Hi,

I have the same problem mentioned of google redirecting, redirecting to k-directory, pop ups, and fake security software automatically downloading to PC. There is also recent loading page problems, and I have to restart the PC. Sometimes all links clicked on redirect. This problem only occurred recently.

I do not use IE, but it is also really infected. I set firefox to warn if pages were redirected, this came undone so I made the change again.
My Os is Windows XP SP3, Over the last few months I use free security software, - Microsoft Security essentials, Malware Bytes, anti malware and Advanced System Care.
All were run, along with Windows Updates.

I would appreciate any support for this issue.

Regards,

Jen11

Please, read HERE and post required logs.

Hi I clicked on the 'read Here' link but there was only the 'no specified thread message'? on the page along with a link to download registry booster. I did not find information to read.

thanks,

Gemma

Sorry for that
Here: http://www.d-a-l.com/help/spyware-ad...s-updated.html

Hi,


I have completed the steps and have saved four log files, please find two attached, and copy of the gmer file below. I was not able to attach the OTL file as received the message the file size exceeded limits. When pasted below in a previous post I received the fatal error message which I assume was the file size. Could you please advise if I should I upload this as ZIP file?

Other info, before following the steps, I removed Microsoft Security Essentials and Advanced System Care from my PC, and installed and ran Norton Internet Security Suite. It found one trojan and browsing has improved in google, I was redirected on one link on the page. Also My Network settings keep changing from my setting of 'No proxy' to 'automatic system proxy'.

Regards,

jen11



GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-10 23:28:13
Windows 5.1.2600 Service Pack 3
Running: jtkug36b.exe; Driver: C:\DOCUME~1\Gemma\LOCALS~1\Temp\kxnyraog.sys


---- System - GMER 1.0.15 ----

SSDT 89B13050 ZwAlertResumeThread
SSDT 8A13E050 ZwAlertThread
SSDT 89992C88 ZwAllocateVirtualMemory
SSDT 89B0D050 ZwAssignProcessToJobObject
SSDT 8A340110 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB0E1F210]
SSDT 899923F8 ZwCreateMutant
SSDT 8998DBC0 ZwCreateSymbolicLinkObject
SSDT 8A2726D0 ZwCreateThread
SSDT 89B0E050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB0E1F490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB0E1F9F0]
SSDT 89992DE0 ZwDuplicateObject
SSDT 89992AE8 ZwFreeVirtualMemory
SSDT 89A96050 ZwImpersonateAnonymousToken
SSDT 8A1D6050 ZwImpersonateThread
SSDT 8A3E5BB8 ZwLoadDriver
SSDT 8998E220 ZwMapViewOfSection
SSDT 89A95050 ZwOpenEvent
SSDT 89992F80 ZwOpenProcess
SSDT 8A1DA050 ZwOpenProcessToken
SSDT 8A1D1050 ZwOpenSection
SSDT 89992EB0 ZwOpenThread
SSDT 8998DC90 ZwProtectVirtualMemory
SSDT 8A141050 ZwResumeThread
SSDT 8A205050 ZwSetContextThread
SSDT 89992908 ZwSetInformationProcess
SSDT 89B0F050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB0E1FC40]
SSDT 8A1D3050 ZwSuspendProcess
SSDT 89B14050 ZwSuspendThread
SSDT 8A1DB050 ZwTerminateProcess
SSDT 8A142050 ZwTerminateThread
SSDT 89A99050 ZwUnmapViewOfSection
SSDT 89992BB8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 1C2 804E4A1C 4 Bytes CALL CAD7E34B
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\PzWDM.sys entry point in "init" section [0xF789B30E]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xBA59F340, 0xFFF3F, 0xF8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xBA29BF80]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\0019155fd727
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\0019155fd727@0023b41243c3 0x18 0x47 0x4F 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\0019155fd727@001c9aefb81a 0xB3 0xB9 0xC0 0xBA ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramet ers\Keys\0019155fd727 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramet ers\Keys\0019155fd727@0023b41243c3 0x18 0x47 0x4F 0x7B ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramet ers\Keys\0019155fd727@001c9aefb81a 0xB3 0xB9 0xC0 0xBA ...

---- EOF - GMER 1.0.15 ----

Always paste all logs. If some log doesn't fit into one reply, split it between couple of posts.

Malwarebytes' Anti-Malware 1.44
Database version: 3763
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/10/2010 8:24:19 PM
mbam-log-2010-08-10 (20-24-19).txt

Scan type: Quick Scan
Objects scanned: 123314
Time elapsed: 8 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dpwsockx32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0000d64f-1c22-40a1-bd84-727c8b6b57bb} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{0000d64f-1c22-40a1-bd84-727c8b6b57bb} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{0000d64f-1c22-40a1-bd84-727c8b6b57bb} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0000d64f-1c22-40a1-bd84-727c8b6b57bb} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\DPWSOCKX32.dll (Trojan.Agent) -> Delete on reboot.

================================================== ============

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000008d

Kernel Drivers (total 153):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74C0000 atapi.sys
0xF7717000 cercsr6.sys
0xF74A8000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7488000 fltmgr.sys
0xF7432000 SYMDS.SYS
0xF7420000 sr.sys
0xF786A000 SYMEFA.SYS
0xF7647000 PxHelp20.sys
0xF789B000 PzWDM.sys
0xF7409000 KSecDD.sys
0xF7853000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF795A000 NDIS.sys
0xF7839000 Mup.sys
0xF7657000 agp440.sys
0xF7937000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF7697000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA59F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xBA58B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF774F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA567000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7757000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA533000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xBA510000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA411000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xBA36A000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF776F000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA342000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF777F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF778F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA7FC000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA32E000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF779F000 \SystemRoot\system32\drivers\Afc.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF77B7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA2EE000 \SystemRoot\system32\drivers\smwdm.sys
0xBA2CA000 \SystemRoot\system32\drivers\portcls.sys
0xF76F7000 \SystemRoot\system32\drivers\drmk.sys
0xBA217000 \SystemRoot\system32\drivers\senfilt.sys
0xF7A66000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7587000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA200000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7577000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7567000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA14F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7557000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7807000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7817000 \SystemRoot\system32\DRIVERS\tap0901.sys
0xF79A5000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7547000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF781F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7537000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xF79AB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA0A1000 \SystemRoot\system32\DRIVERS\update.sys
0xBA7CC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7527000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7517000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF773F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79BB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AA3000 \SystemRoot\System32\Drivers\Null.SYS
0xF79BF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7787000 \SystemRoot\System32\drivers\vga.sys
0xF79C3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79C7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77A7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77BF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA6DB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB0F2C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB0ED3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB0E7C000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SYMTD I.SYS
0xB0E56000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA7A0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB0E31000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB0DDC000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20 100805.004\IDSxpx86.sys
0xB0DB5000 \SystemRoot\System32\Drivers\Mpfp.sys
0xBA790000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB0D8D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB0D55000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xB0D0B000 \SystemRoot\System32\drivers\afd.sys
0xBA780000 \SystemRoot\system32\drivers\ip6fw.sys
0xBA770000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB0C4C000 \SystemRoot\system32\drivers\NIS\1107000.00C\Ironx 86.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA760000 \SystemRoot\system32\drivers\NIS\1107000.00C\SRTSP X.SYS
0xB0C21000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA09D000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB0BB1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA750000 \SystemRoot\System32\Drivers\Fips.SYS
0xB0B53000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB0B36000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB0AB7000 \SystemRoot\system32\drivers\NIS\1107000.00C\ccHPx 86.sys
0xB0A0B000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\2 0100719.001\BHDrvx86.sys
0xBA730000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA093000 \SystemRoot\System32\Drivers\n558.sys
0xBA127000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xB09C8000 \SystemRoot\System32\Drivers\bthport.sys
0xBA117000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA087000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA720000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA710000 \SystemRoot\system32\drivers\usbaudio.sys
0xBA07F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7677000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xF772F000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xB09AF000 \SystemRoot\system32\DRIVERS\bthpan.sys
0xF7687000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA6DF000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7747000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AB7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB045E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB03BA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB00C1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB0084000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA160000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7A09000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF7797000 \??\C:\WINDOWS\system32\ANIO.SYS
0xAF915000 \SystemRoot\system32\DRIVERS\srv.sys
0xAFA50000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAEACA000 \SystemRoot\System32\Drivers\HTTP.sys
0xAE9D3000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SRTSP .SYS
0xAE85F000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\ 20100810.002\NAVEX15.SYS
0xAE84B000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\ 20100810.002\NAVENG.SYS
0xAE5CE000 \SystemRoot\system32\DRIVERS\Dr71WU.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
1480 C:\WINDOWS\system32\smss.exe
1620 csrss.exe
1644 C:\WINDOWS\system32\winlogon.exe
1692 C:\WINDOWS\system32\services.exe
1704 C:\WINDOWS\system32\lsass.exe
1856 C:\WINDOWS\system32\svchost.exe
1936 svchost.exe
2008 C:\WINDOWS\system32\svchost.exe
124 C:\WINDOWS\system32\svchost.exe
276 svchost.exe
420 svchost.exe
604 C:\WINDOWS\explorer.exe
652 C:\WINDOWS\system32\spoolsv.exe
764 svchost.exe
864 C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler. exe
872 C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkL icenseServer.exe
1028 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1092 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1168 C:\Program Files\Bonjour\mDNSResponder.exe
1192 svchost.exe
1224 C:\WINDOWS\system32\cisvc.exe
1340 C:\Program Files\FileZilla Server\FileZilla server.exe
1500 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
1524 C:\Program Files\Analog Devices\Core\smax4pnp.exe
1624 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1848 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
1944 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
2044 C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
148 C:\Program Files\Input Director\IDWinService.exe
220 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
308 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
388 C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
592 C:\WINDOWS\system32\rundll32.exe
620 C:\Program Files\Java\jre6\bin\jqs.exe
692 C:\Program Files\Input Director\InputDirectorSessionHelper.exe
840 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
972 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
1932 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1816 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
1596 C:\Program Files\iTunes\iTunesHelper.exe
2056 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2120 C:\WINDOWS\system32\ctfmon.exe
2136 C:\WINDOWS\system32\nvsvc32.exe
2144 C:\Program Files\Wing FTP Server\WFTPTray.exe
2176 C:\Program Files\Golden FTP Server\GFTP.exe
2188 C:\WINDOWS\system32\HPZipm12.exe
2280 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2344 C:\WINDOWS\system32\tcpsvcs.exe
2384 C:\WINDOWS\system32\svchost.exe
2436 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2492 C:\Program Files\Wing FTP Server\WFTPServer.exe
2596 C:\Program Files\zFTPServer\zFTPServer.exe
2672 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
2684 C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
2812 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
2824 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
3472 C:\Program Files\iPod\bin\iPodService.exe
3676 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
1612 alg.exe
776 C:\WINDOWS\system32\svchost.exe
2624 C:\Program Files\Mozilla Firefox\firefox.exe
3372 C:\WINDOWS\system32\cidaemon.exe
664 C:\Program Files\Mozilla Firefox\plugin-container.exe
2196 H:\5.Desktop\7.prg icons\2.sort the pc\1.sec\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: Maxtor6Y120P0, Rev: YAR41BW0
PhysicalDrive1 Model Number: WD2500BEV External, Rev: 1.04

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 34909033E27515C770D5F7C2C533AE73CAE376C1
232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 2BE9ACE700A45722604874D4A10E3B6A212931F3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 7Dumping \\.\PhysicalDisk7...
Enter filename to dump to: mbrError opening disk (2)!

Enter the physical disk number to dump (0-99, -1 to exit): 7Dumping \\.\PhysicalDisk7...
Enter filename to dump to: ofError opening disk (2)!

Enter the physical disk number to dump (0-99, -1 to exit): 7Dumping \\.\PhysicalDisk7...
Enter filename to dump to: pError opening disk (2)!

Enter the physical disk number to dump (0-99, -1 to exit): 7Dumping \\.\PhysicalDisk7...
Enter filename to dump to: diskError opening disk (2)!

Enter the physical disk number to dump (0-99, -1 to exit):

When you're done with posting OTL logs....


Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Pres the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot and run MBRCheck again and post that log.

Hi,

I have divided the OTL file into two parts. Here is the first part.

OTL logfile created on: 8/11/2010 1:16:54 AM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = H:\5.Desktop\7.prg icons\2.sort the pc\1.sec\v dal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.49 Gb Total Space | 15.95 Gb Free Space | 20.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232.83 Gb Total Space | 141.94 Gb Free Space | 60.96% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: GEMMA-55D251356
Current User Name: Gemma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/10 23:52:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- H:\5.Desktop\7.prg icons\2.sort the pc\1.sec\v dal\OTL.exe
PRC - [2010/07/28 14:01:02 | 005,446,168 | ---- | M] () -- C:\Program Files\Wing FTP Server\WFTPServer.exe
PRC - [2010/07/28 14:01:02 | 001,182,232 | ---- | M] () -- C:\Program Files\Wing FTP Server\WFTPTray.exe
PRC - [2010/07/18 22:30:24 | 000,740,864 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla server.exe
PRC - [2010/07/15 11:44:52 | 006,201,344 | ---- | M] () -- C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
PRC - [2010/07/15 11:44:48 | 003,399,168 | ---- | M] () -- C:\Program Files\zFTPServer\zFTPServer.exe
PRC - [2010/06/17 00:24:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler. exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/24 14:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/26 0150 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2010/02/17 15:40:50 | 001,710,592 | ---- | M] (KMiNT21 Software) -- C:\Program Files\Golden FTP Server\GFTP.exe
PRC - [2009/12/22 02:08:39 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkL icenseServer.exe
PRC - [2009/08/11 00:19:08 | 000,132,144 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/08/06 19:58:38 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/07/10 06:10:13 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/19 13:43:42 | 000,122,880 | ---- | M] () -- C:\Program Files\Input Director\InputDirectorSessionHelper.exe
PRC - [2009/06/19 13:43:20 | 000,032,768 | ---- | M] () -- C:\Program Files\Input Director\IDWinService.exe
PRC - [2008/07/09 14:49:10 | 000,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/15 02:40:39 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 01:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/04/14 16:50:30 | 001,556,480 | ---- | M] (D-Link) -- C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
PRC - [2007/01/19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/01/31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/04 13:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/08/10 23:52:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- H:\5.Desktop\7.prg icons\2.sort the pc\1.sec\v dal\OTL.exe
MOD - [2010/05/14 06:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/04 07:27:02 | 000,141,824 | ---- | M] (JSCAPE) [Auto | Stopped] -- C:\Program Files\JSCAPE Secure FTP Server\server.exe -- (JSCAPE Secure FTP Server)
SRV - [2010/07/28 14:01:02 | 005,446,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Wing FTP Server\WFTPServer.exe -- (Wing FTP Server)
SRV - [2010/07/18 22:30:24 | 000,740,864 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2010/07/15 11:44:48 | 003,399,168 | ---- | M] () [Auto | Running] -- C:\Program Files\zFTPServer\zFTPServer.exe -- (zFTPSvc)
SRV - [2010/07/06 08:52:14 | 001,859,328 | ---- | M] (Codeorigin, LLC) [On_Demand | Stopped] -- C:\Program Files\SysaxServer\sysaxservd.exe -- (SysaxMultiServer)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/12 1755 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/26 0150 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/01/24 01:43:54 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/22 02:08:39 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkL icenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2009/08/11 00:19:16 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009/08/11 00:19:08 | 000,132,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/08/06 19:58:38 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/06/19 13:43:20 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files\Input Director\IDWinService.exe -- (InputDirector)
SRV - [2008/08/13 17:59:30 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/07/09 14:49:10 | 000,358,736 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/11/06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/19 12:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2005/01/31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/08/04 13:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)


========== Driver Services (SafeList) ==========

DRV - [2010/08/09 04:48:11 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/08 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\ 20100810.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/08 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/08 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/08 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\ 20100810.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/20 00:28:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\2 0100719.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/17 02:54:14 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20 100805.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/06 05:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI .SYS -- (SYMTDI)
DRV - [2010/05/06 05:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/06 05:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx8 6.SYS -- (SymIRON)
DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA .SYS -- (SymEFA)
DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP. SYS -- (SRTSP)
DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX .SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx8 6.sys -- (ccHP)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/04 02:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS. SYS -- (SymDS)
DRV - [2009/10/25 00:20:53 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/07/17 08:23:00 | 000,476,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/02 14:55:42 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/17 11:03:46 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/11/06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/08/15 08:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/12/11 12:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/02/23 21:41:36 | 000,017,536 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NtpaSp50.sys -- (NTPASp50)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/05/05 22:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 1526 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/28 15:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4F D6 00 00 22 1C A1 40 BD 84 72 7C 8B 6B 57 BB [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{2211994 4-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/02/01 14:58:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892 B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/07/10 06:10:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1 c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 03:19:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA059 1-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/08/10 01:51:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F365 1-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/08/09 04:49:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 18:27:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 14:32:17 | 000,000,000 | ---D | M]

[2009/09/10 00:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Extensions
[2009/09/10 00:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/29 21:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\2nu3fxdw.99\extensio ns
[2010/06/17 01:57:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\2nu3fxdw.99\extensio ns\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/10 20:08:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\2nu3fxdw.99\extensio ns\{658f94a3-b232-4cd4-9d14-4d83897c2439}
[2010/08/10 0030 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\2nu3fxdw.99\extensio ns\toolbar@ask.com
[2010/08/10 16:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\4.2\extensions
[2010/08/10 02:33:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\4.2\extensions\{20a8 2645-c095-46ed-80e3-08825760534b}
[2010/08/10 20:08:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\4.2\extensions\{658f 94a3-b232-4cd4-9d14-4d83897c2439}
[2010/08/10 00:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\h36kbknl.Default User\extensions
[2010/05/04 03:00:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\h36kbknl.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/10 20:08:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\h36kbknl.Default User\extensions\{658f94a3-b232-4cd4-9d14-4d83897c2439}
[2010/08/01 16:34:09 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\h36kbknl.Default User\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2010/08/01 17:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\h36kbknl.Default User\extensions\toolbar@ubernote.com
[2010/08/01 04:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\ikq2ovy6.Default User2\extensions
[2010/05/19 20:31:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\ikq2ovy6.Default User2\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/10 20:08:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\ikq2ovy6.Default User2\extensions\{658f94a3-b232-4cd4-9d14-4d83897c2439}
[2010/07/29 15:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\q6jka1uk.default\ext ensions
[2009/08/07 02:22:58 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\q6jka1uk.default\ext ensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/09/02 23:20:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\q6jka1uk.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/10 20:08:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\q6jka1uk.default\ext ensions\{658f94a3-b232-4cd4-9d14-4d83897c2439}
[2009/04/25 21:12:43 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\q6jka1uk.default\ext ensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2009/08/31 23:24:17 | 000,000,000 | ---D | M] (Hotspot Shield Toolbar) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\q6jka1uk.default\ext ensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2010/01/22 19:33:45 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\q6jka1uk.default\ext ensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/01/31 14:27:06 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\q6jka1uk.default\ext ensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2010/02/23 10:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\q6jka1uk.default\ext ensions\foxyproxy@eric.h.jung
[2009/08/09 00:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\q6jka1uk.default\ext ensions\Proxybar@Proxy
[2008/11/28 11:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\q6jka1uk.default\ext ensions\ServerSpy@jacquet.eu.org
[2008/11/28 11:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\q6jka1uk.default\ext ensions\toolbar_extras@uk.yahoo.com
[2010/07/29 15:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\tk1cch0c.Default User\extensions
[2009/11/15 19:25:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\tk1cch0c.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/10 20:08:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\tk1cch0c.Default User\extensions\{658f94a3-b232-4cd4-9d14-4d83897c2439}
[2009/11/15 19:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mozilla\Firefox\Profiles\tk1cch0c.Default User\extensions\staged-xpis
[2010/08/10 16:07:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/09 0312 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 16:31:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/01/22 19:36:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\toolbar@naturalreaders.com
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/21 23:45:07 | 000,024,576 | ---- | M] (My Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll
[2010/03/27 20:28:40 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/27 20:28:40 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/27 20:28:40 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/27 20:28:40 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml


O1 HOSTS File: ([2010/06/12 16:57:40 | 000,001,254 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 Registration
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Alive Text to Speech) - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\Program Files\AliveMedia\Text to Speech\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe (PLANNING Co., Ltd.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead Movie Wizard 3.2 SE VCD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [EPSON S21 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIF AE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [GoldenFTPserver] C:\Program Files\Golden FTP Server\GFTP.exe (KMiNT21 Software)
O4 - HKCU..\Run: [WingFTPTray] C:\Program Files\Wing FTP Server\WFTPTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Gemma\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Gemma\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Gemma\Start Menu\Programs\Startup\zFTPServer Administration.lnk = C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Read aloud by SpeakText - C:\Program Files\speaktext\IESpeak.htm ()
O8 - Extra context menu item: Stop SpeakText reading aloud - C:\Program Files\speaktext\IEStop.htm ()
O9 - Extra Button: Read aloud by SpeakText - {03B5D444-9D5C-4361-aaB5-F81F37F0F704} - C:\Program Files\speaktext\IESpeak.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Select Voice - {489BD066-48C3-4C2B-92a6-9311462429F3} - C:\Program Files\speaktext\IEChangVoice.htm ()
O9 - Extra Button: Pause Or Resume Reading aloud - {6F193B8E-2aD2-44CE-93a7-DB3E042589ED} - C:\Program Files\speaktext\IEPause.htm ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Stop SpeakText reading aloud - {C14815F2-50BC-4F98-8D78-401BCC828a5F} - C:\Program Files\speaktext\IEStop.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0C71BDAA-5B30-4E12-A317-D225FEB9A068} http://192.168.1.10/AxViewer/AxVideoView.cab (AxVideoView Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} http://192.168.1.11/RtspVaPgDec.cab (RtspVaPgCtrl Class)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/ca...ail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://192.168.1.253/bl_camera.cab (Bl_camera Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\Program Files\Article Content Spinner\DLL\mshtml.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/13 1720 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - H:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2010/06/10 12:30:50 | 000,000,090 | ---- | M] () - H:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{0f865ad2-6f03-11dd-a871-000cf1d1f395}\Shell - "" = AutoRun
O33 - MountPoints2\{0f865ad2-6f03-11dd-a871-000cf1d1f395}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0f865ad2-6f03-11dd-a871-000cf1d1f395}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{0f865ad3-6f03-11dd-a871-000cf1d1f395}\Shell - "" = AutoRun
O33 - MountPoints2\{0f865ad3-6f03-11dd-a871-000cf1d1f395}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0f865ad3-6f03-11dd-a871-000cf1d1f395}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{0fc56992-ca07-11de-b30c-00179ac0b8ee}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc56992-ca07-11de-b30c-00179ac0b8ee}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0fc56992-ca07-11de-b30c-00179ac0b8ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{0fc56993-ca07-11de-b30c-00179ac0b8ee}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc56993-ca07-11de-b30c-00179ac0b8ee}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0fc56993-ca07-11de-b30c-00179ac0b8ee}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{2fd44ec5-6955-11dd-a85b-a10ac0f9cac1}\Shell - "" = AutoRun
O33 - MountPoints2\{2fd44ec5-6955-11dd-a85b-a10ac0f9cac1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2fd44ec5-6955-11dd-a85b-a10ac0f9cac1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{2fd44ec8-6955-11dd-a85b-a10ac0f9cac1}\Shell - "" = AutoRun
O33 - MountPoints2\{2fd44ec8-6955-11dd-a85b-a10ac0f9cac1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2fd44ec8-6955-11dd-a85b-a10ac0f9cac1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{3181a282-d564-11de-b32c-00179ac0b8ee}\Shell - "" = AutoRun
O33 - MountPoints2\{3181a282-d564-11de-b32c-00179ac0b8ee}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3181a282-d564-11de-b32c-00179ac0b8ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3181a283-d564-11de-b32c-00179ac0b8ee}\Shell - "" = AutoRun
O33 - MountPoints2\{3181a283-d564-11de-b32c-00179ac0b8ee}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3181a283-d564-11de-b32c-00179ac0b8ee}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{3b892d20-da1c-11de-b32e-00179ac0b8ee}\Shell - "" = AutoRun
O33 - MountPoints2\{3b892d20-da1c-11de-b32e-00179ac0b8ee}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b892d20-da1c-11de-b32e-00179ac0b8ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3b892d21-da1c-11de-b32e-00179ac0b8ee}\Shell - "" = AutoRun
O33 - MountPoints2\{3b892d21-da1c-11de-b32e-00179ac0b8ee}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b892d21-da1c-11de-b32e-00179ac0b8ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a1247677-1f5e-11df-b3a4-00179ac0b8ee}\Shell - "" = AutoRun
O33 - MountPoints2\{a1247677-1f5e-11df-b3a4-00179ac0b8ee}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1247677-1f5e-11df-b3a4-00179ac0b8ee}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c5388e90-7538-11de-b2a6-00179ac0b8ee}\Shell - "" = AutoRun
O33 - MountPoints2\{c5388e90-7538-11de-b2a6-00179ac0b8ee}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c5388e90-7538-11de-b2a6-00179ac0b8ee}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c5388e93-7538-11de-b2a6-00179ac0b8ee}\Shell - "" = AutoRun
O33 - MountPoints2\{c5388e93-7538-11de-b2a6-00179ac0b8ee}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c5388e93-7538-11de-b2a6-00179ac0b8ee}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

Here is the second part of the OTL file.



========== Files/Folders - Created Within 90 Days ==========

[2010/08/11 01:17:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/08/11 00:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\Desktop\New Folder
[2010/08/10 01:15:51 | 000,047,408 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/08/09 09:17:28 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdi .sys
[2010/08/09 09:17:28 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdi v.sys
[2010/08/09 09:17:27 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds. sys
[2010/08/09 09:17:27 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp. sys
[2010/08/09 09:17:27 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa .sys
[2010/08/09 09:17:27 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx .sys
[2010/08/09 09:17:26 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx8 6.sys
[2010/08/09 09:17:26 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\ironx8 6.sys
[2010/08/09 09:16:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1107000.00C
[2010/08/09 04:48:11 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/09 04:48:11 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/09 04:47:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010/08/09 04:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/08/09 04:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/08/09 04:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/08/09 04:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/08/07 17:18:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/07 05:37:04 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/08/07 05:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/08/07 05:35:46 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/08/07 05:35:45 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/08/07 05:35:44 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/08/07 05:35:42 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010/08/07 05:35:42 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/08/07 05:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/08/07 05:02:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Globalization
[2010/08/07 05:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/08/06 06:45:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gemma\Desktop\recent files
[2010/08/06 05:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\Application Data\zFTPServer Suite
[2010/08/06 05:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\zFTPServer Administration
[2010/08/06 05:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\zFTPServer
[2010/08/06 05:55:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\embedded
[2010/08/06 05:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Xlight
[2010/08/06 05:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Golden FTP Server
[2010/08/06 05:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Golden FTP Server
[2010/08/06 05:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\SysaxServer
[2010/08/06 05:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Codeorigin
[2010/08/06 05:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Wing FTP Server
[2010/08/06 05:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\JSCAPE Secure FTP Server Backup
[2010/08/06 05:03:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gemma\Desktop\ftp srvrs-7
[2010/08/06 05:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\JSCAPE Secure FTP Server
[2010/08/01 18:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\Local Settings\Application Data\Opera
[2010/08/01 18:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/07/30 17:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\Local Settings\Application Data\AskToolbar
[2010/07/29 21:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/07/28 20:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla Server
[2010/07/28 20:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/07/28 16:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\Application Data\FileZilla
[2010/07/27 14:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/27 14:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/27 14:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/27 14:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/25 01:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\ConvMonk
[2010/07/22 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\My Documents\art
[2010/07/21 22:41:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gemma\Desktop\1.p e lib-25.985
[2010/06/17 18:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\Desktop\captivt tst
[2010/06/13 20:05:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/06/12 22:14:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gemma\Desktop\captivate
[2010/06/12 20:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\Application Data\ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6 .1
[2010/06/12 17:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\Application Data\adobe.captivate.swfcomment.AdobeCaptivateRevi ewer.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/12 17:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\My Documents\My Adobe Captivate Projects
[2010/06/09 13:16:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/06/09 09:10:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\konasys32
[2010/06/08 15:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Digital
[2010/06/08 15:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\TSM
[2010/05/28 06:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/05/23 04:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\My Documents\Website Ripper Copier
[2010/05/23 04:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Tensons
[2010/05/23 03:44:21 | 000,000,000 | ---D | C] -- C:\q1
[2010/05/23 03:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2010/05/23 03:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\My Documents\Microsys
[2010/05/23 03:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\Application Data\Microsys
[2010/05/23 03:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsys
[2010/05/21 19:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\Local Settings\Application Data\Mendeley Ltd
[2010/05/21 19:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mendeley Desktop
[2010/05/21 02:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gemma\My Documents\My Downloads
[2010/05/21 01:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\WebCopier Pro
[1 C:\Documents and Settings\Gemma\Desktop\*.tmp files -> C:\Documents and Settings\Gemma\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Gemma\*.tmp files -> C:\Documents and Settings\Gemma\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/11 01:15:07 | 000,000,006 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{2F495121-1D97-4B9A-B89E-0A662D32EBC9}
[2010/08/11 01:12:08 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/08/11 01:11:26 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010/08/11 01:11:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/11 01:10:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/11 01:10:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/11 01:10:28 | 2146,488,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/11 01:09:39 | 017,039,360 | ---- | M] () -- C:\Documents and Settings\Gemma\ntuser.dat
[2010/08/11 01:09:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gemma\ntuser.ini
[2010/08/11 01:09:24 | 009,185,864 | -H-- | M] () -- C:\Documents and Settings\Gemma\Local Settings\Application Data\IconCache.db
[2010/08/11 01:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/08/11 00:29:07 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/10 18:33:58 | 000,666,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/08/10 18:06:37 | 002,279,478 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\1.jpg
[2010/08/10 14:19:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/10 03:30:23 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/10 01:14:06 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/08/09 04:48:11 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/09 04:48:11 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/09 04:48:11 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/09 04:48:11 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/08 21:15:51 | 000,060,000 | ---- | M] () -- C:\Documents and Settings\Gemma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/08 21:13:55 | 001,581,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/07 19:20:20 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\Paint.lnk
[2010/08/07 17:19:47 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/07 17:19:47 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/07 14:54:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
[2010/08/07 14:45:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_010 09.Wdf
[2010/08/07 14:45:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_C oinstaller_Critical.Wdf
[2010/08/07 05:45:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDrive r_01_09_00.Wdf
[2010/08/07 05:45:46 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/07 05:45:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00. Wdf
[2010/08/07 05:11:27 | 000,533,562 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/06 05:57:44 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\Gemma\Start Menu\Programs\Startup\zFTPServer Administration.lnk
[2010/08/06 05:34:36 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Wing FTP Server Admin.lnk
[2010/08/05 04:31:53 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/05 00:26:13 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\ABBYY FineReader 10 Professional Edition.lnk
[2010/08/01 19:47:45 | 000,010,856 | ---- | M] () -- C:\WINDOWS\ips.INI
[2010/08/01 18:52:34 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/01 18:52:34 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/07/29 21:15:43 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Gemma\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/07/29 20:48:08 | 000,004,040 | -HS- | M] () -- C:\Documents and Settings\Gemma\Application Data\02000000c76e0718976P.manifest
[2010/07/29 15:58:26 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Gemma\Application Data\02000000c76e0718976S.manifest
[2010/07/29 1521 | 000,000,138 | -HS- | M] () -- C:\Documents and Settings\Gemma\Application Data\02000000c76e0718976O.manifest
[2010/07/29 1521 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\Gemma\Application Data\02000000c76e0718976C.manifest
[2010/07/29 14:41:06 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/07/28 20:18:49 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2010/07/27 14:32:00 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/07/25 01:50:22 | 000,001,990 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\Convert.lnk
[2010/07/25 01:29:20 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Convert Monkey.lnk
[2010/07/25 01:29:19 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\Convert Monkey.lnk
[2010/06/29 21:26:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/17 17:01:46 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\Skype.lnk
[2010/06/13 20:15:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/13 1903 | 000,000,006 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{D3D12142-AF8A-48D9-9D85-C01570AA3554}
[2010/06/12 23:08:32 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Gemma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/12 16:57:40 | 000,001,254 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/09 18:29:41 | 000,000,954 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/06/08 22:24:59 | 000,000,259 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\eBay Services Currency Converter.url
[2010/06/08 1750 | 000,000,188 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\Mail.url
[2010/06/08 15:40:59 | 000,167,096 | ---- | M] () -- C:\WINDOWS\Intelligent IP Installer Uninstaller.exe
[2010/05/23 0658 | 000,001,349 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\Shortcut to 1.sec.lnk
[2010/05/23 0627 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\Shortcut to additional how to content.lnk
[2010/05/23 06:20:03 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\Shortcut to 2.16 langs.lnk
[2010/05/23 06:18:23 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\Shortcut to 6.pictures.lnk
[2010/05/23 06:17:54 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\Shortcut to nw music.lnk
[2010/05/23 06:16:14 | 000,001,192 | ---- | M] () -- C:\Documents and Settings\Gemma\Desktop\Shortcut to 16.Radio.lnk
[2010/05/23 04:19:07 | 000,005,049 | ---- | M] () -- C:\index.html
[2010/05/23 04:19:07 | 000,004,243 | ---- | M] () -- C:\backblue.gif
[2010/05/23 04:19:07 | 000,000,828 | ---- | M] () -- C:\fade.gif
[2010/05/23 04:06:37 | 000,000,000 | ---- | M] () -- C:\q1.whtt
[2010/05/21 19:49:42 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mendeley Desktop.lnk
[2010/05/14 07:32:01 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\isolat e.ini
[1 C:\Documents and Settings\Gemma\Desktop\*.tmp files -> C:\Documents and Settings\Gemma\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Gemma\*.tmp files -> C:\Documents and Settings\Gemma\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/10 18:06:36 | 002,279,478 | ---- | C] () -- C:\Documents and Settings\Gemma\Desktop\1.jpg
[2010/08/10 01:11:47 | 000,666,436 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/08/09 09:17:28 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet v.cat
[2010/08/09 09:17:28 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet .cat
[2010/08/09 09:17:28 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet v.inf
[2010/08/09 09:17:28 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet .inf
[2010/08/09 09:17:27 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa .cat
[2010/08/09 09:17:27 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx .cat
[2010/08/09 09:17:27 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp. cat
[2010/08/09 09:17:27 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds. cat
[2010/08/09 09:17:27 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa .inf
[2010/08/09 09:17:27 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds. inf
[2010/08/09 09:17:27 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx .inf
[2010/08/09 09:17:27 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp. inf
[2010/08/09 09:17:26 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.c at
[2010/08/09 09:17:26 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.i nf
[2010/08/09 09:17:25 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx8 6.cat
[2010/08/09 09:17:25 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx8 6.inf
[2010/08/09 09:16:27 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\isolat e.ini
[2010/08/09 04:48:11 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/09 04:48:11 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/09 04:47:56 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/08/07 19:20:17 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Gemma\Desktop\Paint.lnk
[2010/08/07 14:54:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
[2010/08/07 14:45:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_010 09.Wdf
[2010/08/07 14:45:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_C oinstaller_Critical.Wdf
[2010/08/07 05:45:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDrive r_01_09_00.Wdf
[2010/08/07 05:45:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00. Wdf
[2010/08/07 05:04:59 | 000,417,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/06 05:57:44 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\Gemma\Start Menu\Programs\Startup\zFTPServer Administration.lnk
[2010/08/06 05:34:36 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Wing FTP Server Admin.lnk
[2010/08/01 19:43:25 | 000,010,856 | ---- | C] () -- C:\WINDOWS\ips.INI
[2010/08/01 18:52:34 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/01 18:52:34 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/07/29 21:15:43 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\Gemma\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/07/29 21:14:51 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/29 15:54:15 | 000,004,040 | -HS- | C] () -- C:\Documents and Settings\Gemma\Application Data\02000000c76e0718976P.manifest
[2010/07/29 15:54:15 | 000,000,138 | -HS- | C] () -- C:\Documents and Settings\Gemma\Application Data\02000000c76e0718976O.manifest
[2010/07/29 15:54:15 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\Gemma\Application Data\02000000c76e0718976C.manifest
[2010/07/29 15:54:15 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Gemma\Application Data\02000000c76e0718976S.manifest
[2010/07/28 20:18:49 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2010/07/27 14:41:25 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/27 14:32:00 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/07/25 01:29:20 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Convert Monkey.lnk
[2010/07/25 01:29:19 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Gemma\Desktop\Convert Monkey.lnk
[2010/06/13 20:58:27 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/10 21:18:23 | 000,002,257 | ---- | C] () -- C:\Documents and Settings\Gemma\Desktop\Skype.lnk
[2010/06/09 18:29:28 | 000,000,954 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/08 15:40:58 | 000,167,096 | ---- | C] () -- C:\WINDOWS\Intelligent IP Installer Uninstaller.exe
[2010/06/08 14:24:12 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/08 14:24:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/05/23 04:19:07 | 000,005,049 | ---- | C] () -- C:\index.html
[2010/05/23 04:19:07 | 000,004,243 | ---- | C] () -- C:\backblue.gif
[2010/05/23 04:19:07 | 000,000,828 | ---- | C] () -- C:\fade.gif
[2010/05/23 03:45:34 | 000,000,000 | ---- | C] () -- C:\q1.whtt
[2010/05/21 19:49:42 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mendeley Desktop.lnk
[2010/05/19 18:50:26 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Gemma\.log
[2010/05/19 01:58:44 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\Gemma\Desktop\Shortcut to additional how to content.lnk
[2010/05/18 19:08:18 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw8b.bin
[2010/02/20 04:32:10 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/02/19 22:17:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/02/19 13:48:20 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE V30V300DEFGIPSRUk.ini
[2010/02/16 16:37:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/31 22:49:57 | 000,000,101 | ---- | C] () -- C:\WINDOWS\BUZZTWLC.INI
[2010/01/22 22:36:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\speaktext32.dll
[2010/01/15 00:51:09 | 000,000,131 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2010/01/15 00:51:09 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2010/01/15 00:51:09 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009/10/25 00:45:31 | 000,000,123 | ---- | C] () -- C:\WINDOWS\System32\QVPMON.INI
[2009/06/24 12:12:31 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/24 12:12:31 | 000,655,872 | ---- | C] () -- C:\WINDOWS\System32\xviddll.dll
[2009/06/24 12:12:31 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/12 14:44:02 | 000,000,587 | ---- | C] () -- C:\WINDOWS\System32\AcaTTS.ini
[2009/03/11 15:01:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\g_lfolqn319.ini
[2009/02/21 23:45:35 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/21 22:51:28 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/21 21:53:30 | 000,000,324 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2009/01/23 09:58:58 | 004,239,360 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2009/01/23 09:58:58 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2009/01/20 05:55:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/19 11:49:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/01/06 17:22:52 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\qsysd.dll
[2008/11/13 19:55:59 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/10/29 16:11:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/10/27 19:38:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/06 21:54:34 | 000,000,065 | ---- | C] () -- C:\WINDOWS\TUTORI~1.INI
[2008/08/13 17:52:22 | 000,000,184 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/29 05:14:04 | 000,223,744 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2007/11/09 14:53:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AcaTtsSapi5.dll
[2007/11/06 21:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/15 08:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/04/12 10:29:08 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\Upgrade.dll
[2006/01/20 11:12:16 | 000,340,026 | R--- | C] () -- C:\WINDOWS\System32\LIBBZ2.dll
[2006/01/12 17:47:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\clkwise.dll
[2005/08/31 10:25:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DICTDLL.dll
[2004/02/28 06:30:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TrustSupport.dll
[2003/08/07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1998/05/06 09:19:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

========== LOP Check ==========

[2008/08/13 18:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/08/06 05:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codeorigin
[2010/02/16 16:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/02/21 23:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/08/06 05:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Golden FTP Server
[2010/08/07 17:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/06/11 22:43:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\konasys32
[2009/03/11 15:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel
[2010/01/22 10:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NaturalSoft
[2009/12/04 23:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/08/07 05:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/08/07 05:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2008/10/05 04:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/08/23 20:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenDNS Updater
[2010/02/05 1707 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/01/14 07:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/09/03 15:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/04/15 02:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/02/01 14:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2008/10/05 04:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/08/13 23:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2009/08/19 22:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tcpIQ
[2010/08/09 14:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/03 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/10/25 00:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/11/04 13:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/17 16:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/07/27 14:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/27 15:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/09 03:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/04/21 14:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/01/22 10:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Acapela Group
[2010/06/12 20:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6 .1
[2010/04/05 03:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\BeatportDownloader.EE670286545758FAB4A69D4439 CF6054F83E0AC2.1
[2009/08/18 20:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Canneverbe_Limited
[2009/10/25 01:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\CASIO
[2008/11/04 18:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B 320485DF8CE.1
[2010/02/19 22:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Desktopicon
[2010/02/24 05:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\EPSON
[2010/08/05 00:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\FileZilla
[2009/02/21 23:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\FLVPlayer4Free
[2010/02/24 06:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\GrabPro
[2009/08/19 21:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\IObit
[2010/01/24 04:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\iPodder
[2008/08/13 18:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Leadertech
[2010/08/11 01:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\LimeWire
[2010/05/23 03:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Microsys
[2010/04/02 20:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Mobipocket
[2010/08/07 17:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Nokia
[2008/10/05 04:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Nuance
[2009/07/13 07:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\OpenOffice.org
[2010/08/01 18:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Opera
[2010/02/07 22:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Orbit
[2010/04/07 13:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\PC Suite
[2010/01/24 07:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\podAmigo
[2010/01/31 22:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Smart PDF Converter Pro
[2010/02/07 02:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Transparent
[2009/10/25 01:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Ulead Systems
[2010/06/10 1859 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\Uniblue
[2010/08/06 05:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemma\Application Data\zFTPServer Suite
[2010/08/11 01:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/08/13 1720 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/23 04:19:07 | 000,004,243 | ---- | M] () -- C:\backblue.gif
[2009/02/11 13:43:35 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009/02/11 11:45:59 | 000,000,000 | RHS- | M] () -- C:\config.sys
[2010/05/23 04:19:07 | 000,000,828 | ---- | M] () -- C:\fade.gif
[2010/08/11 01:10:28 | 2146,488,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/23 04:19:07 | 000,005,049 | ---- | M] () -- C:\index.html
[2008/08/13 1720 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/13 1720 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/29 14:46:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/11 01:10:25 | 2146,414,592 | -HS- | M] () -- C:\pagefile.sys
[2009/10/25 00:20:44 | 000,000,186 | ---- | M] () -- C:\picsetup.log
[2010/05/23 04:06:37 | 000,000,000 | ---- | M] () -- C:\q1.whtt
[2010/01/24 00:06:10 | 000,000,000 | ---- | M] () -- C:\sts
[2010/08/06 06:42:25 | 000,000,387 | ---- | M] () -- C:\sysaxservd.log
[2010/02/06 15:44:51 | 000,000,839 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/13 17:59:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/13 17:59:51 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/13 17:59:51 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 01:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< Read more: http://www.d-a-l.com/help/spyware-ad...#ixzz0wFg8Fyer >
Invalid Switch: 68933-read-first-important-instructions-updated.html#ixzz0wFg8Fyer

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14DAD114
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F39681F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:223BB3A1

< End of report >

Hi,

I ran the MBR Check aigain following the instructions.
Here is the Log before reboot.
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000008d

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74C0000 atapi.sys
0xF7717000 cercsr6.sys
0xF74A8000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7488000 fltmgr.sys
0xF7432000 SYMDS.SYS
0xF7420000 sr.sys
0xF786A000 SYMEFA.SYS
0xF7647000 PxHelp20.sys
0xF789B000 PzWDM.sys
0xF7409000 KSecDD.sys
0xF7853000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF795A000 NDIS.sys
0xF7839000 Mup.sys
0xF7657000 agp440.sys
0xF792B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF7687000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA59F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xBA58B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7757000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA567000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF775F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA533000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xBA510000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA411000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xBA36A000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7777000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA342000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7787000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7697000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7797000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7943000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA32E000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77A7000 \SystemRoot\system32\drivers\Afc.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF77BF000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA2EE000 \SystemRoot\system32\drivers\smwdm.sys
0xBA2CA000 \SystemRoot\system32\drivers\portcls.sys
0xF76E7000 \SystemRoot\system32\drivers\drmk.sys
0xBA217000 \SystemRoot\system32\drivers\senfilt.sys
0xF7AB2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA200000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7587000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7577000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA14F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7567000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF780F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF781F000 \SystemRoot\system32\DRIVERS\tap0901.sys
0xF7999000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7557000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF772F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7547000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xF799F000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA0A1000 \SystemRoot\system32\DRIVERS\update.sys
0xBA7D8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7537000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7527000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79AB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7747000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79AF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A85000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B3000 \SystemRoot\System32\Drivers\Beep.SYS
0xF777F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF778F000 \SystemRoot\System32\drivers\vga.sys
0xF79B7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79BB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77AF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77C7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA6E3000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB0F2C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB0ED3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB0E7C000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SYMTD I.SYS
0xB0E56000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF74F7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB0E31000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB0DDC000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20 100809.001\IDSxpx86.sys
0xB0DB5000 \SystemRoot\System32\Drivers\Mpfp.sys
0xBA7A0000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB0D8D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB0D55000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xB0D0B000 \SystemRoot\System32\drivers\afd.sys
0xBA790000 \SystemRoot\system32\drivers\ip6fw.sys
0xF7807000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA780000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB0C4C000 \SystemRoot\system32\drivers\NIS\1107000.00C\Ironx 86.SYS
0xB0BD7000 \SystemRoot\system32\DRIVERS\Dr71WU.sys
0xBA770000 \SystemRoot\system32\drivers\NIS\1107000.00C\SRTSP X.SYS
0xB0BAC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA09A000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB0B3C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA760000 \SystemRoot\System32\Drivers\Fips.SYS
0xB0ADE000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB0AC1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB0A42000 \SystemRoot\system32\drivers\NIS\1107000.00C\ccHPx 86.sys
0xB0996000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\2 0100719.001\BHDrvx86.sys
0xBA740000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA10F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA08F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA730000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA720000 \SystemRoot\system32\drivers\usbaudio.sys
0xBA087000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA7CC000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7737000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A56000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB0535000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB03F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB0198000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF798D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF779F000 \??\C:\WINDOWS\system32\ANIO.SYS
0xAFD81000 \SystemRoot\system32\DRIVERS\srv.sys
0xAFF78000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAF708000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SRTSP .SYS
0xAF5BC000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\ 20100811.002\NAVEX15.SYS
0xAF5A8000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\ 20100811.002\NAVENG.SYS
0xAF517000 \SystemRoot\System32\Drivers\HTTP.sys
0xAF4B2000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA170000 \SystemRoot\system32\drivers\sysaudio.sys
0xAE293000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
1864 C:\WINDOWS\system32\smss.exe
1912 csrss.exe
1936 C:\WINDOWS\system32\winlogon.exe
1984 C:\WINDOWS\system32\services.exe
1996 C:\WINDOWS\system32\lsass.exe
240 C:\WINDOWS\system32\svchost.exe
340 svchost.exe
400 C:\WINDOWS\system32\svchost.exe
440 C:\WINDOWS\system32\svchost.exe
568 svchost.exe
772 svchost.exe
1080 C:\WINDOWS\system32\spoolsv.exe
1280 svchost.exe
1316 C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkL icenseServer.exe
1440 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1616 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1632 C:\Program Files\Bonjour\mDNSResponder.exe
1656 svchost.exe
1800 C:\WINDOWS\system32\cisvc.exe
1840 C:\Program Files\FileZilla Server\FileZilla server.exe
1116 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
1216 C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler. exe
1288 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
1344 C:\Program Files\Input Director\IDWinService.exe
1388 C:\Program Files\Input Director\InputDirectorSessionHelper.exe
1384 C:\Program Files\Java\jre6\bin\jqs.exe
1504 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1572 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
1628 C:\WINDOWS\system32\nvsvc32.exe
1664 C:\WINDOWS\system32\HPZipm12.exe
1700 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
704 C:\WINDOWS\system32\tcpsvcs.exe
1772 C:\WINDOWS\system32\svchost.exe
1680 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
1884 C:\Program Files\Wing FTP Server\WFTPServer.exe
608 C:\Program Files\zFTPServer\zFTPServer.exe
3432 alg.exe
2888 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
3028 C:\WINDOWS\explorer.exe
3632 C:\Program Files\Analog Devices\Core\smax4pnp.exe
3752 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3868 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
3904 C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
3972 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
640 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1988 C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
2336 C:\WINDOWS\system32\rundll32.exe
2424 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
2712 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
3876 C:\Program Files\iTunes\iTunesHelper.exe
1888 C:\Program Files\Common Files\Java\Java Update\jusched.exe
952 C:\WINDOWS\system32\ctfmon.exe
2228 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
900 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
3536 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
1020 C:\Program Files\iPod\bin\iPodService.exe
2732 C:\WINDOWS\system32\cidaemon.exe
3560 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
3980 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
2836 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
4076 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
4072 H:\5.Desktop\7.prg icons\2.sort the pc\1.sec\v dal\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: Maxtor6Y120P0, Rev: YAR41BW0
PhysicalDrive1 Model Number: WD2500BEV External, Rev: 1.04

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 34909033E27515C770D5F7C2C533AE73CAE376C1
232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 2BE9ACE700A45722604874D4A10E3B6A212931F3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!