PDA

View Full Version : Possible Infection


Canyoufixitdad
2012-04-11, 10:56
Good morning,
I was browsing the internet at the weekend and I had an AVG pop up alert informing me of a possible attack. It said the threat had been caught and not to worry but I checked it anyway on the AVG website and it was some sort of black hole alert (I'm sorry I can't remember exactly what the name of it was but it was at the top of the list of recent virus attacks). Since then my computer takes on average betweeen 8 and 10 minutes to load up, some start up programs don't start (zonealarm in particular). Yesterday I did a virus scan and it came up empty but after I did a restart my computer would not load at all, just stayed at the welcome screen. I could, however, start it in safe mode so I did that and rolled back to a last known good start up. Here are the contents of my DDS reports (excuse my rambling :sad:).....


DDS (Ver_10-12-12.02) - NTFSx86
Run by **** at 8:23:37.09 on 11/04/2012
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1297 [GMT 1:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\S***\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program

files\zonealarm_security\prxtbZon0.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program

files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program

files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [KiesTrayAgent]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [Google Update] "c:\documents and settings\s***\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\s***\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft

activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft

activesync\INETREPL.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.de/common/asusTek_sys_ctrl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} -

hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -

hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237655446953
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264355223062
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-10 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-10 108552]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-10 297752]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-2-4 95568]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe

[2012-3-4 2348352]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program

files\checkpoint\zonealarm\vsmon.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-2-4 18120]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-3-2 123712]
R3 SaiKA50A;SaiKA50A;c:\windows\system32\drivers\SaiKA50A.sys [2009-9-14 120840]
R3 SaiUA50A;SaiUA50A;c:\windows\system32\drivers\SaiUA50A.sys [2009-9-14 35336]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S1 ctgojdaq;ctgojdaq;\??\c:\windows\system32\drivers\ctgojdaq.sys --> c:\windows\system32\drivers\ctgojdaq.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gafwload;Fujitsu USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [2007-12-29 26987]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-11 136176]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\s***\locals~1\temp\alsysio.sys --> c:\docume~1\s***\locals~1\temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-14 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-10-28 30240]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-1-11 16512]
S3 DrmCDriverV32;DrmCDriverV32;c:\windows\system32\drivers\DrmCDriverV32.sys [2008-2-21 513152]
S3 DrmCVideo32;DrmCVideo32;c:\windows\system32\drivers\DrmCVideo32.sys [2008-2-21 3768]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-11 36640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-11 136176]
S3 MAUSBFT;Service for M-Audio Fast Track;c:\windows\system32\drivers\mausbft.sys [2012-2-19 156552]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-1-31 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-1-31 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-1-31 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys

[2010-1-31 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-1-31

26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-1-31 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-1-31

109864]
S3 SaiK0836;SaiK0836;c:\windows\system32\drivers\SaiK0836.sys [2011-8-13 139272]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-10-28 96416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-10-28 12704]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-10-28 121504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-4-11 217088]
S4 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\samsung\kies\wiselinkpro\WiselinkPro.exe [2010-1-18 9201664]

=============== Created Last 30 ================

2012-04-11 06:46:08 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-11 06:46:08 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-03 06:08:02 56200 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition

updates\{52c6d757-7d31-4df2-add6-11aead247a2a}\offreg.dll
2012-03-17 21:31:55 -------- d-----w- c:\docume~1\s***\locals~1\applic~1\Skyrim NPC Editor
2012-03-17 15:16:48 -------- d-----w- c:\program files\Skyrim NPC Editor
2012-03-17 15:16:30 -------- d-----w- c:\program files\Microsoft XNA

==================== Find3M ====================

2012-03-27 14:36:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-04 17:43:12 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-03-04 17:43:12 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-03-04 11:51:37 292780 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-03-04 11:51:37 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-03-04 11:51:29 292780 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-03-03 18:46:23 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-10 04:10:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:10:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:10:00 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:10:00 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-10 04:10:00 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:10:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:10:00 2292224 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:10:00 18620416 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-10 04:10:00 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:10:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 03:04:29 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-10 03:04:21 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-10 03:04:21 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-10 03:04:20 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:04:19 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-27 00:31:12 4608 ----a-w- c:\windows\system32\w95inf32.dll
2012-01-27 00:31:12 2272 ----a-w- c:\windows\system32\w95inf16.dll
2012-01-17 12:46:00 27968 ----a-w- c:\windows\system32\nvhdap32.dll
2012-01-17 12:45:54 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

============= FINISH: 8:27:04.03 ===============


Thanks for any help

Kind regards,
diver79
2012-04-17, 21:35
Hi and welcome to Safer-Networking, sorry for any delay in answering your request for help.
My name is Diver79, and I will be helping you with your malware problems.

Before we start please note the following important guidelines.

The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
Please DO NOT run any other software or scans whilst I am helping you.


Note: If you haven't done so already, please ensure you have read the following article. "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP? (http://www.winxptutor.com/ntbackup.htm)

Looking into your logs now. Will post instructions soon...

diver79.
diver79
2012-04-17, 22:16
Hi Canyoufixitdad,

Please run the scans below and get back to me with the logs.

Run CKScanner

Please download CKScanner from Here (http://downloads.malwareremoval.com/CKScanner.exe)
Important: - Save it to your desktop.
Double-click CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please Run the program only once.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Scan with WVCheck:
Please download WVCheck (http://artellos.com/ccount/click.php?id=7) and save it to the desktop.

Double click on WVCheck.exe and follow the prompts.
The scan may take some time depending on the Hard-Drive size.
Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.
Canyoufixitdad
2012-04-19, 00:29
Hi Diver79,

Thanks for the reply and no worries about the wait. Only too glad you can help me.

The results are...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CKScanner

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\ryan\my documents\my music\itunes\itunes media\music\compilations\ukf dubstep 2010\02 cracks (flux pavilion remix) [fea.m4a
c:\documents and settings\ryan\my documents\my music\itunes\itunes media\music\eminem\relapse_ refill\1-18 crack a bottle (feat. dr. dre &.m4a
c:\documents and settings\ryan\my documents\my music\this is dubstep vol. 3 1\1-04 cracks (flux pavilion remix).m4a
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrack.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatest.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcracklightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcracklightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrack.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrack.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcracklightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrack.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcracklightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrack.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrack.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatest.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcracklightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcracklightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrack.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrack.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcracklightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrack.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcracklightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrack.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
c:\documents and settings\sean\my documents\my music\poison\crack a smile and more\thumbs.db
c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack 2.tfx
c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack.tfx
c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack.tfx
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files\red storm entertainment\ghost recon\mods\mp1\map\d01_beach\m01_cracked_wood.rsb
c:\program files\red storm entertainment\ghost recon\mods\mp1\map\dp05_ravine\pmp08_cracked_wood.rsb
c:\program files\red storm entertainment\ghost recon\mods\origmiss\map\mp05_docks\mp05_cracks.rsb
c:\program files\red storm entertainment\ghost recon\mods\origmiss\map\training\tr_flr_con_ext_crackdirt.rsb
c:\program files\red storm entertainment\ghost recon\mods\origmiss\map\training\tr_flr_con_ext_cracks.rsb
c:\program files\red storm entertainment\ghost recon\mods\origmiss\textures\cracked_glass.rsb
c:\program files\steam\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
c:\program files\steam\steamapps\common\call of duty black ops\zone\english\en_mp_cracked.ff
scanner sequence 3.ZZ.11.TTAPIE
----- EOF -----

~~~~~~~~~~~~~~~~~~~~~~

WVCheck

Windows Validation Check
Version: 1.9.12.5
Log Created On: 2215_18-04-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Do not download or install updates automatically.
-----------------------
Last Success Time for Update Detection: 2009-06-24 06:38:00
Last Success Time for Update Download: 2009-06-24 06:38:37
Last Success Time for Update Installation: 2009-06-23 05:29:58


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b


-------- End of File, program close at 2223_18-04-2012 --------

~~~~~~~~~~~~~~~~~~~~~

Kind regards,
diver79
2012-04-19, 00:54
Hi Canyoufixitdad

Remove P2P Programs

I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
Please read the File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282) where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.


Click on start
Then Run
In the open text entry box please copy/paste appwiz.cpl Then click enter.
Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

aswMBR Scan
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your Desktop.
Right click aswMBR.exe & choose "Run as Administrator" to run it.
Click Yes to the prompt to download Avast! virus definitions.
(Please be patient whilst the virus definitions download)
With the AVscan set to Quick Scan, click the Scan button.
(Please be patient whilst your computer is scanned.)
After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
Click OK > Exit.
Note: Do not attempt to fix anything at this stage!
Two files will be created, aswMBR.txt & a file named MBR.dat.
MBR.dat is a backup of the MBR(master boot record), do not delete it..
I strongly suggest you keep a copy of this backup stored on an external device.
Copy & Paste the contents of aswMBR.txt into your next reply.


OTL Scan

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Canyoufixitdad
2012-04-19, 04:41
Hi Diver79,

While aswMBR was running AVG flashed up a virus upon opening threat. It was C:\doc and settings\local settings\temp\petxt.dll and it asked me to move it to the virus vault which i duly did. Also, reading the text document I've noticed that my hard drive is virtually full !! I don't think I've got that much info stored on my computer.

Here are the results of the scans

~~~~~~~~~~~~~~

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-19 01:20:49
-----------------------------
01:20:49.500 OS Version: Windows 5.1.2600 Service Pack 3
01:20:49.500 Number of processors: 2 586 0xF0B
01:20:49.500 ComputerName: STUDY UserName: Sean
01:20:51.859 Initialize success
01:23:53.953 AVAST engine defs: 12041802
01:24:22.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007c
01:24:22.687 Disk 0 Vendor: SAMSUNG_HD401LJ ZZ100-15 Size: 381554MB BusType: 3
01:24:22.687 Disk 0 MBR read successfully
01:24:22.687 Disk 0 MBR scan
01:24:22.734 Disk 0 Windows XP default MBR code
01:24:22.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 381543 MB offset 63
01:24:22.734 Disk 0 scanning sectors +781401600
01:24:22.765 Disk 0 scanning C:\WINDOWS\system32\drivers
01:24:36.828 Service scanning
01:24:54.375 Modules scanning
01:24:59.359 Disk 0 trace - called modules:
01:24:59.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0xfea12998]<<
01:24:59.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8472a030]
01:24:59.359 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\0000007d[0x84753ac0]
01:24:59.359 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\0000007c[0x846b6030]
01:25:00.140 AVAST engine scan C:\WINDOWS
01:25:18.250 AVAST engine scan C:\WINDOWS\system32
01:28:38.953 AVAST engine scan C:\WINDOWS\system32\drivers
01:29:01.375 AVAST engine scan C:\Documents and Settings\Sean
01:47:57.734 File: C:\Documents and Settings\Sean\Local Settings\Temp\msimg32.dll **INFECTED** Win32:Sirefef-TB [Trj]
01:48:03.906 File: C:\Documents and Settings\Sean\Local Settings\Temp\nocewamsxr.tmp **INFECTED** Win32:MalOb-KG [Cryp]
01:48:23.109 File: C:\Documents and Settings\Sean\Local Settings\Temp\wsoaenxmrc.tmp **INFECTED** MSIL:Adware-A [Adw]
02:10:05.828 AVAST engine scan C:\Documents and Settings\All Users
02:11:49.093 Scan finished successfully
02:13:36.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sean\Desktop\MBR.dat"
02:13:36.468 The log file has been saved successfully to "C:\Documents and Settings\Sean\Desktop\aswMBR.txt"
Canyoufixitdad
2012-04-19, 04:44
OTL logfile created on: 19/04/2012 02:18:56 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Sean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.58% Memory free
3.95 Gb Paging File | 3.04 Gb Available in Paging File | 77.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 10.63 Gb Free Space | 2.85% Space Free | Partition Type: NTFS

Computer Name: STUDY | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Sean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (dgdersvc) -- C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (KiesAllShare) -- C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe ()
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
SRV - (digiSPTIService) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (Avid Technology, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (xpsec) -- C:\WINDOWS\system32\drivers\xpsec.sys File not found
DRV - (xcpip) -- C:\WINDOWS\system32\drivers\xcpip.sys File not found
DRV - (WDICA) -- File not found
DRV - (srescan) -- system32\ZoneLabs\srescan.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (ntcdrdrv) -- system32\DRIVERS\ntcdrdrv.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (FreshIO) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys File not found
DRV - (ctgojdaq) -- C:\WINDOWS\system32\drivers\ctgojdaq.sys File not found
DRV - (Changer) -- File not found
DRV - (aswMBR) -- C:\DOCUME~1\Sean\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (ALSysIO) -- C:\DOCUME~1\Sean\LOCALS~1\Temp\ALSysIO.sys File not found
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek)
DRV - (SaiK0836) -- C:\WINDOWS\system32\drivers\SaiK0836.sys (Saitek)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (SaiKA50A) -- C:\WINDOWS\system32\drivers\SaiKA50A.sys (Saitek)
DRV - (SaiUA50A) -- C:\WINDOWS\system32\drivers\SaiUA50A.sys (Saitek)
DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (s1018mdm) -- C:\WINDOWS\system32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\WINDOWS\system32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\WINDOWS\system32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\WINDOWS\system32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\system32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\WINDOWS\system32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (MAUSBFT) -- C:\WINDOWS\system32\drivers\mausbft.sys (Avid Technology, Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (DrmCVideo32) -- C:\WINDOWS\system32\drivers\DrmCVideo32.sys (Windows (R) 2000 DDK provider)
DRV - (DrmCDriverV32) -- C:\WINDOWS\system32\drivers\DrmCDriverV32.sys (Windows (R) 2000/XP)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (nvatabus) -- C:\WINDOWS\System32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (gafwload) -- C:\WINDOWS\system32\drivers\gafwload.sys (GlobeSpan Inc.)
DRV - (wanusb) -- C:\WINDOWS\system32\drivers\gwausb.sys (GlobeSpan Inc.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {D8729027-BD75-4933-81FF-976D63253814}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{7000329A-65B4-46AF-9B4A-1D4386A93DDB}: "URL" = http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_uk&p={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKCU\..\SearchScopes\{BD129D3C-E73E-4441-BBD2-23E5028866B9}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKCU\..\SearchScopes\{D8729027-BD75-4933-81FF-976D63253814}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 21:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/05/12 20:35:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/09 21:20:40 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/04/14 11:22:36 | 000,432,326 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14883 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [KiesTrayAgent] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237655446953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264355223062 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{054A0B20-045F-4090-BC5F-6F321512DF25}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/13 15:36:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7399e5bc-3b32-11de-a5a6-001fc63fdace}\Shell - "" = AutoRun
O33 - MountPoints2\{7399e5bc-3b32-11de-a5a6-001fc63fdace}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7399e5bc-3b32-11de-a5a6-001fc63fdace}\Shell\AutoRun\command - "" = E:\TotalLock.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 02:15:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
[2012/04/19 01:20:21 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sean\Desktop\aswMBR.exe
[2012/04/18 21:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\My Documents\Backup
[2012/04/11 08:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Local Settings\Application Data\WinZip
[2012/04/11 08:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/04/11 08:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/04/11 08:22:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/11 08:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 02:23:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{956D5B1F-632D-4E74-8270-1E38E7DBF93B}.job
[2012/04/19 02:19:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/04/19 02:15:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
[2012/04/19 02:13:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\MBR.dat
[2012/04/19 01:55:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1469264624-725886605-1024363004-1004UA.job
[2012/04/19 01:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/19 01:20:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sean\Desktop\aswMBR.exe
[2012/04/18 22:53:29 | 000,138,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/04/18 22:53:23 | 000,270,856 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012/04/18 22:14:49 | 003,514,358 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\WVCheck.exe
[2012/04/18 22:03:49 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\CKScanner.exe
[2012/04/18 21:57:32 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\Google Chrome.lnk
[2012/04/18 21:57:32 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/18 21:48:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/18 21:47:46 | 000,012,640 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/18 21:45:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/18 21:44:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/18 18:22:02 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx
[2012/04/18 18:22:02 | 000,054,160 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx
[2012/04/18 18:22:02 | 000,054,160 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx
[2012/04/18 18:22:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/04/18 18:22:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/04/18 17:00:49 | 070,029,037 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/04/15 15:10:45 | 000,053,394 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\compactlaw-will-single-woman-with-children.rtf
[2012/04/15 14:11:29 | 000,270,856 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012/04/15 10:55:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1469264624-725886605-1024363004-1004Core.job
[2012/04/08 21:28:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/03/31 21:09:01 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\Shortcut to skse_loader.lnk
[2012/03/27 15:36:53 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/25 12:50:36 | 000,484,871 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\lasting-power-of-attorney-health-and-welfare-the-instrument.pdf
[2012/03/25 10:36:04 | 000,514,146 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/25 10:36:04 | 000,092,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/19 02:13:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\MBR.dat
[2012/04/18 22:14:46 | 003,514,358 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\WVCheck.exe
[2012/04/18 22:03:47 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\CKScanner.exe
[2012/03/31 21:09:01 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\Shortcut to skse_loader.lnk
[2012/03/25 12:50:36 | 000,484,871 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\lasting-power-of-attorney-health-and-welfare-the-instrument.pdf
[2012/03/25 12:15:15 | 000,053,394 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\compactlaw-will-single-woman-with-children.rtf
[2012/03/04 12:16:28 | 000,292,780 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/03/04 12:16:28 | 000,292,780 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/03/04 12:16:28 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/03/04 12:16:14 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/02/19 16:03:55 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2012/01/03 23:24:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2011/12/18 20:53:11 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/10/04 19:38:04 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/08/29 23:08:05 | 000,267,686 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1469264624-725886605-1024363004-1004-0.dat
[2011/08/29 23:08:04 | 000,267,686 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/14 03:21:36 | 000,161,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/13 14:54:08 | 001,257,984 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836.Dll
[2011/08/13 14:54:08 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_0C.dll
[2011/08/13 14:54:08 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_10.dll
[2011/08/13 14:54:08 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_0A.dll
[2011/08/13 14:54:08 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_07.dll
[2011/08/13 14:54:08 | 000,007,168 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_19.dll
[2011/08/13 14:54:08 | 000,007,168 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_09.dll
[2011/08/13 14:54:08 | 000,007,168 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_05.dll
[2011/08/13 14:54:08 | 000,006,656 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_0402.dll
[2011/08/13 14:54:08 | 000,005,120 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_11.dll
[2011/08/13 14:54:08 | 000,004,608 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_12.dll
[2011/06/10 07:54:20 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/01/03 18:44:44 | 002,601,752 | R--- | C] () -- C:\WINDOWS\System32\pbsvc_moh.exe
[2010/09/12 08:43:08 | 000,000,154 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/11 19:19:55 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll

========== LOP Check ==========

[2011/05/17 19:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/11/12 11:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2009/11/12 20:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/01/02 13:03:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2008/02/19 21:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2007/12/22 20:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/06/15 15:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/06/03 22:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/02/19 20:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/11/12 16:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/11 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/09/21 19:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/03/06 21:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2010/10/28 07:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2008/11/20 16:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/09/12 17:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/28 16:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/01/03 20:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2012/04/11 08:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/25 12:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/11 22:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/04 15:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/14 22:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\alot
[2009/05/11 14:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\AVGTOOLBAR
[2011/10/23 11:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Azureus
[2010/07/04 09:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Canon
[2011/06/10 19:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\CheckPoint
[2010/09/16 23:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\click
[2012/03/18 21:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Digidesign
[2010/06/03 20:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\FreshDiagnose
[2009/11/08 13:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\FTW
[2009/04/10 19:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\GetRightToGo
[2008/09/15 07:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\gslist
[2011/08/24 21:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\gtk-2.0
[2009/04/25 19:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\IcoFX
[2008/06/01 21:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\n-Track Studio5
[2008/06/22 21:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\NCH Swift Sound
[2007/12/30 10:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\OfficeUpdate12
[2012/02/19 20:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\PACE Anti-Piracy
[2010/04/11 13:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\PC Suite
[2009/01/15 21:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Red Kawa
[2009/12/14 01:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\RipIt4Me
[2008/09/21 19:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\RTPlayer
[2010/10/28 07:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Samsung
[2008/06/27 01:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Seven Zip
[2009/12/12 23:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Skinux
[2010/01/31 19:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Sony
[2010/01/31 19:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Sony Setup
[2012/02/19 16:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Structure
[2010/06/20 09:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\TS3Client
[2011/08/29 17:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Tunebite
[2011/05/01 14:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\wargaming.net
[2012/04/08 21:28:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/04/18 21:48:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/04/19 02:19:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/04/19 02:23:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{956D5B1F-632D-4E74-8270-1E38E7DBF93B}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1308 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:VSkPvgfhS5Habqp0zqGTfkenKq
@Alternate Data Stream - 1298 bytes -> C:\Documents and Settings\Sean\Cookies:CK73rIb2YigdJFrEtYhU3N
@Alternate Data Stream - 1293 bytes -> C:\Documents and Settings\Sean\Local Settings\Application Data\gEMW7K4A9CdyeS:gQ2v1btjMy9MtLoPspDufb9NkzXF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
@Alternate Data Stream - 1226 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ymytUVmvujn6iBHTn4odk3g3hsph
@Alternate Data Stream - 1219 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:1Z3pzdSeZ0BuohpD7LstCeY7
@Alternate Data Stream - 1199 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:WvPV0ZlODarrsKQebwzG
@Alternate Data Stream - 1090 bytes -> C:\Program Files\Common Files\System:x0HERAUURvCh7uXzUufVm0vRpy
@Alternate Data Stream - 1074 bytes -> C:\Documents and Settings\Sean\Local Settings\Application Data\LqejGV3qr:JUTtleZOQG35mI2Orh

< End of report >
Canyoufixitdad
2012-04-19, 04:47
OTL Extras logfile created on: 19/04/2012 02:18:56 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Sean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.58% Memory free
3.95 Gb Paging File | 3.04 Gb Available in Paging File | 77.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 10.63 Gb Free Space | 2.85% Space Free | Partition Type: NTFS

Computer Name: STUDY | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe" = C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne -- (Electronic Arts Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe" = C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising -- (Codemasters Software Company Limited)
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_Launcher.exe" = C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_Launcher.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)
"C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_DX11.exe" = C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_DX11.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)
"C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP.exe" = C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Disabled:Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\common\call of duty black ops\BlackOps.exe" = C:\Program Files\Steam\SteamApps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops -- ()
"C:\Program Files\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe" = C:\Program Files\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\SteamApps\common\sniper ghost warrior\Sniper_x86.exe" = C:\Program Files\Steam\SteamApps\common\sniper ghost warrior\Sniper_x86.exe:*:Enabled:Sniper: Ghost Warrior -- (City Interactive)
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe:*:Enabled:Call of Duty: Modern Warfare 3 -- ()
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe:*:Enabled:Call of Duty: Modern Warfare 3 - Multiplayer -- ()
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp_server.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp_server.exe:*:Enabled:Call of Duty: Modern Warfare 3 - Dedicated Server -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Steam\SteamApps\common\skyrim\CreationKit.exe" = C:\Program Files\Steam\SteamApps\common\skyrim\CreationKit.exe:*:Enabled:Creation Kit -- (Bethesda Softworks)
"C:\Program Files\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe" = C:\Program Files\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe:*:Enabled:The Elder Scrolls V: Skyrim -- (Bethesda Softworks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{07D4A7C5-C55C-45B5-9E86-D8068D25EF40}" = Fast Track
"{09D28918-5CD7-4673-9DA9-B4B0425F606F}" = Microsoft Combat Flight Simulator 3 Mission Builder
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1912F2DA-2884-45D8-AF5E-C86DAB18F834}" = Smart Technology Programming Software 7.0.1.12
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{24E85B9C-6E60-4723-89CC-71B66881A020}" = BF2 Editor
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{6AA4C799-BF98-4573-9C83-0C8E4EA46D14}" = Manual CanoScan LiDE 35
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9B1473-A3BF-763F-BB5C-06B2E2216216}" = Connect Service
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A59E259E-5F1A-4F8F-A3DA-356137BE37F6}" = AncestryView V2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3FB6B55-C271-44FC-BA03-BBD8B2EA6EEF}" = Memory-Map OS Edition Version 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13B9ACB-201F-4DED-86FD-F6CF2844C1A9}" = Family Tree Maker 2005
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{C7B39B40-52C3-11D4-AFCE-00E0B8138A4A}" = Fujitsu FDX310 Modem
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
"{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E75E905C-6624-4180-8C96-EE0211E3C078}" = Skyrim NPC Editor
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F863B682-5148-4738-B025-455AF892D723}" = Tunebite
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE8CD9C9-7650-4B8D-928A-85D6CAB6CA59}" = Digidesign Pro Tools M-Powered Essential 8.0.2
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AH Spitfire for CFS3" = AH Spitfire for CFS3
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Console
"AVG8Uninstall" = AVG Free 8.5
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"Belarc Advisor" = Belarc Advisor 8.1
"camcodec" = CamStudio Lossless Codec
"CCleaner" = CCleaner
"CFS3 NEK ~ Voice Packs" = CFS3 NEK ~ Voice Packs
"Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.1
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DoremiSoft FLV to MP4 Converter" = DoremiSoft FLV to MP4 Converter 1.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDx_is1" = DVDx
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR300 Reference Guide" = ESPR300 Reference Guide
"ESPR300 Software Guide" = ESPR300 Software Guide
"ESPR300 Standalone Guide" = ESPR300 Standalone Guide
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 4.0 by MixMeister
"FirePower for Microsoft Combat Flight Simulator 3" = FirePower for Microsoft Combat Flight Simulator 3
"Fraps" = Fraps (remove only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Freemake Video Converter_is1" = Freemake Video Converter version 2.1.5
"GroundCrew FW 200 Condor for CFS3" = GroundCrew FW 200 Condor for CFS3
"GroundCrew He111 shared Textures and Weapons" = GroundCrew He111 shared Textures and Weapons
"IcoFX_is1" = IcoFX 1.6.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"JoneSoft MD5Mate_is1" = JoneSoft MD5Mate v1.2.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Matrox VFW Software Codecs" = Matrox VFW Software Codecs, build 28
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ogg Codecs" = Ogg Codecs 0.80.15039
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"Red Eye Remover Pro_is1" = Red Eye Remover Pro 1.2
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"Spotify" = Spotify
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10680" = Aliens vs Predator
"Steam App 202480" = Creation Kit
"Steam App 34830" = Sniper: Ghost Warrior
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"STLFR_eng_is1" = 'Steel Fury - Kharkov 1942'
"SWAT3" = SWAT3
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamSpeakOverlay" = TeamSpeak Overlay BETA 2 (#63)
"TMM60" = TeLL me More
"Tweak UI 2.10" = Tweak UI
"Videora iPod touch Converter" = Videora iPod touch Converter 4.04
"VLC media player" = VLC media player 1.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WhoCrashed_is1" = WhoCrashed 3.02
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"World at War" = World at War Minimod
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoneAlarm_Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Battle of Britain for CFS3" = Battle of Britain for CFS3
"Google Chrome" = Google Chrome
"Heinkel He111 Standalone Repaints" = Heinkel He111 Standalone Repaints

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/04/2012 16:48:53 | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 18/04/2012 16:48:53 | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 18/04/2012 16:48:53 | Computer Name = STUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 18/04/2012 17:02:13 | Computer Name = STUDY | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {FB164C52-6616-4D53-BDEA-07336DFAF8ED} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 18/04/2012 17:02:13 | Computer Name = STUDY | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80080005: InitEventCollector fail

Error - 18/04/2012 17:02:13 | Computer Name = STUDY | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error - 18/04/2012 17:02:14 | Computer Name = STUDY | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {C5EE4675-4B8D-4044-822B-CBB9AB26FE0C} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 18/04/2012 17:02:19 | Computer Name = STUDY | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {2761215F-E0CA-43B3-95DA-5616F6BC720B} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 18/04/2012 17:03:21 | Computer Name = STUDY | Source = NTBackup | ID = 8001
Description = End Backup of 'C:' 'Warnings or errors were encountered.' Verify:
Off Mode: Append Type: Normal Consult the backup report for more details.

Error - 18/04/2012 17:03:21 | Computer Name = STUDY | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

[ System Events ]
Error - 18/04/2012 11:19:11 | Computer Name = STUDY | Source = Service Control Manager | ID = 7000
Description = The Fujitsu USB ADSL Loader service failed to start due to the following
error: %%1058

Error - 18/04/2012 11:19:11 | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 18/04/2012 11:44:48 | Computer Name = STUDY | Source = Service Control Manager | ID = 7000
Description = The Fujitsu USB ADSL Loader service failed to start due to the following
error: %%1058

Error - 18/04/2012 11:44:48 | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 18/04/2012 16:47:36 | Computer Name = STUDY | Source = Service Control Manager | ID = 7000
Description = The Fujitsu USB ADSL Loader service failed to start due to the following
error: %%1058

Error - 18/04/2012 16:47:36 | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 18/04/2012 17:02:13 | Computer Name = STUDY | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 18/04/2012 17:02:13 | Computer Name = STUDY | Source = Service Control Manager | ID = 7034
Description = The MS Software Shadow Copy Provider service terminated unexpectedly.
It has done this 1 time(s).

Error - 18/04/2012 17:02:14 | Computer Name = STUDY | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 2 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 18/04/2012 17:02:19 | Computer Name = STUDY | Source = Service Control Manager | ID = 7034
Description = The COM+ System Application service terminated unexpectedly. It has
done this 3 time(s).


< End of report >
diver79
2012-04-19, 10:09
Hi Canyoufixitdad,

I'm afraid I have some bad news for you...

Rootkit

Your computer has a dangerous Rootkit infection. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia (http://en.wikipedia.org/wiki/Rootkit)
How do I respond to a possible identity theft and how do I prevent it (http://www.dslreports.com/faq/10451)
When should do a reformat and reinstallation of my OS (http://www.dslreports.com/faq/10063)
How to backup your files in Windows XP (http://support.microsoft.com/kb/308422)

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.
Canyoufixitdad
2012-04-19, 12:27
Oh crap....maybe I shouldn't be reading this at work when there's nothing I can do except panic till I get home. At least I can use my iPod on wifi and change a few things. My computer, the one I'm posting these logs from, is the main home hub one and is connected to the Internet. My son accesses the Internet via his laptop from his bedroom over wifi. Is it possible that his is infected too ? We have a shared file folder which he uses for his homework (when he remembers!!) but that's all we share.

So if I understand you correctly even if you're successful at getting rid of the root kit there's no guarantee my computer will be safe ever again ? Is there another option instead of replacing hardware instead/as well ? (please excuse my ignorance)

One good thing, they won't get much out of my credit card.... the wife's taken care of that.... lol :red:
diver79
2012-04-19, 15:58
Hi Canyoufixitdad,

No need to panic, the warnings I have given you are a precautionary measure. Having this infection means that it is possible for a remote user to ascertain sensitive information from the computer. It does not mean it has already happened, though that is how you should treat it.


So if I understand you correctly even if you're successful at getting rid of the root kit there's no guarantee my computer will be safe ever again ?Yes.


Is there another option instead of replacing hardware instead/as well ? (please excuse my ignorance)There is no need to replace Hardware to fix this problem. Reinstalling the Operating System will remove the rootkit completely as it will format the drive during the process, removing any shred of the infection as it does.


One good thing, they won't get much out of my credit card.... the wife's taken care of that.... lol :red:Good one! :bigthumb:

Let me know how you would like to proceed.

diver79.
Canyoufixitdad
2012-04-21, 00:38
Hi Diver79,

Sorry I haven't got back to you earlier as I've been away (work stuff). I have a couple of questions, may I 'pm' you ?
diver79
2012-04-21, 00:44
No problem, you can post your questions here. It is against forum policy to provide support via PM.

diver79.
Canyoufixitdad
2012-04-21, 01:53
Okay. I would like to reformat my pc and I haven't got a clue how to do it so i wouLd like to take you uP on your offer, however, as you know doubt saw with the name of two files I have a matter which takes presendence. My mother has just been been diagnosed with cancer and lets just say that time is not on her side. I'm acutely aware that your time with each case needs to be wrapped up as quickly as possible so you can move to the next one. I have on my computer a lot of information I need to save before I wipe it. I have a donor computer which has plenty of room to save my files however that needs to be re-formatted too before I can format my one. Given my impending other predicament I might have to stop half way through. Would I have to reapply for help again or can this ticket stay open for a period of time ?

I don't have a win xp disc as both computers were bought pre-loaded. Is this a problem and how would you go a out it? Would you log on remotely?
diver79
2012-04-21, 12:55
Hi Canyoufixitdad,

I understand that you need all the time you have to be there for your family. I will try to accommodate you as best I can.

In order to re-install Windows on this machine you will need an XP Professional CD along with the XP Professional Product key. Manufacturers will usually provide a recovery CD or a recovery partition. I can see no signs of a recovery partition on this machine, so without the CD it does not look like you will be able to re-install.

You can usually order one from the manufacturer's website though.

If you choose to do this we can close this topic and start a new topic when you require our help again. Just reference this topic when you start a new one.

Alternatively we can attempt to clean the machine, but you know the risks involved with this.

Kind Regards,

Diver79.
diver79
2012-04-26, 23:01
Hi Canyoufixitdad,

Have you decided what you would like to do?

If you still require assistance I can keep this post open. Otherwise I will need to close the topic.

diver79.
Jack&Jill
2012-04-30, 20:02
Due to lack of response, this topic is now closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log. (http://forums.spybot.info/showpost.php?p=1150&postcount=2)

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.