Results 1 to 10 of 17

Thread: Possible Infection

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Member
    Join Date
    Nov 2006
    Posts
    40

    Default Possible Infection

    Good morning,
    I was browsing the internet at the weekend and I had an AVG pop up alert informing me of a possible attack. It said the threat had been caught and not to worry but I checked it anyway on the AVG website and it was some sort of black hole alert (I'm sorry I can't remember exactly what the name of it was but it was at the top of the list of recent virus attacks). Since then my computer takes on average betweeen 8 and 10 minutes to load up, some start up programs don't start (zonealarm in particular). Yesterday I did a virus scan and it came up empty but after I did a restart my computer would not load at all, just stayed at the welcome screen. I could, however, start it in safe mode so I did that and rolled back to a last known good start up. Here are the contents of my DDS reports (excuse my rambling ).....


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by **** at 8:23:37.09 on 11/04/2012
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1297 [GMT 1:00]

    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Free Firewall *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\dgdersvc.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\S***\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program

    files\zonealarm_security\prxtbZon0.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

    files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

    files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program

    files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

    shared\windows live\WindowsLiveLogin.dll
    BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

    files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program

    files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    uRun: [KiesTrayAgent]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
    uRun: [Google Update] "c:\documents and settings\s***\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
    mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\s***\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft

    activesync\INETREPL.DLL
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft

    activesync\INETREPL.DLL
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

    c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

    hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.de/common/asusTek_sys_ctrl.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

    hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} -

    hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -

    hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

    hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237655446953
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

    hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264355223062
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    mASetup: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - c:\program files\pixiepack codec pack\InstallerHelper.exe
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-10 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-10 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-10 108552]
    R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-10 297752]
    R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-2-4 95568]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe

    [2012-3-4 2348352]
    R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program

    files\checkpoint\zonealarm\vsmon.exe -service [?]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-2-4 18120]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-3-2 123712]
    R3 SaiKA50A;SaiKA50A;c:\windows\system32\drivers\SaiKA50A.sys [2009-9-14 120840]
    R3 SaiUA50A;SaiUA50A;c:\windows\system32\drivers\SaiUA50A.sys [2009-9-14 35336]
    R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
    R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
    S1 ctgojdaq;ctgojdaq;\??\c:\windows\system32\drivers\ctgojdaq.sys --> c:\windows\system32\drivers\ctgojdaq.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

    v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gafwload;Fujitsu USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [2007-12-29 26987]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-11 136176]
    S3 ALSysIO;ALSysIO;\??\c:\docume~1\s***\locals~1\temp\alsysio.sys --> c:\docume~1\s***\locals~1\temp\ALSysIO.sys [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-14 1691480]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-10-28 30240]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-1-11 16512]
    S3 DrmCDriverV32;DrmCDriverV32;c:\windows\system32\drivers\DrmCDriverV32.sys [2008-2-21 513152]
    S3 DrmCVideo32;DrmCVideo32;c:\windows\system32\drivers\DrmCVideo32.sys [2008-2-21 3768]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-11 36640]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-11 136176]
    S3 MAUSBFT;Service for M-Audio Fast Track;c:\windows\system32\drivers\mausbft.sys [2012-2-19 156552]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-1-31 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-1-31 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-1-31 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys

    [2010-1-31 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-1-31

    26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-1-31 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-1-31

    109864]
    S3 SaiK0836;SaiK0836;c:\windows\system32\drivers\SaiK0836.sys [2011-8-13 139272]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-10-28 96416]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-10-28 12704]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-10-28 121504]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

    4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-4-11 217088]
    S4 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\samsung\kies\wiselinkpro\WiselinkPro.exe [2010-1-18 9201664]

    =============== Created Last 30 ================

    2012-04-11 06:46:08 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-04-11 06:46:08 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-04-03 06:08:02 56200 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition

    updates\{52c6d757-7d31-4df2-add6-11aead247a2a}\offreg.dll
    2012-03-17 21:31:55 -------- d-----w- c:\docume~1\s***\locals~1\applic~1\Skyrim NPC Editor
    2012-03-17 15:16:48 -------- d-----w- c:\program files\Skyrim NPC Editor
    2012-03-17 15:16:30 -------- d-----w- c:\program files\Microsoft XNA

    ==================== Find3M ====================

    2012-03-27 14:36:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-04 17:43:12 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2012-03-04 17:43:12 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
    2012-03-04 11:51:37 292780 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2012-03-04 11:51:37 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2012-03-04 11:51:29 292780 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2012-03-03 18:46:23 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2012-02-10 04:10:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
    2012-02-10 04:10:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
    2012-02-10 04:10:00 5918720 ----a-w- c:\windows\system32\nvcuda.dll
    2012-02-10 04:10:00 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
    2012-02-10 04:10:00 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-02-10 04:10:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-02-10 04:10:00 2292224 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-10 04:10:00 18620416 ----a-w- c:\windows\system32\nvoglnt.dll
    2012-02-10 04:10:00 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-02-10 04:10:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-02-10 03:04:29 54272 ----a-w- c:\windows\system32\nvwddi.dll
    2012-02-10 03:04:21 164160 ----a-w- c:\windows\system32\nvsvc32.exe
    2012-02-10 03:04:21 143680 ----a-w- c:\windows\system32\nvcolor.exe
    2012-02-10 03:04:20 15494464 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-10 03:04:19 108352 ----a-w- c:\windows\system32\nvmctray.dll
    2012-01-27 00:31:12 4608 ----a-w- c:\windows\system32\w95inf32.dll
    2012-01-27 00:31:12 2272 ----a-w- c:\windows\system32\w95inf16.dll
    2012-01-17 12:46:00 27968 ----a-w- c:\windows\system32\nvhdap32.dll
    2012-01-17 12:45:54 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

    ============= FINISH: 8:27:04.03 ===============


    Thanks for any help

    Kind regards,

  2. #2
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    Hi and welcome to Safer-Networking, sorry for any delay in answering your request for help.
    My name is Diver79, and I will be helping you with your malware problems.

    Before we start please note the following important guidelines.
    • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
    • Please DO NOT run any other software or scans whilst I am helping you.


    Note: If you haven't done so already, please ensure you have read the following article. "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.
    Quote Originally Posted by diver79
    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    Because of this, I advise you to backup any personal files and folders before you start.
    How do I backup my files and folders in XP?

    Looking into your logs now. Will post instructions soon...

    diver79.
    Proud Graduate of the MalWare Removal University

  3. #3
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    Hi Canyoufixitdad,

    Please run the scans below and get back to me with the logs.

    Run CKScanner
    • Please download CKScanner from Here
    • Important: - Save it to your desktop.
    • Double-click CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify the file saved. Please Run the program only once.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


    Scan with WVCheck:
    Please download WVCheck and save it to the desktop.
    • Double click on WVCheck.exe and follow the prompts.
    • The scan may take some time depending on the Hard-Drive size.
    • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.
    Proud Graduate of the MalWare Removal University

  4. #4
    Member
    Join Date
    Nov 2006
    Posts
    40

    Default

    Hi Diver79,

    Thanks for the reply and no worries about the wait. Only too glad you can help me.

    The results are...

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    CKScanner

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\ryan\my documents\my music\itunes\itunes media\music\compilations\ukf dubstep 2010\02 cracks (flux pavilion remix) [fea.m4a
    c:\documents and settings\ryan\my documents\my music\itunes\itunes media\music\eminem\relapse_ refill\1-18 crack a bottle (feat. dr. dre &.m4a
    c:\documents and settings\ryan\my documents\my music\this is dubstep vol. 3 1\1-04 cracks (flux pavilion remix).m4a
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrack.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatest.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcracklightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrack.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncracklightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrack.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatest.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcracklightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrack.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrack.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcracklightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrack.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
    c:\documents and settings\sean\my documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrack.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatest.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcracklightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrack.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncracklightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackndetailncrackshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetailcrackshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrack.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatest.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcracklightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrack.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_2\rashaderstmbasedetaildirtcrackshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrack.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcracklightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetailcrackshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrack.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
    c:\documents and settings\sean\my documents\forgottenhp 2\mods\bf2\cache\{d7b71e3e-4d63-11cf-9f46-6a3300c2cb35}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
    c:\documents and settings\sean\my documents\my music\poison\crack a smile and more\thumbs.db
    c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack 2.tfx
    c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack.tfx
    c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
    c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack.tfx
    c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
    c:\program files\red storm entertainment\ghost recon\mods\mp1\map\d01_beach\m01_cracked_wood.rsb
    c:\program files\red storm entertainment\ghost recon\mods\mp1\map\dp05_ravine\pmp08_cracked_wood.rsb
    c:\program files\red storm entertainment\ghost recon\mods\origmiss\map\mp05_docks\mp05_cracks.rsb
    c:\program files\red storm entertainment\ghost recon\mods\origmiss\map\training\tr_flr_con_ext_crackdirt.rsb
    c:\program files\red storm entertainment\ghost recon\mods\origmiss\map\training\tr_flr_con_ext_cracks.rsb
    c:\program files\red storm entertainment\ghost recon\mods\origmiss\textures\cracked_glass.rsb
    c:\program files\steam\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
    c:\program files\steam\steamapps\common\call of duty black ops\zone\english\en_mp_cracked.ff
    scanner sequence 3.ZZ.11.TTAPIE
    ----- EOF -----

    ~~~~~~~~~~~~~~~~~~~~~~

    WVCheck

    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 2215_18-04-2012
    -----------------------

    Windows Information
    -----------------------
    Windows Version: Windows XP Service Pack 3
    Windows Mode: Normal
    Systemroot Path: C:\WINDOWS

    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Do not download or install updates automatically.
    -----------------------
    Last Success Time for Update Detection: 2009-06-24 06:38:00
    Last Success Time for Update Download: 2009-06-24 06:38:37
    Last Success Time for Update Installation: 2009-06-23 05:29:58


    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------


    WVCheck's File Dump
    -----------------------
    WVCheck found no known bad files.


    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.


    WVCheck's Missing File Check
    -----------------------
    WVCheck found no missing Windows files.


    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.


    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - b26b135ff1b9f60c9388b4a7d16f600b


    -------- End of File, program close at 2223_18-04-2012 --------

    ~~~~~~~~~~~~~~~~~~~~~

    Kind regards,

  5. #5
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    Hi Canyoufixitdad

    Remove P2P Programs
    • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
      µTorrent
    • Please read the File Sharing, otherwise known as Peer To Peer. (P2P) where we explain why it's not a good idea to have them.
    • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    • Click on start
    • Then Run
    • In the open text entry box please copy/paste appwiz.cpl Then click enter.
    • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
    • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


    aswMBR Scan
    Please download aswMBR and save it to your Desktop.
    • Right click aswMBR.exe & choose "Run as Administrator" to run it.
    • Click Yes to the prompt to download Avast! virus definitions.
      (Please be patient whilst the virus definitions download)
    • With the AVscan set to Quick Scan, click the Scan button.
      (Please be patient whilst your computer is scanned.)
    • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
    • Click OK > Exit.
    • Note: Do not attempt to fix anything at this stage!
    • Two files will be created, aswMBR.txt & a file named MBR.dat.
    • MBR.dat is a backup of the MBR(master boot record), do not delete it..
    • I strongly suggest you keep a copy of this backup stored on an external device.
    • Copy & Paste the contents of aswMBR.txt into your next reply.



    OTL Scan
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    Proud Graduate of the MalWare Removal University

  6. #6
    Member
    Join Date
    Nov 2006
    Posts
    40

    Default

    Hi Diver79,

    While aswMBR was running AVG flashed up a virus upon opening threat. It was C:\doc and settings\local settings\temp\petxt.dll and it asked me to move it to the virus vault which i duly did. Also, reading the text document I've noticed that my hard drive is virtually full !! I don't think I've got that much info stored on my computer.

    Here are the results of the scans

    ~~~~~~~~~~~~~~

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-19 01:20:49
    -----------------------------
    01:20:49.500 OS Version: Windows 5.1.2600 Service Pack 3
    01:20:49.500 Number of processors: 2 586 0xF0B
    01:20:49.500 ComputerName: STUDY UserName: Sean
    01:20:51.859 Initialize success
    01:23:53.953 AVAST engine defs: 12041802
    01:24:22.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007c
    01:24:22.687 Disk 0 Vendor: SAMSUNG_HD401LJ ZZ100-15 Size: 381554MB BusType: 3
    01:24:22.687 Disk 0 MBR read successfully
    01:24:22.687 Disk 0 MBR scan
    01:24:22.734 Disk 0 Windows XP default MBR code
    01:24:22.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 381543 MB offset 63
    01:24:22.734 Disk 0 scanning sectors +781401600
    01:24:22.765 Disk 0 scanning C:\WINDOWS\system32\drivers
    01:24:36.828 Service scanning
    01:24:54.375 Modules scanning
    01:24:59.359 Disk 0 trace - called modules:
    01:24:59.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0xfea12998]<<
    01:24:59.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8472a030]
    01:24:59.359 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\0000007d[0x84753ac0]
    01:24:59.359 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\0000007c[0x846b6030]
    01:25:00.140 AVAST engine scan C:\WINDOWS
    01:25:18.250 AVAST engine scan C:\WINDOWS\system32
    01:28:38.953 AVAST engine scan C:\WINDOWS\system32\drivers
    01:29:01.375 AVAST engine scan C:\Documents and Settings\Sean
    01:47:57.734 File: C:\Documents and Settings\Sean\Local Settings\Temp\msimg32.dll **INFECTED** Win32:Sirefef-TB [Trj]
    01:48:03.906 File: C:\Documents and Settings\Sean\Local Settings\Temp\nocewamsxr.tmp **INFECTED** Win32:MalOb-KG [Cryp]
    01:48:23.109 File: C:\Documents and Settings\Sean\Local Settings\Temp\wsoaenxmrc.tmp **INFECTED** MSIL:Adware-A [Adw]
    02:10:05.828 AVAST engine scan C:\Documents and Settings\All Users
    02:11:49.093 Scan finished successfully
    02:13:36.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sean\Desktop\MBR.dat"
    02:13:36.468 The log file has been saved successfully to "C:\Documents and Settings\Sean\Desktop\aswMBR.txt"

  7. #7
    Member
    Join Date
    Nov 2006
    Posts
    40

    Default

    OTL logfile created on: 19/04/2012 02:18:56 - Run 1
    OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Sean\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.58% Memory free
    3.95 Gb Paging File | 3.04 Gb Available in Paging File | 77.03% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 372.60 Gb Total Space | 10.63 Gb Free Space | 2.85% Space Free | Partition Type: NTFS

    Computer Name: STUDY | User Name: Sean | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Sean\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
    PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)
    PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
    SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
    SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (dgdersvc) -- C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)
    SRV - (KiesAllShare) -- C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe ()
    SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
    SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
    SRV - (digiSPTIService) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (Avid Technology, Inc.)
    SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (xpsec) -- C:\WINDOWS\system32\drivers\xpsec.sys File not found
    DRV - (xcpip) -- C:\WINDOWS\system32\drivers\xcpip.sys File not found
    DRV - (WDICA) -- File not found
    DRV - (srescan) -- system32\ZoneLabs\srescan.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (ntcdrdrv) -- system32\DRIVERS\ntcdrdrv.sys File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
    DRV - (i2omgmt) -- File not found
    DRV - (FreshIO) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys File not found
    DRV - (ctgojdaq) -- C:\WINDOWS\system32\drivers\ctgojdaq.sys File not found
    DRV - (Changer) -- File not found
    DRV - (aswMBR) -- C:\DOCUME~1\Sean\LOCALS~1\Temp\aswMBR.sys File not found
    DRV - (ALSysIO) -- C:\DOCUME~1\Sean\LOCALS~1\Temp\ALSysIO.sys File not found
    DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
    DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
    DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
    DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
    DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
    DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek)
    DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek)
    DRV - (SaiK0836) -- C:\WINDOWS\system32\drivers\SaiK0836.sys (Saitek)
    DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
    DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
    DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)
    DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
    DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
    DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
    DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
    DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
    DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
    DRV - (SaiKA50A) -- C:\WINDOWS\system32\drivers\SaiKA50A.sys (Saitek)
    DRV - (SaiUA50A) -- C:\WINDOWS\system32\drivers\SaiUA50A.sys (Saitek)
    DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
    DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
    DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (s1018mdm) -- C:\WINDOWS\system32\drivers\s1018mdm.sys (MCCI Corporation)
    DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\WINDOWS\system32\drivers\s1018unic.sys (MCCI Corporation)
    DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s1018mgmt.sys (MCCI Corporation)
    DRV - (s1018obex) -- C:\WINDOWS\system32\drivers\s1018obex.sys (MCCI Corporation)
    DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\WINDOWS\system32\drivers\s1018bus.sys (MCCI Corporation)
    DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\system32\drivers\s1018nd5.sys (MCCI Corporation)
    DRV - (s1018mdfl) -- C:\WINDOWS\system32\drivers\s1018mdfl.sys (MCCI Corporation)
    DRV - (MAUSBFT) -- C:\WINDOWS\system32\drivers\mausbft.sys (Avid Technology, Inc.)
    DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
    DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
    DRV - (DrmCVideo32) -- C:\WINDOWS\system32\drivers\DrmCVideo32.sys (Windows (R) 2000 DDK provider)
    DRV - (DrmCDriverV32) -- C:\WINDOWS\system32\drivers\DrmCDriverV32.sys (Windows (R) 2000/XP)
    DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
    DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
    DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
    DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
    DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
    DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
    DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
    DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
    DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
    DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
    DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
    DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
    DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
    DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
    DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
    DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
    DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
    DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
    DRV - (nvatabus) -- C:\WINDOWS\System32\drivers\nvatabus.sys (NVIDIA Corporation)
    DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)
    DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
    DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron )
    DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
    DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
    DRV - (gafwload) -- C:\WINDOWS\system32\drivers\gafwload.sys (GlobeSpan Inc.)
    DRV - (wanusb) -- C:\WINDOWS\system32\drivers\gwausb.sys (GlobeSpan Inc.)
    DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\SearchScopes,DefaultScope = {D8729027-BD75-4933-81FF-976D63253814}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{7000329A-65B4-46AF-9B4A-1D4386A93DDB}: "URL" = http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_uk&p={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
    IE - HKCU\..\SearchScopes\{BD129D3C-E73E-4441-BBD2-23E5028866B9}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    IE - HKCU\..\SearchScopes\{D8729027-BD75-4933-81FF-976D63253814}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 21:28:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/05/12 20:35:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/09 21:20:40 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
    CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/04/14 11:22:36 | 000,432,326 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 14883 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
    O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
    O4 - HKCU..\Run: [KiesTrayAgent] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/Driver...sysreqlab3.cab (System Requirements Lab Class)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca...2.3.10.115.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1237655446953 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1264355223062 (MUWebControl Class)
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/Driver...aSmartScan.cab (NVIDIA Smart Scan)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeup...tent/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{054A0B20-045F-4090-BC5F-6F321512DF25}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/12/13 15:36:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{7399e5bc-3b32-11de-a5a6-001fc63fdace}\Shell - "" = AutoRun
    O33 - MountPoints2\{7399e5bc-3b32-11de-a5a6-001fc63fdace}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7399e5bc-3b32-11de-a5a6-001fc63fdace}\Shell\AutoRun\command - "" = E:\TotalLock.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/19 02:15:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
    [2012/04/19 01:20:21 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sean\Desktop\aswMBR.exe
    [2012/04/18 21:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\My Documents\Backup
    [2012/04/11 08:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Local Settings\Application Data\WinZip
    [2012/04/11 08:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2012/04/11 08:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2012/04/11 08:22:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/04/11 08:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/19 02:23:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{956D5B1F-632D-4E74-8270-1E38E7DBF93B}.job
    [2012/04/19 02:19:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2012/04/19 02:15:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
    [2012/04/19 02:13:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\MBR.dat
    [2012/04/19 01:55:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1469264624-725886605-1024363004-1004UA.job
    [2012/04/19 01:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/19 01:20:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sean\Desktop\aswMBR.exe
    [2012/04/18 22:53:29 | 000,138,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2012/04/18 22:53:23 | 000,270,856 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
    [2012/04/18 22:14:49 | 003,514,358 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\WVCheck.exe
    [2012/04/18 22:03:49 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\CKScanner.exe
    [2012/04/18 21:57:32 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\Google Chrome.lnk
    [2012/04/18 21:57:32 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/04/18 21:48:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2012/04/18 21:47:46 | 000,012,640 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/18 21:45:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/18 21:44:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/18 18:22:02 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx
    [2012/04/18 18:22:02 | 000,054,160 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx
    [2012/04/18 18:22:02 | 000,054,160 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx
    [2012/04/18 18:22:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2012/04/18 18:22:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2012/04/18 17:00:49 | 070,029,037 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2012/04/15 15:10:45 | 000,053,394 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\compactlaw-will-single-woman-with-children.rtf
    [2012/04/15 14:11:29 | 000,270,856 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
    [2012/04/15 10:55:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1469264624-725886605-1024363004-1004Core.job
    [2012/04/08 21:28:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2012/03/31 21:09:01 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\Shortcut to skse_loader.lnk
    [2012/03/27 15:36:53 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/03/25 12:50:36 | 000,484,871 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\lasting-power-of-attorney-health-and-welfare-the-instrument.pdf
    [2012/03/25 10:36:04 | 000,514,146 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/03/25 10:36:04 | 000,092,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/19 02:13:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\MBR.dat
    [2012/04/18 22:14:46 | 003,514,358 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\WVCheck.exe
    [2012/04/18 22:03:47 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\CKScanner.exe
    [2012/03/31 21:09:01 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\Shortcut to skse_loader.lnk
    [2012/03/25 12:50:36 | 000,484,871 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\lasting-power-of-attorney-health-and-welfare-the-instrument.pdf
    [2012/03/25 12:15:15 | 000,053,394 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\compactlaw-will-single-woman-with-children.rtf
    [2012/03/04 12:16:28 | 000,292,780 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/03/04 12:16:28 | 000,292,780 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/03/04 12:16:28 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/03/04 12:16:14 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2012/02/19 16:03:55 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
    [2012/01/03 23:24:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
    [2011/12/18 20:53:11 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2011/10/04 19:38:04 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    [2011/08/29 23:08:05 | 000,267,686 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1469264624-725886605-1024363004-1004-0.dat
    [2011/08/29 23:08:04 | 000,267,686 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/08/14 03:21:36 | 000,161,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/08/13 14:54:08 | 001,257,984 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836.Dll
    [2011/08/13 14:54:08 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_0C.dll
    [2011/08/13 14:54:08 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_10.dll
    [2011/08/13 14:54:08 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_0A.dll
    [2011/08/13 14:54:08 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_07.dll
    [2011/08/13 14:54:08 | 000,007,168 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_19.dll
    [2011/08/13 14:54:08 | 000,007,168 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_09.dll
    [2011/08/13 14:54:08 | 000,007,168 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_05.dll
    [2011/08/13 14:54:08 | 000,006,656 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_0402.dll
    [2011/08/13 14:54:08 | 000,005,120 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_11.dll
    [2011/08/13 14:54:08 | 000,004,608 | R--- | C] () -- C:\WINDOWS\System32\SaiC0836_12.dll
    [2011/06/10 07:54:20 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
    [2011/01/03 18:44:44 | 002,601,752 | R--- | C] () -- C:\WINDOWS\System32\pbsvc_moh.exe
    [2010/09/12 08:43:08 | 000,000,154 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2010/09/11 19:19:55 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll

    ========== LOP Check ==========

    [2011/05/17 19:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2011/11/12 11:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
    [2009/11/12 20:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
    [2011/01/02 13:03:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
    [2008/02/19 21:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2007/12/22 20:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2008/06/15 15:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2008/06/03 22:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2012/02/19 20:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    [2009/11/12 16:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2010/04/11 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2008/09/21 19:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
    [2010/03/06 21:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
    [2010/10/28 07:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2008/11/20 16:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2009/09/12 17:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/06/28 16:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2008/01/03 20:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2012/04/11 08:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/12/25 12:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/10/11 22:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/04 15:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/10/14 22:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\alot
    [2009/05/11 14:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\AVGTOOLBAR
    [2011/10/23 11:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Azureus
    [2010/07/04 09:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Canon
    [2011/06/10 19:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\CheckPoint
    [2010/09/16 23:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\click
    [2012/03/18 21:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Digidesign
    [2010/06/03 20:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\FreshDiagnose
    [2009/11/08 13:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\FTW
    [2009/04/10 19:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\GetRightToGo
    [2008/09/15 07:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\gslist
    [2011/08/24 21:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\gtk-2.0
    [2009/04/25 19:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\IcoFX
    [2008/06/01 21:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\n-Track Studio5
    [2008/06/22 21:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\NCH Swift Sound
    [2007/12/30 10:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\OfficeUpdate12
    [2012/02/19 20:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\PACE Anti-Piracy
    [2010/04/11 13:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\PC Suite
    [2009/01/15 21:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Red Kawa
    [2009/12/14 01:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\RipIt4Me
    [2008/09/21 19:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\RTPlayer
    [2010/10/28 07:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Samsung
    [2008/06/27 01:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Seven Zip
    [2009/12/12 23:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Skinux
    [2010/01/31 19:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Sony
    [2010/01/31 19:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Sony Setup
    [2012/02/19 16:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Structure
    [2010/06/20 09:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\TS3Client
    [2011/08/29 17:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\Tunebite
    [2011/05/01 14:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean\Application Data\wargaming.net
    [2012/04/08 21:28:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2012/04/18 21:48:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2012/04/19 02:19:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    [2012/04/19 02:23:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{956D5B1F-632D-4E74-8270-1E38E7DBF93B}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1308 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:VSkPvgfhS5Habqp0zqGTfkenKq
    @Alternate Data Stream - 1298 bytes -> C:\Documents and Settings\Sean\Cookies:CK73rIb2YigdJFrEtYhU3N
    @Alternate Data Stream - 1293 bytes -> C:\Documents and Settings\Sean\Local Settings\Application Data\gEMW7K4A9CdyeS:gQ2v1btjMy9MtLoPspDufb9NkzXF
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
    @Alternate Data Stream - 1226 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ymytUVmvujn6iBHTn4odk3g3hsph
    @Alternate Data Stream - 1219 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:1Z3pzdSeZ0BuohpD7LstCeY7
    @Alternate Data Stream - 1199 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:WvPV0ZlODarrsKQebwzG
    @Alternate Data Stream - 1090 bytes -> C:\Program Files\Common Files\System:x0HERAUURvCh7uXzUufVm0vRpy
    @Alternate Data Stream - 1074 bytes -> C:\Documents and Settings\Sean\Local Settings\Application Data\LqejGV3qr:JUTtleZOQG35mI2Orh

    < End of report >

  8. #8
    Member
    Join Date
    Nov 2006
    Posts
    40

    Default

    OTL Extras logfile created on: 19/04/2012 02:18:56 - Run 1
    OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Sean\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.58% Memory free
    3.95 Gb Paging File | 3.04 Gb Available in Paging File | 77.03% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 372.60 Gb Total Space | 10.63 Gb Free Space | 2.85% Space Free | Partition Type: NTFS

    Computer Name: STUDY | User Name: Sean | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
    "65533:TCP" = 65533:TCP:*:Enabled:Services
    "52344:TCP" = 52344:TCP:*:Enabled:Services

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
    "65533:TCP" = 65533:TCP:*:Enabled:Services
    "52344:TCP" = 52344:TCP:*:Enabled:Services

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
    "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
    "C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe" = C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne -- (Electronic Arts Inc.)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
    "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
    "C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
    "C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe" = C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising -- (Codemasters Software Company Limited)
    "C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
    "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server
    "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server
    "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
    "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
    "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
    "C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_Launcher.exe" = C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_Launcher.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)
    "C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_DX11.exe" = C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_DX11.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)
    "C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP.exe" = C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)
    "C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire
    "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
    "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Disabled:Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Steam\SteamApps\common\call of duty black ops\BlackOps.exe" = C:\Program Files\Steam\SteamApps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops -- ()
    "C:\Program Files\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe" = C:\Program Files\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer -- ()
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Steam\SteamApps\common\sniper ghost warrior\Sniper_x86.exe" = C:\Program Files\Steam\SteamApps\common\sniper ghost warrior\Sniper_x86.exe:*:Enabled:Sniper: Ghost Warrior -- (City Interactive)
    "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
    "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe:*:Enabled:Call of Duty: Modern Warfare 3 -- ()
    "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe:*:Enabled:Call of Duty: Modern Warfare 3 - Multiplayer -- ()
    "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp_server.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp_server.exe:*:Enabled:Call of Duty: Modern Warfare 3 - Dedicated Server -- ()
    "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
    "C:\Program Files\Steam\SteamApps\common\skyrim\CreationKit.exe" = C:\Program Files\Steam\SteamApps\common\skyrim\CreationKit.exe:*:Enabled:Creation Kit -- (Bethesda Softworks)
    "C:\Program Files\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe" = C:\Program Files\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe:*:Enabled:The Elder Scrolls V: Skyrim -- (Bethesda Softworks)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
    "{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
    "{07D4A7C5-C55C-45B5-9E86-D8068D25EF40}" = Fast Track
    "{09D28918-5CD7-4673-9DA9-B4B0425F606F}" = Microsoft Combat Flight Simulator 3 Mission Builder
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
    "{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1912F2DA-2884-45D8-AF5E-C86DAB18F834}" = Smart Technology Programming Software 7.0.1.12
    "{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
    "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
    "{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
    "{24E85B9C-6E60-4723-89CC-71B66881A020}" = BF2 Editor
    "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
    "{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
    "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
    "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
    "{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
    "{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
    "{6AA4C799-BF98-4573-9C83-0C8E4EA46D14}" = Manual CanoScan LiDE 35
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
    "{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications
    "{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
    "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
    "{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
    "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A9B1473-A3BF-763F-BB5C-06B2E2216216}" = Connect Service
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
    "{A59E259E-5F1A-4F8F-A3DA-356137BE37F6}" = AncestryView V2
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
    "{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B3FB6B55-C271-44FC-BA03-BBD8B2EA6EEF}" = Memory-Map OS Edition Version 5
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C13B9ACB-201F-4DED-86FD-F6CF2844C1A9}" = Family Tree Maker 2005
    "{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
    "{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
    "{C7B39B40-52C3-11D4-AFCE-00E0B8138A4A}" = Fujitsu FDX310 Modem
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME
    "{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
    "{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
    "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
    "{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow
    "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{E75E905C-6624-4180-8C96-EE0211E3C078}" = Skyrim NPC Editor
    "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
    "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F863B682-5148-4738-B025-455AF892D723}" = Tunebite
    "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
    "{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
    "{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FE8CD9C9-7650-4B8D-928A-85D6CAB6CA59}" = Digidesign Pro Tools M-Powered Essential 8.0.2
    "{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "AC3Filter" = AC3Filter (remove only)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "AH Spitfire for CFS3" = AH Spitfire for CFS3
    "Audacity_is1" = Audacity 1.2.6
    "AudioCS" = Creative Audio Console
    "AVG8Uninstall" = AVG Free 8.5
    "AVIcodec" = AVIcodec (remove only)
    "AviSynth" = AviSynth 2.5
    "Belarc Advisor" = Belarc Advisor 8.1
    "camcodec" = CamStudio Lossless Codec
    "CCleaner" = CCleaner
    "CFS3 NEK ~ Voice Packs" = CFS3 NEK ~ Voice Packs
    "Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.1
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DoremiSoft FLV to MP4 Converter" = DoremiSoft FLV to MP4 Converter 1.0
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVDx_is1" = DVDx
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ESPR300 Reference Guide" = ESPR300 Reference Guide
    "ESPR300 Software Guide" = ESPR300 Software Guide
    "ESPR300 Standalone Guide" = ESPR300 Standalone Guide
    "EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 4.0 by MixMeister
    "FirePower for Microsoft Combat Flight Simulator 3" = FirePower for Microsoft Combat Flight Simulator 3
    "Fraps" = Fraps (remove only)
    "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
    "Freemake Video Converter_is1" = Freemake Video Converter version 2.1.5
    "GroundCrew FW 200 Condor for CFS3" = GroundCrew FW 200 Condor for CFS3
    "GroundCrew He111 shared Textures and Weapons" = GroundCrew He111 shared Textures and Weapons
    "IcoFX_is1" = IcoFX 1.6.4
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
    "InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
    "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
    "InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
    "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
    "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
    "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
    "InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
    "InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
    "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
    "JoneSoft MD5Mate_is1" = JoneSoft MD5Mate v1.2.0
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Matrox VFW Software Codecs" = Matrox VFW Software Codecs, build 28
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NetDevil_LEGO_Universe_is1" = LEGO Universe
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Ogg Codecs" = Ogg Codecs 0.80.15039
    "OpenAL" = OpenAL
    "Picasa 3" = Picasa 3
    "PunkBusterSvc" = PunkBuster Services
    "Red Eye Remover Pro_is1" = Red Eye Remover Pro 1.2
    "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
    "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
    "Spotify" = Spotify
    "Steam App 10180" = Call of Duty: Modern Warfare 2
    "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
    "Steam App 10680" = Aliens vs Predator
    "Steam App 202480" = Creation Kit
    "Steam App 34830" = Sniper: Ghost Warrior
    "Steam App 42700" = Call of Duty: Black Ops
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "STLFR_eng_is1" = 'Steel Fury - Kharkov 1942'
    "SWAT3" = SWAT3
    "SystemRequirementsLab" = System Requirements Lab
    "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "TeamSpeakOverlay" = TeamSpeak Overlay BETA 2 (#63)
    "TMM60" = TeLL me More
    "Tweak UI 2.10" = Tweak UI
    "Videora iPod touch Converter" = Videora iPod touch Converter 4.04
    "VLC media player" = VLC media player 1.0.2
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WhoCrashed_is1" = WhoCrashed 3.02
    "Windows CE Services" = Microsoft ActiveSync 3.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
    "World at War" = World at War Minimod
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xvid_is1" = Xvid 1.1.3 final uninstall
    "ZoneAlarm Free" = ZoneAlarm Free
    "ZoneAlarm Toolbar" = ZoneAlarm Toolbar
    "ZoneAlarm_Security Toolbar" = ZoneAlarm Security Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
    "Battle of Britain for CFS3" = Battle of Britain for CFS3
    "Google Chrome" = Google Chrome
    "Heinkel He111 Standalone Repaints" = Heinkel He111 Standalone Repaints

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 18/04/2012 16:48:53 | Computer Name = STUDY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 18/04/2012 16:48:53 | Computer Name = STUDY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 18/04/2012 16:48:53 | Computer Name = STUDY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 18/04/2012 17:02:13 | Computer Name = STUDY | Source = COM+ | ID = 135894
    Description = A condition has occurred that indicates this COM+ application is in
    an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

    Server
    Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
    ID: {FB164C52-6616-4D53-BDEA-07336DFAF8ED} Server Application Name: System Application
    The
    serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
    : Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
    Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

    Error - 18/04/2012 17:02:13 | Computer Name = STUDY | Source = COM+ | ID = 135761
    Description = The run-time environment has detected an inconsistency in its internal
    state. This indicates a potential instability in the process that could be caused
    by the custom components running in the COM+ application, the components they make
    use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
    hr = 80080005: InitEventCollector fail

    Error - 18/04/2012 17:02:13 | Computer Name = STUDY | Source = VSS | ID = 12292
    Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
    COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

    Error - 18/04/2012 17:02:14 | Computer Name = STUDY | Source = COM+ | ID = 135894
    Description = A condition has occurred that indicates this COM+ application is in
    an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

    Server
    Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
    ID: {C5EE4675-4B8D-4044-822B-CBB9AB26FE0C} Server Application Name: System Application
    The
    serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
    : Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
    Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

    Error - 18/04/2012 17:02:19 | Computer Name = STUDY | Source = COM+ | ID = 135894
    Description = A condition has occurred that indicates this COM+ application is in
    an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

    Server
    Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
    ID: {2761215F-E0CA-43B3-95DA-5616F6BC720B} Server Application Name: System Application
    The
    serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
    : Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
    Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

    Error - 18/04/2012 17:03:21 | Computer Name = STUDY | Source = NTBackup | ID = 8001
    Description = End Backup of 'C:' 'Warnings or errors were encountered.' Verify:
    Off Mode: Append Type: Normal Consult the backup report for more details.

    Error - 18/04/2012 17:03:21 | Computer Name = STUDY | Source = NTBackup | ID = 8019
    Description = End Operation: Warnings or errors were encountered. Consult the backup
    report for more details.

    [ System Events ]
    Error - 18/04/2012 11:19:11 | Computer Name = STUDY | Source = Service Control Manager | ID = 7000
    Description = The Fujitsu USB ADSL Loader service failed to start due to the following
    error: %%1058

    Error - 18/04/2012 11:19:11 | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error - 18/04/2012 11:44:48 | Computer Name = STUDY | Source = Service Control Manager | ID = 7000
    Description = The Fujitsu USB ADSL Loader service failed to start due to the following
    error: %%1058

    Error - 18/04/2012 11:44:48 | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error - 18/04/2012 16:47:36 | Computer Name = STUDY | Source = Service Control Manager | ID = 7000
    Description = The Fujitsu USB ADSL Loader service failed to start due to the following
    error: %%1058

    Error - 18/04/2012 16:47:36 | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error - 18/04/2012 17:02:13 | Computer Name = STUDY | Source = Service Control Manager | ID = 7031
    Description = The COM+ System Application service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
    Restart the service.

    Error - 18/04/2012 17:02:13 | Computer Name = STUDY | Source = Service Control Manager | ID = 7034
    Description = The MS Software Shadow Copy Provider service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 18/04/2012 17:02:14 | Computer Name = STUDY | Source = Service Control Manager | ID = 7031
    Description = The COM+ System Application service terminated unexpectedly. It has
    done this 2 time(s). The following corrective action will be taken in 5000 milliseconds:
    Restart the service.

    Error - 18/04/2012 17:02:19 | Computer Name = STUDY | Source = Service Control Manager | ID = 7034
    Description = The COM+ System Application service terminated unexpectedly. It has
    done this 3 time(s).


    < End of report >

  9. #9
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    Hi Canyoufixitdad,

    I'm afraid I have some bad news for you...

    Rootkit

    Your computer has a dangerous Rootkit infection. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

    You are strongly advised to do the following:

    • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
    • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
    • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
    • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).


    DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

    Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

    To help you understand more, please take some time to read the following articles:

    What are rootkits from Wikipedia
    How do I respond to a possible identity theft and how do I prevent it
    When should do a reformat and reinstallation of my OS
    How to backup your files in Windows XP

    Should you have any questions please feel free to ask.

    Please let us know what you have decided to do in your next post.
    Proud Graduate of the MalWare Removal University

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •