OTL Extras logfile created on: 5/7/2010 7:46:03 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 16.00% Memory free
995.00 Mb Paging File | 336.00 Mb Available in Paging File | 34.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.59 Gb Total Space | 8.97 Gb Free Space | 51.00% Space Free | Partition Type: NTFS
Drive D: | 19.67 Gb Total Space | 17.60 Gb Free Space | 89.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 953.19 Mb Total Space | 510.20 Mb Free Space | 53.53% Space Free | Partition Type: FAT
Drive G: | 476.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KENNETH
Current User Name: ram
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\ram\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Documents and Settings\ram\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\Registry Easy\RE.exe" = C:\Program Files\Registry Easy\RE.exe:*:Enabled:Registry Easy -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79208609-FD44-4865-AE2B-784FDF31212C}_is1" = GameHouse Super Games AIO®
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{F1362843-0E0E-4F74-8662-724CF101ADCE}" = Skype web features
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitZipper_is1" = BitZipper 2010
"DHCP Turbo" = DHCP Turbo
"ERUNT_is1" = ERUNT 1.1j
"Garena" = Garena
"ie8" = Windows Internet Explorer 8
"LAN On Internet Pro_is1" = LAN On Internet Pro Beta
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"RegDefense" = RegDefense
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"Spyware Doctor" = Spyware Doctor 6.0
"Tiny DHCP Server" = Tiny DHCP Server
"ToggleEN Toolbar" = ToggleEN Toolbar
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Warkeys" = Warkeys 1.16.0.0b
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"XP TCP/IP Repair_is1" = XP TCP/IP Repair
"Yahoo! Messenger" = Yahoo! Messenger
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/31/2001 12:03:58 PM | Computer Name = PC-RAM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 12/31/2001 12:03:59 PM | Computer Name = PC-RAM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 12/31/2001 12:04:01 PM | Computer Name = PC-RAM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 12/31/2001 9:11:10 PM | Computer Name = PC-RAM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 12/31/2001 9:11:10 PM | Computer Name = PC-RAM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 12/31/2001 9:11:10 PM | Computer Name = PC-RAM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/3/2009 3:05:22 AM | Computer Name = PC-RAM | Source = Application Error | ID = 1000
Description = Faulting application garena.exe, version 3.3.0.1922, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00066668.
Error - 10/3/2009 5:09:40 AM | Computer Name = PC-RAM | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/4/2009 1:48:41 AM | Computer Name = PC-RAM | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/4/2009 7:52:44 AM | Computer Name = PC-RAM | Source = Application Error | ID = 1000
Description = Faulting application garena.exe, version 3.3.0.1922, faulting module
garena.exe, version 3.3.0.1922, fault address 0x0001fd2f.
[ System Events ]
Error - 5/7/2010 7:37:56 AM | Computer Name = KENNETH | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 5/7/2010 7:37:56 AM | Computer Name = KENNETH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 5/7/2010 7:38:08 AM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7000
Description = The Dr.Web Scanning Engine (DrWebEngine) service failed to start due
to the following error: %%3
Error - 5/7/2010 7:38:11 AM | Computer Name = KENNETH | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 5/7/2010 7:38:11 AM | Computer Name = KENNETH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 5/7/2010 7:39:03 AM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
epfwtdi
Error - 5/7/2010 7:45:01 AM | Computer Name = KENNETH | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
Error - 5/7/2010 7:45:01 AM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2
Error - 5/7/2010 7:46:39 AM | Computer Name = KENNETH | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
Error - 5/7/2010 7:46:40 AM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2
[ TuneUp Events ]
Error - 7/7/2009 9:40:13 PM | Computer Name = PC-RAM | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 7/17/2009 10:13:04 PM | Computer Name = PC-RAM | Source = TuneUp Program Statistics | ID = 131840
Description =
< End of report >
Log for OTL(OTL.txt):
OTL logfile created on: 5/7/2010 7:46:03 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 16.00% Memory free
995.00 Mb Paging File | 336.00 Mb Available in Paging File | 34.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.59 Gb Total Space | 8.97 Gb Free Space | 51.00% Space Free | Partition Type: NTFS
Drive D: | 19.67 Gb Total Space | 17.60 Gb Free Space | 89.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 953.19 Mb Total Space | 510.20 Mb Free Space | 53.53% Space Free | Partition Type: FAT
Drive G: | 476.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KENNETH
Current User Name: ram
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/06 19:33:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/05/04 20:16:13 | 000,094,208 | ---- | M] () -- C:\Program Files\Tiny DHCP Server\dhcpsrv.exe
PRC - [2010/04/02 08:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/11/19 02:32:36 | 000,106,608 | ---- | M] () -- C:\Program Files\RegDefense\RDFNSListener.exe
PRC - [2009/09/26 02:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
PRC - [2009/01/21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/12/08 13:33:48 | 001,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008/07/28 17:28:12 | 000,575,488 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe
========== Modules (SafeList) ==========
MOD - [2010/05/06 19:33:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2009/02/13 14:11:44 | 000,100,864 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\klg.dat
MOD - [2008/11/13 14:19:40 | 000,148,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine)
SRV - File not found [Auto | Stopped] -- -- (DHCP Turbo)
SRV - [2010/05/04 20:16:13 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\Tiny DHCP Server\dhcpsrv.exe -- (Tiny DHCP Server service)
SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/01/21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/14 05:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
========== Driver Services (SafeList) ==========
DRV - [2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/02/18 07:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/18 07:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 07:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/06 16:36:30 | 000,083,064 | ---- | M] (Doctor Web) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\drwebaf.sys -- (DRWEBAF)
DRV - [2009/04/03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/07/28 17:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2004/08/04 06:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/02/26 16:04:00 | 000,370,048 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.22
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.4
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6
FF - prefs.js..keyword.URL: "http://www.fastbrows...1FBD63B249}&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/06 14:48:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/03 23:44:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/02/05 11:08:08 | 000,000,000 | ---D | M]
[2009/08/21 12:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\Mozilla\Extensions
[2010/04/27 01:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\extensions
[2010/02/05 13:19:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/05 13:55:48 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2010/02/06 00:05:17 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/08/24 20:25:02 | 000,000,000 | ---D | M] (My Tattoons (Fast Browser Search)) -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/09/23 00:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\extensions\[email protected]
[2010/03/16 11:33:24 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\searchplugins\conduit.xml
[2009/08/21 17:34:34 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\ram\Application Data\Mozilla\Firefox\Profiles\jinq03nn.default\searchplugins\mywebsearch.xml
[2002/01/01 00:17:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2002/01/01 00:18:43 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2002/01/01 00:18:43 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
O1 HOSTS File: ([2010/05/03 12:23:15 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found.
O2 - BHO: (no name) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [mspaint] C:\WINDOWS\System32\Paint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RDFNSListener] C:\Program Files\RegDefense\RDFNSListener.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\ram\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\ram\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O4 - Startup: C:\Documents and Settings\ram\Start Menu\Programs\Startup\Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: link = [binary data]
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\ram\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ram\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 11:03:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/21 06:36:27 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O32 - AutoRun File - [2004/03/01 18:50:00 | 000,000,145 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Play.exe -- [2002/04/18 11:40:08 | 000,045,056 | R--- | M] (Riverdeep Interactive Learning Limited)
O33 - MountPoints2\G\Shell\install\command - "" = G:\INSTALL\_Setup.exe -- [1999/01/11 00:40:20 | 000,073,728 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/05/07 19:39:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== Files/Folders - Created Within 90 Days ==========
[2010/05/07 19:42:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/06 21:02:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/06 21:02:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/06 21:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/06 20:55:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/06 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/06 20:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/04 20:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ToggleEN
[2010/05/04 20:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Tiny DHCP Server
[2010/05/04 20:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Tiny DHCP Server
[2010/05/02 21:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\XP TCPIP Repair
[2010/04/30 20:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/30 20:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/04/29 21:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2010/04/29 20:21:14 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/04/29 20:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\DHCP Turbo
[2010/04/28 23:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/04/28 23:57:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/28 23:57:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/28 23:57:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/28 23:57:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/28 23:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/28 23:40:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/04/28 23:35:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/28 23:05:47 | 000,000,000 | ---D | C] -- C:\temp
[2010/04/28 14:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\RegDefense
[2010/04/26 16:04:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/25 01:18:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ram\My Documents\My Pictures
[2010/04/25 00:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2010/04/22 22:58:48 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/04/22 06:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\crowsoft
[2010/04/22 06:57:25 | 000,032,768 | ---- | C] (CrowSoft) -- C:\WINDOWS\System32\ilannsp.dll
[2010/04/22 06:57:24 | 000,153,088 | ---- | C] (CrowSoft) -- C:\WINDOWS\System32\LOILSP.dll
[2010/04/22 06:57:23 | 000,239,616 | ---- | C] (Crow-soft) -- C:\WINDOWS\System32\LANoiService.exe
[2010/04/22 06:47:15 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\winsockfix.exe
[2010/04/20 14:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/20 14:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ram\Application Data\SUPERAntiSpyware.com
[2010/04/20 14:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/24 20:33:50 | 000,055,232 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/03/24 20:23:52 | 000,139,192 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
========== Files - Modified Within 90 Days ==========
[2010/05/07 19:49:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E01470E-21CB-4047-980C-4DC584995042}.job
[2010/05/07 19:41:53 | 000,000,474 | ---- | M] () -- C:\Shortcut to Shared Documents.lnk
[2010/05/07 19:35:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/07 19:34:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/07 16:07:24 | 002,106,738 | -H-- | M] () -- C:\Documents and Settings\ram\Local Settings\Application Data\IconCache.db
[2010/05/07 00:50:10 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\ram\NTUSER.DAT
[2010/05/07 00:50:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ram\ntuser.ini
[2010/05/06 21:02:58 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/06 20:54:24 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\NTREGOPT.lnk
[2010/05/06 20:54:24 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\ERUNT.lnk
[2010/05/06 20:28:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 23:07:01 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/04 20:16:14 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\Tiny DHCP Server.lnk
[2010/05/03 20:46:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/03 20:25:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/03 12:35:08 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\&Run....lnk
[2010/05/03 12:23:15 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/02 21:53:33 | 000,000,577 | ---- | M] () -- C:\Documents and Settings\ram\xtt
[2010/05/02 21:16:59 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\XP TCPIP Repair.lnk
[2010/05/02 13:55:23 | 000,000,125 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\.bat
[2010/04/30 19:51:56 | 000,000,889 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 20:20:12 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/04/29 19:54:15 | 000,507,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/29 19:54:15 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/29 19:54:15 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 17:02:08 | 000,042,944 | ---- | M] () -- C:\Documents and Settings\ram\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 06:26:08 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\WindowsXP-KB942288-v3-x86.exe
[2010/04/29 00:10:23 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/28 23:42:45 | 000,250,048 | ---- | M] () -- C:\ntldr
[2010/04/28 23:13:59 | 000,000,369 | -HS- | M] () -- C:\boot.ini
[2010/04/28 19:22:56 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/28 14:06:28 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\RegDefense.lnk
[2010/04/26 16:04:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/26 15:53:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\IntIgn0xF28456.dat
[2010/04/25 01:22:18 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\ram\Desktop\Shortcut to RegistryBooster.lnk
[2010/04/25 01:09:32 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\RegistryEasy.lie
[2010/04/25 01:08:07 | 000,000,000 | RHS- | M] () -- C:\khq
[2010/04/25 01:06:14 | 000,000,990 | RHS- | M] () -- C:\Documents and Settings\ram\ntuser.pol
[2010/04/24 23:33:17 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2010/04/21 09:47:44 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\winsockfix.exe
[2010/04/20 14:34:32 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/04/20 14:25:53 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/03/11 15:17:42 | 000,185,835 | ---- | M] () -- C:\shldr
========== Files Created - No Company Name ==========
[2010/05/07 19:41:53 | 000,000,474 | ---- | C] () -- C:\Shortcut to Shared Documents.lnk
[2010/05/06 21:02:58 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/06 20:54:24 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\NTREGOPT.lnk
[2010/05/06 20:54:24 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\ERUNT.lnk
[2010/05/04 20:16:14 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\Tiny DHCP Server.lnk
[2010/05/04 18:25:33 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\ram\reset.txt
[2010/05/03 20:19:02 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/05/03 20:19:02 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/05/03 20:19:02 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/05/03 20:19:02 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/05/03 20:19:01 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/05/03 20:19:01 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/05/03 20:19:01 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/05/03 20:19:00 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/05/03 20:19:00 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/05/03 20:19:00 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/05/03 20:19:00 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/05/03 20:19:00 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/05/03 20:19:00 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/05/03 20:19:00 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/05/03 20:19:00 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/05/03 20:19:00 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/05/03 20:18:59 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/05/03 20:18:58 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/05/03 20:18:58 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/05/03 20:18:58 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/05/03 20:18:58 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/05/03 20:18:58 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/05/03 20:18:58 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/05/03 20:18:58 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/05/03 20:18:57 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/05/03 20:18:57 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/05/03 20:18:57 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/05/03 20:18:57 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/05/03 20:18:57 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/05/03 20:18:57 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/05/03 20:18:57 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/05/03 20:18:57 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/05/03 20:18:57 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/05/03 20:18:57 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/05/03 20:18:57 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/05/03 20:18:57 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/05/03 20:18:57 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/05/03 20:18:57 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/05/03 20:18:57 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/05/03 20:18:56 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/05/03 20:18:56 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/05/03 20:18:56 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/05/03 20:18:56 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/05/03 20:18:56 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/05/03 20:18:56 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/05/03 20:18:56 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/05/03 20:18:56 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/05/03 20:18:56 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/05/03 20:18:56 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/05/03 20:18:55 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/05/03 20:18:55 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/05/03 20:18:55 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/05/03 20:18:55 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/05/03 20:18:55 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/05/03 20:18:55 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/05/03 20:18:55 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/05/03 20:18:55 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/05/03 20:18:55 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/05/03 20:18:55 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/05/03 20:18:55 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/05/03 20:18:55 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/05/03 20:18:55 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/05/03 20:18:55 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/05/03 20:18:55 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/05/03 20:18:53 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/05/03 20:18:53 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/05/03 20:18:53 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/05/03 20:18:53 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/05/03 20:18:52 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/05/03 20:18:51 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/05/03 20:18:51 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/05/03 20:18:49 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/05/03 20:18:49 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/05/03 20:18:49 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/05/03 20:18:49 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/05/03 20:18:48 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/05/03 20:18:48 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/05/03 20:18:48 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/05/03 20:18:48 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/05/03 20:18:48 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/05/03 20:18:48 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/05/03 20:18:48 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/05/03 20:18:42 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010/05/03 20:18:39 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010/05/03 20:18:39 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010/05/03 12:35:08 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\&Run....lnk
[2010/05/02 21:53:32 | 000,000,577 | ---- | C] () -- C:\Documents and Settings\ram\xtt
[2010/05/02 21:47:08 | 000,001,591 | ---- | C] () -- C:\Documents and Settings\ram\tmp.txt
[2010/05/02 21:16:59 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\XP TCPIP Repair.lnk
[2010/05/02 13:55:14 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\.bat
[2010/04/30 18:26:32 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\WindowsXP-KB942288-v3-x86.exe
[2010/04/28 23:44:12 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/28 23:44:08 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/28 23:44:01 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/28 20:16:47 | 000,012,765 | ---- | C] () -- C:\Documents and Settings\ram\reset.log
[2010/04/28 14:06:28 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\RegDefense.lnk
[2010/04/27 13:33:57 | 000,001,804 | ---- | C] () -- C:\Program Files\hotfix.txt
[2010/04/27 02:02:28 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\ram\resetlog.txt
[2010/04/26 21:31:31 | 000,000,577 | ---- | C] () -- C:\Documents and Settings\ram\ipconfig.txt
[2010/04/26 15:53:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\IntIgn0xF28456.dat
[2010/04/25 01:22:18 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\ram\Desktop\Shortcut to RegistryBooster.lnk
[2010/04/25 01:08:07 | 000,000,000 | RHS- | C] () -- C:\khq
[2010/04/24 23:34:37 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\RegistryEasy.lie
[2010/04/24 23:33:15 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2010/04/20 14:34:32 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/10/02 21:45:35 | 000,000,323 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/10/02 21:45:25 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2009/07/02 13:15:32 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/07/02 13:15:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/07/02 12:39:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/04/22 07:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\crowsoft
[2010/02/06 17:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Doctor Web
[2010/02/04 15:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/08/02 22:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/05/07 19:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/02 13:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2009/07/04 19:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/08/02 22:36:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/02/04 02:57:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2010/01/30 23:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\BitZipper
[2010/02/04 15:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\ESET
[2009/07/21 20:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\GarageGames
[2010/02/04 18:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\GetRightToGo
[2010/04/22 23:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\TeamViewer
[2009/07/04 19:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\TuneUp Software
[2009/07/04 10:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ram\Application Data\Uniblue
[2010/04/24 23:33:17 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\Schedule Task Weekly.job
[2010/05/07 19:49:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3E01470E-21CB-4047-980C-4DC584995042}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/07/02 11:03:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/28 23:13:59 | 000,000,369 | -HS- | M] () -- C:\boot.ini
[2009/07/02 11:03:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/02 11:03:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/25 01:08:07 | 000,000,000 | RHS- | M] () -- C:\khq
[2009/07/02 11:03:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 10:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/28 23:42:45 | 000,250,048 | ---- | M] () -- C:\ntldr
[2009/08/29 00:36:16 | 000,230,432 | ---- | M] () -- C:\PA7302.DAT
[2010/05/07 19:34:34 | 536,870,912 | -HS- | M] () -- C:\pagefile.sys
[2010/03/11 15:17:42 | 000,185,835 | ---- | M] () -- C:\shldr
[2010/05/07 19:41:53 | 000,000,474 | ---- | M] () -- C:\Shortcut to Shared Documents.lnk
[2009/08/02 22:36:41 | 017,774,920 | ---- | M] (TuneUp Software) -- C:\TU2009TrialEN-US.exe
[2008/06/03 07:49:16 | 000,557,608 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB953761-x86-ENU.exe
[2010/04/21 09:47:44 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\winsockfix.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/07/02 18:40:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/02 18:40:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/02 18:40:01 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\ehdrv.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfw.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwndis.sys
[2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >