750 Service scanning
00:32:04.437 Modules scanning
00:32:04.500 Disk 0 trace - called modules:
00:32:04.531
00:32:05.531 AVAST engine scan C:\WINDOWS2
00:32:30.078 AVAST engine scan C:\WINDOWS2\system32
00:35:50.296 AVAST engine scan C:\WINDOWS2\system32\drivers
00:36:07.500 AVAST engine scan C:\Documents and Settings\Antonio.ANTONIO-LAPTOP
00:44:55.218 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS2
00:45:08.593 Scan finished successfully
00:47:24.515 The log file has been saved successfully to "E:\aswMBR\aswMBR_11.22.2012.txt"

Re: Programs won't start :(23rd November 2012, 2:42 pm

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\smss.exe
PID: 528
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\csrss.exe
PID: 580
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\winlogon.exe
PID: 612
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\services.exe
PID: 656
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\lsass.exe
PID: 668
Hidden: No
Window Visible: No

Name: C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
PID: 848
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 912
Hidden: No
Window Visible: No

Name: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PID: 952
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 980
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 1068
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 1132
Hidden: No
Window Visible: No

Name: C:\Program Files\Online Armor\oacat.exe
PID: 1308
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\explorer.exe
PID: 1544
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\spoolsv.exe
PID: 1868
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 1084
Hidden: No
Window Visible: No

Name: C:\Program Files\SUPERAntiSpyware\SASCore.exe
PID: 1284
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PID: 1520
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1756
Hidden: No
Window Visible: No

Name: C:\Program Files\COMODO\Dragon\dragon_updater.exe
PID: 564
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1968
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PID: 1748
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\nvsvc32.exe
PID: 1456
Hidden: No
Window Visible: No

Name: C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
PID: 388
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 2020
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\wuauclt.exe
PID: 2264
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\alg.exe
PID: 3148
Hidden: No
Window Visible: No

Name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PID: 2568
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\wscntfy.exe
PID: 4012
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\SysProt.exe
PID: 2648
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B9E30000
Module End: B9E3B000
Hidden: No

Module Name: \WINDOWS2\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E5000
Hidden: No

Module Name: \WINDOWS2\system32\hal.dll
Service Name: ---
Module Base: 806E5000
Module End: 80705D00
Hidden: No

Module Name: \WINDOWS2\system32\KDCOM.DLL
Service Name: ---
Module Base: F7AC4000
Module End: F7AC6000
Hidden: No

Module Name: \WINDOWS2\system32\BOOTVID.dll
Service Name: ---
Module Base: F79D4000
Module End: F79D7000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7495000
Module End: F74C3000
Hidden: No

Module Name: \WINDOWS2\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7AC6000
Module End: F7AC8000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7484000
Module End: F7495000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F75C4000
Module End: F75CE000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F75D4000
Module End: F75E4000
Hidden: No

Module Name: \WINDOWS2\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F75E4000
Module End: F75F2000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F79D8000
Module End: F79DB000
Hidden: No

Module Name: \WINDOWS2\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F79DC000
Module End: F79E0000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7B8C000
Module End: F7B8D000
Hidden: No

Module Name: \WINDOWS2\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7844000
Module End: F784B000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F75F4000
Module End: F75FF000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7465000
Module End: F7484000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F7AC8000
Module End: F7ACA000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F743F000
Module End: F7465000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F784C000
Module End: F7851000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F7604000
Module End: F7611000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F7427000
Module End: F743F000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\disk.sys
Service Name: ---
Module Base: F7614000
Module End: F761D000
Hidden: No

Module Name: \WINDOWS2\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F7624000
Module End: F7631000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F7407000
Module End: F7427000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\sr.sys
Service Name: sr
Module Base: F73F5000
Module End: F7407000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F73DE000
Module End: F73F5000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F7351000
Module End: F73DE000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F7324000
Module End: F7351000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F730A000
Module End: F7324000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F7824000
Module End: F782D000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: F609E000
Module End: F66F8000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F608A000
Module End: F609E000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F7914000
Module End: F791A000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F6066000
Module End: F608A000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F791C000
Module End: F7924000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F603E000
Module End: F6066000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\NETw4x32.sys
Service Name: NETw4x32
Module Base: F5E22000
Module End: F603E000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\bcm4sbxp.sys
Service Name: bcm4sbxp
Module Base: F7834000
Module End: F7844000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F6788000
Module End: F6798000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: F5E0E000
Module End: F5E22000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\rimmptsk.sys
Service Name: rimmptsk
Module Base: F6778000
Module End: F6786000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\rimsptsk.sys
Service Name: rimsptsk
Module Base: F5DFA000
Module End: F5E0E000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\rixdptsk.sys
Service Name: rismxdp
Module Base: F5DA9000
Module End: F5DFA000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F6768000
Module End: F6775000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F7924000
Module End: F792A000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F792C000
Module End: F7932000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F6758000
Module End: F6763000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F6748000
Module End: F6758000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F6738000
Module End: F6747000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F5D86000
Module End: F5DA9000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F7934000
Module End: F793A000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F7AB4000
Module End: F7AB8000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: F7AB8000
Module End: F7ABB000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7BED000
Module End: F7BEE000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F6718000
Module End: F6725000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7ABC000
Module End: F7ABF000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F5D6F000
Module End: F5D86000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F6708000
Module End: F6713000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F66F8000
Module End: F6704000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F793C000
Module End: F7941000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7944000
Module End: F7949000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F794C000
Module End: F7951000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F5D3F000
Module End: F5D6F000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F7644000
Module End: F764E000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\NxDrv.sys
Service Name: NxDrv
Module Base: F72D6000
Module End: F72DA000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7AE6000
Module End: F7AE8000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F5CE1000
Module End: F5D3F000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F72D2000
Module End: F72D6000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F7654000
Module End: F765E000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7664000
Module End: F7673000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7AEA000
Module End: F7AEC000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\sthda.sys
Service Name: STHDA
Module Base: F4B31000
Module End: F4C4F000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\portcls.sys
Service Name: ---
Module Base: F4B0D000
Module End: F4B31000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\drmk.sys
Service Name: ---
Module Base: F7674000
Module End: F7683000
Hidden: No

Module Name: \??\C:\WINDOWS2\system32\Drivers\OEM02Afx.sys
Service Name: OEM02Afx
Module Base: F4AEA000
Module End: F4B0D000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\HSFHWAZL.sys
Service Name: HSFHWAZL
Module Base: F4AB6000
Module End: F4AEA000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\HSF_DPV.sys
Service Name: HSF_DPV
Module Base: F49C4000
Module End: F4AB6000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: F4911000
Module End: F49C4000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F7954000
Module End: F795C000
Hidden: No

Module Name: C:\WINDOWS2\System32\DRIVERS\cmderd.sys
Service Name: cmderd
Module Base: F7A80000
Module End: F7A83000
Hidden: No

Module Name: C:\WINDOWS2\System32\DRIVERS\cmdguard.sys
Service Name: cmdGuard
Module Base: F4872000
Module End: F48E9000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: F7984000
Module End: F798C000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7AF6000
Module End: F7AF8000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7BC4000
Module End: F7BC5000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7AF8000
Module End: F7AFA000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\DLARTL_M.SYS
Service Name: DLARTL_M
Module Base: F7994000
Module End: F799A000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\DLADiagM.SYS
Service Name: DLADiagM
Module Base: F7AFA000
Module End: F7AFC000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\DLAPMonM.SYS
Service Name: DLAPMonM
Module Base: F799C000
Module End: F79A2000
Hidden: No

Module Name: C:\WINDOWS2\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F79AC000
Module End: F79B2000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7AFC000
Module End: F7AFE000
Hidden: No

Module Name: C:\WINDOWS2\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7AFE000
Module End: F7B00000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F79B4000
Module End: F79B9000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F79BC000
Module End: F79C4000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F7A94000
Module End: F7A97000
Hidden: No

Module Name: \??\C:\WINDOWS2\system32\drivers\OAnet.sys
Service Name: OAnet
Module Base: F79C4000
Module End: F79CA000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: F483F000
Module End: F4852000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F7684000
Module End: F768D000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: F47E6000
Module End: F483F000
Hidden: No

Module Name: \??\C:\WINDOWS2\system32\drivers\OAmon.sys
Service Name: OAmon
Module Base: F7694000
Module End: F769D000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F76A4000
Module End: F76AD000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: F47C0000
Module End: F47E6000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: F4798000
Module End: F47C0000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F76B4000
Module End: F76C3000
Hidden: No

Module Name: C:\WINDOWS2\System32\drivers\ws2ifsl.sys
Service Name: WS2IFSL
Module Base: F5CD9000
Module End: F5CDC000
Hidden: No

Module Name: C:\WINDOWS2\System32\drivers\afd.sys
Service Name: AFD
Module Base: F474E000
Module End: F4770000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F76C4000
Module End: F76CD000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Service Name: SASKUTIL
Module Base: F472C000
Module End: F474E000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F79CC000
Module End: F79D2000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: F4701000
Module End: F472C000
Hidden: No

Module Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys
Service Name: OADevice
Module Base: F46D0000
Module End: F4701000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: F4660000
Module End: F46D0000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F76E4000
Module End: F76EF000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: F5CC9000
Module End: F5CCC000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F76F4000
Module End: F76FD000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F785C000
Module End: F7863000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\OEM02Dev.sys
Service Name: OEM02Dev
Module Base: F4586000
Module End: F45C0000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\OEM02Vfx.sys
Service Name: OEM02Vfx
Module Base: F7B00000
Module End: F7B02000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: F5CC5000
Module End: F5CC8000
Hidden: No

Module Name: C:\WINDOWS2\SYSTEM32\DRIVERS\APPDRV.SYS
Service Name: APPDRV
Module Base: F5CC1000
Module End: F5CC5000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F7734000
Module End: F7744000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F456E000
Module End: F4586000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B0E000
Module End: F7B10000
Hidden: Yes

Module Name: C:\WINDOWS2\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F4C4F000
Module End: F4C52000
Hidden: No

Module Name: C:\WINDOWS2\System32\watchdog.sys
Service Name: ---
Module Base: F7894000
Module End: F7899000
Hidden: No

Module Name: C:\WINDOWS2\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7CCB000
Module End: F7CCC000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: BA6BC000
Module End: BA6C0000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: BA313000
Module End: BA328000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: BA5F0000
Module End: BA5FF000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: BA1A8000
Module End: BA1D5000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: BA010000
Module End: BA068000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: BA078000
Module End: BA07C000
Hidden: No

Module Name: \??\C:\WINDOWS2\system32\Drivers\SBKUPNT.SYS
Service Name: SBKUPNT
Module Base: BA004000
Module End: BA008000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: B9AF7000
Module End: B9B38000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: F487C7E4
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwAllocateVirtualMemory
Address: F46D442C
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwAssignProcessToJobObject
Address: F46D3928
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwConnectPort
Address: F46D264C
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwCreateFile
Address: F46D9316
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwCreateKey
Address: F46DB24A
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwCreatePort
Address: F46D246A
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwCreateProcess
Address: F46D3EE8
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwCreateProcessEx
Address: F46D0978
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwCreateSection
Address: F46D04F2
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwCreateSymbolicLinkObject
Address: F487EF9E
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateThread
Address: F46D1634
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwDebugActiveProcess
Address: F46D1D22
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwDeleteKey
Address: F487C9D0
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteValueKey
Address: F487CBE8
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDuplicateObject
Address: F46D232C
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwEnumerateKey
Address: F487D82A
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateValueKey
Address: F487DA80
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwLoadDriver
Address: F46D3350
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwMakeTemporaryObject
Address: F487C058
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenFile
Address: F46D9694
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwOpenKey
Address: F487D030
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenProcess
Address: F46D1308
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwOpenSection
Address: F46D07B4
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwOpenThread
Address: F46D18B0
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwProtectVirtualMemory
Address: F46D36DA
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwQueryKey
Address: F487DC8E
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryMultipleValueKey
Address: F487E0E2
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryValueKey
Address: F487DEA0
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueueApcThread
Address: F46D3A44
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwRenameKey
Address: F487D5B2
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRequestPort
Address: F46D2CB0
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwRequestWaitReplyPort
Address: F46D3018
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwRestoreKey
Address: F46D910E
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwResumeThread
Address: F46D20CE
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwSecureConnectPort
Address: F46D286E
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwSetContextThread
Address: F46D1BCC
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwSetSecurityObject
Address: F487CE54
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSystemInformation
Address: F46D40E0
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwSetValueKey
Address: F487D30A
Driver Base: F4872000
Driver End: F48E9000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwShutdownSystem
Address: F46D328A
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwSuspendProcess
Address: F46D21FE
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwSuspendThread
Address: F46D1F7A
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwSystemDebugControl
Address: F46D1E40
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwTerminateProcess
Address: F46D1472
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwTerminateThread
Address: F46D1A66
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwUnloadDriver
Address: F46D3518
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

Function Name: ZwWriteVirtualMemory
Address: F46D3804
Driver Base: F46D0000
Driver End: F4701000
Driver Name: \??\C:\WINDOWS2\system32\drivers\OADriver.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\5AB073CC.TMP
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\6F0385AD.TMP
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Re: Programs won't start :(23rd November 2012, 7:54 pm

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

****************************************************
How's your computer running now?

Re: Programs won't start :(24th November 2012, 5:31 am

RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Antonio [Admin rights]
Mode : Scan -- Date : 11/24/2012 00:07:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][NOTFOUND] HKLM\[...]\Run : NVHotkey (rundll32.exe nvHotkey.dll,Start) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{2071804A-A828-43D8-A35A-D5C9CD092067} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{49BC8CC8-7CF0-4AF7-9A0E-2CE9A812FBEC} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS2\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542512K9SA00 +++++
--- User ---
[MBR] 52b79984ec4d8201feb2288e7b144849
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 160650 | Size: 108509 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 222387795 | Size: 2557 Mo
3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 227624985 | Size: 3325 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11242012_02d0007.txt >>
RKreport[1]_S_11242012_02d0007.txt

Re: Programs won't start :(24th November 2012, 5:35 am

Thanks for all the help, but it appears that none of my programs (except comodo and online armor) are able to start up. I've been doing everything in safe mode for that reason. Internet in safe mode runs smoothly but outside of safe mode is a different story.

I remember using combofix and was able to get on the internet and start up other programs for a short time. Please let me know what steps I should take. Thanks!

Re: Programs won't start :(24th November 2012, 5:37 am

fyi: unable to update java under safe mode

Re: Programs won't start :(24th November 2012, 8:01 pm

I'm sorry. I didn't realize that you could only run in Safe Mode. What happens in Normal Mode? Does the computer boot to Normal?

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 3 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr

Once you've gotten one of them to run then try to immediately run the following.

Now download and Run exeHelper.

Please download exeHelper from Raktor to your desktop.Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Re: Programs won't start :(25th November 2012, 3:49 am

exeHelper by Raktor
Build 20100414
Run at 22:45:41 on 11/24/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Re: Programs won't start :(25th November 2012, 3:51 am

rkill just restarted my computer. Is that normal? Thanks.

Re: Programs won't start :(25th November 2012, 7:10 pm

furyofdawolfx wrote:

rkill just restarted my computer. Is that normal? Thanks.

Yes. Can you now run the programs?

Re: Programs won't start :(25th November 2012, 9:04 pm

Nope not yet. Only safe mode works Sad tearing

Re: Programs won't start :(26th November 2012, 3:01 am

Any suggestions?

Re: Programs won't start :(26th November 2012, 8:22 pm

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Re: Programs won't start :(27th November 2012, 11:53 am

Hello,

Kasperky did not detect any Malware. It's odd but whenever I shutdown Online Armor, everything works (using my laptop right now). Online Armor did not do that before. Would you advice unistalling online armor and then reinstalling it? Is there a better firewall that you recommend? Thanks!!

-A

Re: Programs won't start :(27th November 2012, 8:04 pm

Would you advice unistalling online armor and then reinstalling it? Is there a better firewall that you recommend? Thanks!!

You could try that. If that doesn't solve the problem, here's a list of Firewalls.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus
5) ZoneAlarm Firewall

Re: Programs won't start :(29th November 2012, 3:44 am

Hello,

Thanks for all the help. Online Armor seems to be the problem. I tried uninstalling and installing again but same problem occurs. Whenever I shut down Online Armor, everything is fine. I tried downloading the other firewalls above but none of them seem to be compatible with COMODO Antivirus. Perhaps there is another firewall I can try? Or maybe I can unistall COMODO and install another free Antivirus? Thanks!

-A

Re: Programs won't start :(29th November 2012, 7:21 pm

Perhaps there is another firewall I can try? Or maybe I can unistall COMODO and install another free Antivirus?

That would be a good idea. Here's a list of free AV's. I especially like MicroSoft Security Essentials. Very lite-weight and effective.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Re: Programs won't start :(2nd December 2012, 3:19 am

Hello,

Everything seems to be working fine right now. Any further steps you recommend?

Thanks,
-A

Re: Programs won't start :(2nd December 2012, 4:19 am

spoke to soon. Google Chrome is having trouble visiting websites..

Re: Programs won't start :(2nd December 2012, 11:07 pm

furyofdawolfx wrote:

spoke to soon. Google Chrome is having trouble visiting websites..

What sort of trouble; redirecting or can't access the site?

Re: Programs won't start :(4th December 2012, 3:54 am

as of right now. google chrome is okay. It did not let me go to some sites (like this one) yesterday.

Re: Programs won't start :(4th December 2012, 6:59 pm

Ok. We can do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

Programs won't start :( Combofix_uninstall_image

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

***********************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
**********************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Programs won't start :( Diskcleanup2

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

Programs won't start :( Diskcleanup

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*********************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Re: Programs won't start :(6th December 2012, 3:54 am

Hello,

After uninstalling combo fix and doing a disk cleanup, I started browsing the web for about 5 minutes and all of sudden google chrome stopped working. I started Internet explorer and the same thing happened... So I decided to run a quick scan with PC Tools and got the following:

12/5/2012 10:39:45 PM:781
Scan Finished
Scan Type - Intelli-Scan
Scan Time - 6 mins 28 secs
Items Processed - 4965
Threats Detected - 4
Infections Detected - 16
12/5/2012 10:40:10 PM:265
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - casalemedia.com/ casalemedia.com
12/5/2012 10:40:10 PM:281
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - statcounter.com/ statcounter.com
12/5/2012 10:40:10 PM:281
Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - burstnet.com/ burstnet.com
12/5/2012 10:40:10 PM:515
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - chango.com/ chango.com
12/5/2012 10:40:10 PM:531
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - dmtracker.com/ dmtracker.com
12/5/2012 10:40:10 PM:531
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - revsci.net/ revsci.net
12/5/2012 10:40:10 PM:531
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - specificclick.net/ specificclick.net
12/5/2012 10:40:10 PM:531
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - insightexpressai.com/ insightexpressai.com
12/5/2012 10:40:10 PM:609
Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - quantserve.com/ quantserve.com
12/5/2012 10:40:10 PM:609
Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - intellitxt.com/ intellitxt.com
12/5/2012 10:40:10 PM:609
Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - bs.serving-sys.com/ bs.serving-sys.com
12/5/2012 10:40:10 PM:609
Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - pixel.rubiconproject.com/ pixel.rubiconproject.com
12/5/2012 10:40:10 PM:609
Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - serving-sys.com/ serving-sys.com
12/5/2012 10:40:10 PM:609
Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com
12/5/2012 10:40:10 PM:609
Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - rubiconproject.com/ rubiconproject.com
12/5/2012 10:40:10 PM:718
Infection cleaned
Threat Name - Spyware.TrustyHound!rem
Type - Cookie
Risk Level - Medium
Infection - adbrite.com/ adbrite.com
12/5/2012 10:40:15 PM:125
Infections Quarantined/Removed Summary
Quarantined - 0
Quarantine Failed - 0
Removed - 16
Remove Failed - 0

Everything is working again right now, but I'm afraid this might be a reoccurring problem. Any suggestions?

Re: Programs won't start :(6th December 2012, 8:09 pm

None of those would cause problems with the internet connection. Did your try resetting your modem?

Programs won't start :(

descriptionPrograms won't start :(21st November 2012, 2:37 am

descriptionRe: Programs won't start :(21st November 2012, 2:39 am

descriptionRe: Programs won't start :(21st November 2012, 2:40 am

descriptionRe: Programs won't start :(21st November 2012, 2:40 am

descriptionRe: Programs won't start :(21st November 2012, 2:42 am

descriptionRe: Programs won't start :(22nd November 2012, 2:51 am

descriptionRe: Programs won't start :(22nd November 2012, 6:01 am

descriptionRe: Programs won't start :(22nd November 2012, 8:33 pm

descriptionRe: Programs won't start :(23rd November 2012, 2:31 pm

descriptionRe: Programs won't start :(23rd November 2012, 2:36 pm

descriptionRe: Programs won't start :(23rd November 2012, 2:42 pm

descriptionRe: Programs won't start :(23rd November 2012, 7:54 pm

descriptionRe: Programs won't start :(24th November 2012, 5:31 am

descriptionRe: Programs won't start :(24th November 2012, 5:35 am

descriptionRe: Programs won't start :(24th November 2012, 5:37 am

descriptionRe: Programs won't start :(24th November 2012, 8:01 pm

descriptionRe: Programs won't start :(25th November 2012, 3:49 am

descriptionRe: Programs won't start :(25th November 2012, 3:51 am

descriptionRe: Programs won't start :(25th November 2012, 7:10 pm

descriptionRe: Programs won't start :(25th November 2012, 9:04 pm

descriptionRe: Programs won't start :(26th November 2012, 3:01 am

descriptionRe: Programs won't start :(26th November 2012, 8:22 pm

descriptionRe: Programs won't start :(27th November 2012, 11:53 am

descriptionRe: Programs won't start :(27th November 2012, 8:04 pm

descriptionRe: Programs won't start :(29th November 2012, 3:44 am

descriptionRe: Programs won't start :(29th November 2012, 7:21 pm

descriptionRe: Programs won't start :(2nd December 2012, 3:19 am

descriptionRe: Programs won't start :(2nd December 2012, 4:19 am

descriptionRe: Programs won't start :(2nd December 2012, 11:07 pm

descriptionRe: Programs won't start :(4th December 2012, 3:54 am

descriptionRe: Programs won't start :(4th December 2012, 6:59 pm

descriptionRe: Programs won't start :(6th December 2012, 3:54 am

descriptionRe: Programs won't start :(6th December 2012, 8:09 pm

descriptionRe: Programs won't start :(