1) I'm getting periodic blue screen stop errors. These have varied from a full day after rebooting to only a few hours after rebooting. I thing many of them were caused by a faulty monitor driver since these started right after I swapped out my monitor, and after fixing the driver, they are less common. Since then, the error I am getting is:
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 5/14/2010
Time: 11:50:33 AM
User: N/A
Computer: OYML
Description:
Error code 0000001a, parameter1 00041284, parameter2 08a69001, parameter3 00002a9b, parameter4 c0883000.
2) Most of the time when I reboot, I get an Explorer error that says:
The instruction at "0x7342611a" referenced memory at "0x7342611a".
The memory could not be "written".
I think I might have a memory issue, but I haven't yet investigated that route fully. I thought I might post here first and make sure there isn't any other problem before I proceed with hardware testing. I ran through all the steps on the cleaning guide: TFC, ERUNT, MB Anti-Malware, Avast!, GMER, and OTL. Avast was still doing a file scan when I went to bed and the system was stopped when I got up, so I don't know if it completed, but as of the time I went to bed, it had finished scanning the system drive without finding anything.
Unfortunately, my system did not include Windows installation disks, only a recovery partition. Otherwise I would do a repair install to see if that fixed anything. My system : Athlon 64 3700+, Windows XP SP3, 3GB RAM.
Here's my logs:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4097
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/13/2010 12:43:53 PM
mbam-log-2010-05-13 (12-43-53).txt
Scan type: Quick scan
Objects scanned: 140583
Time elapsed: 12 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-14 15:39:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ugldapoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xEDB7BBDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xED9B56B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xEDB7B1B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xEDB7B840]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xED9B5574]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xEDB7B09A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xEDB7D06A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xEDB7D302]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xEDB7AC60]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xEDB7BFC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xED9B5A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xED9B514C]
SSDT spbl.sys ZwEnumerateKey [0xF72ACDA4]
SSDT spbl.sys ZwEnumerateValueKey [0xF72AD132]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xEDB7CCEC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xEDB7B43C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xEDB7BA1C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xED9B564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xED9B508C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xEDB7B6CC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xED9B50F0]
SSDT spbl.sys ZwQueryKey [0xF72AD20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xED9B576E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xEDB7C720]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xEDB7D648]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xED9B572E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xEDB7CA88]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xEDB7BDC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xEDB7CE9A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xED9B58AE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xEDB7B3D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xEDB7B5C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xEDB7AF64]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xEDB7AE32]
INT 0x62 ? 8DB02BF8
INT 0x63 ? 8D8CBF00
INT 0x82 ? 8DB02BF8
INT 0x83 ? 8DB02BF8
INT 0x83 ? 8DB02BF8
INT 0x83 ? 8D8CBF00
INT 0x83 ? 8DB02BF8
Code 8BB79BAC ZwRequestPort
Code 8BB79B0C ZwTraceEvent
Code 8BB79BAB NtRequestPort
Code 8BB79B0B NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!NtTraceEvent 80531840 5 Bytes JMP 8BB79B10
PAGE ntkrnlpa.exe!NtRequestPort 80597DD4 5 Bytes JMP 8BB79BB0
? spbl.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF56EE380, 0x566445, 0xE8000020]
.text USBPORT.SYS!DllUnload F56CE8AC 5 Bytes JMP 8D8CB4E0
.text az4gvddl.SYS F545A386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text az4gvddl.SYS F545A3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text az4gvddl.SYS F545A3C4 3 Bytes [00, 80, 02]
.text az4gvddl.SYS F545A3C9 1 Byte [30]
.text az4gvddl.SYS F545A3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E77A 5 Bytes JMP 8BB799D0
.text win32k.sys!EngCreateBitmap + DDB2 BF845CCB 5 Bytes JMP 8BB796B0
.text win32k.sys!EngCreateClip + 19C1 BF91313E 5 Bytes JMP 8BB79A70
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[312] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1824] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0040FD50 C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2944] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0050E060 C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\PeerBlock\peerblock.exe[3940] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0041FBE0 C:\Program Files\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8DAEC1F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom 8C0761F8
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBPDO-0 8D8BD4C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8DB701F8
Device \Driver\dmio \Device\DmControl\DmConfig 8DB701F8
Device \Driver\dmio \Device\DmControl\DmPnP 8DB701F8
Device \Driver\dmio \Device\DmControl\DmInfo 8DB701F8
Device \Driver\usbehci \Device\USBPDO-1 8D8A11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1D51F650-8F1E-4CD8-96CF-D469FDC966DD} 8C2F71F8
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8DB041F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8DB041F8
Device \Driver\Cdrom \Device\CdRom0 8D8951F8
Device \Driver\Cdrom \Device\CdRom1 8D8951F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8DB041F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-24 [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1c [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 8DB041F8
Device \Driver\usbstor \Device\000000c0 8C08B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8DB041F8
Device \Driver\usbstor \Device\000000c1 8C08B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 8DB041F8
Device \Driver\Ftdisk \Device\HarddiskVolume7 8DB041F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8C2F71F8
Device \Driver\usbstor \Device\000000c2 8C08B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume8 8DB041F8
Device \Driver\usbstor \Device\000000c3 8C08B1F8
Device \Driver\sptd \Device\2211275280 spbl.sys
Device \Driver\NetBT \Device\NetbiosSmb 8C2F71F8
Device \Driver\usbstor \Device\000000c4 8C08B1F8
Device \Driver\usbstor \Device\000000c5 8C08B1F8
Device \Driver\usbstor \Device\000000b9 8C08B1F8
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\PCI_PNP4030 \Device\00000089 spbl.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{17214CFA-65B1-40C2-A3ED-9EDF7D5EF03D} 8C2F71F8
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBFDO-0 8D8BD4C0
Device \Driver\usbehci \Device\USBFDO-1 8D8A11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8C29C500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8C29C500
Device \Driver\Ftdisk \Device\FtControl 8DB041F8
Device \Driver\usbstor \Device\000000bc 8C08B1F8
Device \Driver\usbstor \Device\000000bd 8C08B1F8
Device \Driver\usbstor \Device\000000be 8C08B1F8
Device \Driver\usbstor \Device\000000bf 8C08B1F8
Device \Driver\az4gvddl \Device\Scsi\az4gvddl1 8D7781F8
Device \Driver\az4gvddl \Device\Scsi\az4gvddl1Port4Path0Target0Lun0 8D7781F8
Device \FileSystem\Fastfat \Fat 8C0761F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Cdfs \Cdfs 8C0561F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -465821277
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1494996065
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0x8C 0xB6 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0x8D 0x60 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0xED 0x7E 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0x3A 0xC1 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x76 0x9A 0x34 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0x2F 0x18 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9F 0x5F 0x1A 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x86 0x90 0x2A 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2E 0x50 0x95 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x16 0xD9 0xD3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x13 0x7C 0x51 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0x8D 0x60 0x73 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0xED 0x7E 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0x3A 0xC1 0xF5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x76 0x9A 0x34 0x58 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0x2F 0x18 0xD3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9F 0x5F 0x1A 0xED ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32\guard32.dll
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 5/14/2010 3:54:17 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Downloads\Cleaning
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.22 Gb Total Space | 20.32 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 1.39 Gb Free Space | 34.08% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 40.07 Gb Free Space | 17.21% Space Free | Partition Type: NTFS
Drive G: | 153.38 Gb Total Space | 153.09 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 153.38 Gb Total Space | 117.96 Gb Free Space | 76.91% Space Free | Partition Type: NTFS
Drive X: | 914.43 Gb Total Space | 183.09 Gb Free Space | 20.02% Space Free | Partition Type: NTFS
Drive Y: | 465.65 Gb Total Space | 55.87 Gb Free Space | 12.00% Space Free | Partition Type: FAT32
Drive Z: | 914.43 Gb Total Space | 327.35 Gb Free Space | 35.80% Space Free | Partition Type: NTFS
Computer Name: OYML
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Downloads\Cleaning\05 - OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe (Foxit Software)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashLogV.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
PRC - C:\Program Files\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Program Files\Secunia\PSI\psi.exe (Secunia)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\EPSON\EpsonPrinterStudy4\EPCP.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Portable Apps\FeedReader\feedreader.exe ()
PRC - C:\Program Files\Everything\Everything.exe ()
PRC - C:\Program Files\Topos\cFosSpeed\spd.exe (cFos Software GmbH)
PRC - C:\Program Files\Topos\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Icecast2 Win32\icecastService.exe ()
PRC - C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\qmc.exe ()
PRC - C:\Program Files\Launchy\Launchy.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
PRC - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
PRC - C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\WinBar\WinBar.exe (JDM)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
PRC - C:\WINDOWS\zHotkey.exe ()
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - C:\Program Files\Cacheman\Cacheman.exe (Outer Technologies)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
========== Modules (SafeList) ==========
MOD - C:\Downloads\Cleaning\05 - OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\GPSoftware\Directory Opus\dopushlp.dll (GP Software)
MOD - C:\WINDOWS\HKNTDLL.dll ()
========== Win32 Services (SafeList) ==========
SRV - (KodakCCS) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (cmdAgent) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (EpsonPrinterStudy4) -- C:\Program Files\EPSON\EpsonPrinterStudy4\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (cFosSpeedS) -- C:\Program Files\Topos\cFosSpeed\spd.exe (cFos Software GmbH)
SRV - (Icecast-trunk) -- C:\Program Files\Icecast2 Win32\icecastService.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (MVPMedia) -- C:\Program Files\Hauppauge MediaMVP\MVPStart.exe (Hauppauge Computer Works)
SRV - (MVPMediaSvc) -- C:\Program Files\Hauppauge MediaMVP\Hardware\DglSvcMain.exe (Hauppauge Computer Works, Inc.)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (winvnc) -- C:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
========== Driver Services (SafeList) ==========
DRV - (SIVDRIVER) -- C:\WINDOWS\system32\drivers\SIVX32.sys (Ray Hinchliffe)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (cFosSpeed) -- C:\WINDOWS\system32\drivers\cfosspeed.sys (cFos Software GmbH)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (Cdralw2k) -- C:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (iaStor) -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)
DRV - (sbusb) -- C:\WINDOWS\system32\drivers\sbusb.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (vnccom) -- C:\WINDOWS\system32\drivers\vnccom.SYS (RDV Soft)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFModNT.sys (Creative Technology Ltd.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TP&M=GT4016
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=GT4016
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.gateway.c...h...TP&M=GT4016
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {AE37D527-6604-461c-8102-975CF8053A2F}:0.5.3.1
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.11.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {55009080-176f-11da-8cd6-0800200c9a66}:4.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:4.1.12s
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.9.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 21:28:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 23:17:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/06 11:40:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/30 10:02:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/05/06 11:40:54 | 000,000,000 | ---D | M]
[2008/06/17 15:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/14 12:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions
[2010/02/06 21:45:19 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/10/30 23:52:09 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/04/27 01:34:46 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 01:34:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/14 00:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2010/05/06 00:18:55 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/01/28 02:16:20 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/03/15 02:59:06 | 000,000,000 | ---D | M] (ImageBot) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
[2009/11/02 02:43:12 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/01/28 02:16:15 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010/05/06 00:18:58 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/06 00:23:33 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2007/12/20 17:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}
[2009/11/25 02:27:38 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2010/04/27 01:34:32 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/05/12 02:57:56 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/07/12 14:38:28 | 000,000,000 | ---D | M] (BBCode) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{AE37D527-6604-461c-8102-975CF8053A2F}
[2010/04/27 01:34:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/01 12:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{bbfec13c-8cb2-53f2-b852-999eb2a852c9}
[2008/08/23 12:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}-trash
[2010/05/06 00:19:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/27 01:34:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/09 23:55:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/09 22:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\dave2x@download
[2010/02/23 03:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]
[2009/12/26 23:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\filtersetg@updater
[2009/06/19 14:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]
[2010/04/27 01:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]
[2010/01/08 14:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]
[2010/03/15 02:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\SkipScreen@SkipScreen
[2009/10/20 11:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]
[2010/01/28 02:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]
[2008/05/02 14:08:52 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\allrecipes.xml
[2010/05/09 05:21:24 | 000,001,147 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\kraytracker.xml
[2010/05/03 13:36:00 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\stmusic-search.xml
[2008/08/21 15:45:48 | 000,002,011 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\support-alert.xml
[2008/05/23 02:02:32 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\webster.xml
[2009/06/02 16:18:29 | 000,001,184 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\winamp-search.xml
[2008/08/21 15:45:45 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\windowssecretscom.xml
[2010/05/14 12:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/27 03:51:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/04/26 15:05:58 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/25 02:23:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2009/12/17 20:31:54 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
O1 HOSTS File: ([2009/10/30 23:49:45 | 000,348,919 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11964 more lines...
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\Topos\cFosSpeed\cFosSpeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKCU..\Run: [Cacheman] C:\Program Files\Cacheman\Cacheman.exe (Outer Technologies)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKCU..\Run: [EPSON WorkForce 30 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [feedreader.exe] C:\Portable Apps\FeedReader\feedreader.exe ()
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunServices: [SchedulingAgent] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Music Anywhere Settings.lnk = C:\Program Files\Logitech\Music Anywhere\LMASysTray.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\QuickMonth Calendar.lnk = C:\WINDOWS\qmc.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WinBar.lnk = C:\Program Files\WinBar\WinBar.exe (JDM)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to MVP Favorite Radio Stations - C:\Program Files\Hauppauge MediaMVP\mvp.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.micros...i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gatew...r/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1169227185812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\dadb {82D6F09F-4AC2-11D3-8BD9-0080ADB8683C} - C:\Program Files\OrangeCD\dadb.dll (Firetongue Software)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\My Documents\DOpus_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\My Documents\DOpus_Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{ab1def2e-d5a2-11de-901a-00045a538d1f}\Shell\AutoRun\command - "" = M:\PStart.exe -- File not found
O33 - MountPoints2\{c09915e2-ca34-483b-804e-62d249662b86}\Shell\AutoRun\command - "" = Z:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/13 11:18:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)
========== Files/Folders - Created Within 90 Days ==========
[2010/05/14 15:52:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/14 14:17:03 | 000,063,296 | ---- | C] (Ray Hinchliffe) -- C:\WINDOWS\System32\drivers\SIVX32.sys
[2010/05/12 16:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/05/12 15:25:24 | 009,591,104 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Owner\My Documents\DTLite4356-0091.exe
[2010/05/12 02:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application DataComodoGroup
[2010/05/12 02:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2010/05/12 02:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/05/12 02:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/05/12 02:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/05/12 01:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/05/09 23:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nimiq
[2010/05/09 23:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.bittorrent
[2010/05/09 23:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ipodderX
[2010/05/09 23:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Primetime Podcast Receiver
[2010/05/09 23:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Nimiq
[2010/05/09 23:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\iPodderX Downloads
[2010/05/09 23:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPodderX
[2010/05/09 23:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\AudioShell
[2010/05/07 00:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Juice
[2010/05/06 11:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/06 11:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/02 12:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\EncSpot
[2010/04/07 23:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Playlist Creator 3.6
[2010/04/05 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Red Chair Software
[2010/04/05 15:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Red Chair Software
[2010/04/03 22:55:32 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/04/01 00:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickMediaConverter
[2010/03/31 23:58:18 | 000,000,000 | ---D | C] -- C:\Fonts
[2010/03/30 00:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.thumbnails
[2010/03/25 23:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Taskbar Shuffle
[2010/03/23 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Joiner
[2010/03/22 13:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HandBrake
[2010/03/20 16:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2010/03/14 03:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.gimp-2.6
[2010/03/14 03:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\gegl-0.0
[2010/03/14 03:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/03/13 02:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\XMedia Recode
[2010/03/08 22:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\ExtractNow
[2010/02/22 22:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\WBFS Manager Covers
[2010/02/22 22:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2010/02/22 15:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Icecast2 Win32
[2010/02/21 16:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Windows Live Writer
[2010/02/21 12:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded Audio
[2010/02/21 12:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Orb Networks
[2010/02/20 13:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\UFS Explorer
[2010/02/19 21:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2010/02/14 02:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Valentines Coloring
[2009/09/13 00:46:16 | 000,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
========== Files - Modified Within 90 Days ==========
[2010/05/14 15:29:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/14 13:50:22 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/14 13:50:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/14 13:39:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/14 12:31:39 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/14 12:31:39 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/14 12:31:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/05/14 12:09:54 | 000,063,296 | ---- | M] (Ray Hinchliffe) -- C:\WINDOWS\System32\drivers\SIVX32.sys
[2010/05/14 11:49:02 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/14 11:47:37 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/05/14 11:47:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/14 11:47:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/14 11:46:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/14 11:46:17 | 3186,085,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/14 02:46:16 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010/05/14 00:31:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/05/13 18:31:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/05/13 12:13:49 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/05/13 04:19:36 | 000,019,882 | ---- | M] () -- C:\Documents and Settings\Owner\peerblock.dmp
[2010/05/12 16:34:14 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/12 06:31:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/05/12 03:01:28 | 009,591,104 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\Owner\My Documents\DTLite4356-0091.exe
[2010/05/12 02:11:51 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LoggingOff.reg
[2010/05/12 01:55:19 | 232,439,190 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2009-5-12.reg
[2010/05/12 01:08:04 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LoggingOn.reg
[2010/05/11 00:33:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/10 01:45:43 | 000,001,564 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/09 23:40:03 | 000,000,178 | RHS- | M] () -- C:\WINDOWS\System32\thssdk32.sys
[2010/05/08 01:23:56 | 000,077,172 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/06 10:33:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/02 13:42:06 | 000,000,436 | RHS- | M] () -- C:\Documents and Settings\Owner\ntuser.pol
[2010/04/29 23:22:44 | 000,462,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/29 23:22:44 | 000,078,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 23:22:42 | 000,551,052 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/19 08:46:54 | 000,098,296 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/03 22:55:32 | 002,183,470 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/03 22:55:32 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/04/03 22:55:32 | 000,025,755 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/04/03 22:55:32 | 000,009,046 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/04/03 19:22:32 | 000,066,714 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/03/30 23:58:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/03/30 02:08:22 | 000,000,899 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/30 00:19:40 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2010/03/23 16:27:10 | 001,623,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/13 13:35:28 | 012,642,447 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Various Artists-Do You Remember.zip
[2010/03/13 03:49:50 | 012,060,382 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\VA-WELLKEEPBELIEVINGIFYOUKEEPSINGING.zip
[2010/02/27 20:01:28 | 016,183,776 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/02/19 01:39:27 | 010,434,739 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dns34_manual_100.pdf
[2010/02/18 21:43:56 | 000,047,722 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\nGen Customer Client.pdf
[2010/02/15 02:21:31 | 000,088,975 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Newegg.com 2010-02-15.pdf
========== Files Created - No Company Name ==========
[2010/05/12 02:37:44 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010/05/12 02:20:25 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/05/12 02:11:51 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LoggingOff.reg
[2010/05/12 01:54:23 | 232,439,190 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2009-5-12.reg
[2010/05/12 01:08:04 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LoggingOn.reg
[2010/05/11 00:33:44 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/11 00:33:44 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/10 23:16:37 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/10 23:16:36 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/05/10 23:16:34 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/05/10 23:16:33 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/05/10 02:54:32 | 000,019,882 | ---- | C] () -- C:\Documents and Settings\Owner\peerblock.dmp
[2010/05/09 23:40:03 | 000,000,178 | RHS- | C] () -- C:\WINDOWS\System32\thssdk32.sys
[2010/05/08 01:23:56 | 000,077,172 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/02 14:33:52 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\Owner\DeductionPro2009.log
[2010/05/02 13:42:06 | 000,000,436 | RHS- | C] () -- C:\Documents and Settings\Owner\ntuser.pol
[2010/04/03 22:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/03 22:55:32 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/04/03 19:22:32 | 000,276,202 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/03 19:22:32 | 000,066,714 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/03/30 00:19:40 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2010/03/13 02:59:08 | 012,642,447 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Various Artists-Do You Remember.zip
[2010/03/13 02:58:48 | 012,060,382 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\VA-WELLKEEPBELIEVINGIFYOUKEEPSINGING.zip
[2010/03/13 00:20:06 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/03/13 00:20:04 | 000,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2010/02/18 22:26:53 | 010,434,739 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dns34_manual_100.pdf
[2010/02/18 21:43:53 | 000,047,722 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\nGen Customer Client.pdf
[2010/02/15 02:21:29 | 000,088,975 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Newegg.com 2010-02-15.pdf
[2010/01/31 02:35:12 | 000,000,145 | ---- | C] () -- C:\WINDOWS\jpegcrop.INI
[2009/11/02 01:54:34 | 000,001,564 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/10/03 09:37:58 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/09/13 00:46:14 | 000,012,043 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2009/02/13 02:44:34 | 000,094,636 | ---- | C] () -- C:\WINDOWS\dropcpyr.dll
[2009/02/10 14:53:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/10 14:50:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPWF30.ini
[2009/01/25 17:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/18 14:49:10 | 000,000,179 | ---- | C] () -- C:\WINDOWS\{E91A2937-0368-460F-A511-73966296C967}.ini
[2008/11/18 14:49:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\{E91A2937-0368-460F-A511-73966296C967}.ini
[2008/07/08 11:22:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/07/08 11:08:37 | 000,000,074 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/12 00:51:19 | 000,000,171 | ---- | C] () -- C:\WINDOWS\icecast2.ini
[2007/05/11 04:14:52 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2007/05/11 04:14:50 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/05/11 03:12:41 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/05/11 03:12:41 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/05/11 03:12:41 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/05/11 03:12:27 | 000,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/05/11 03:12:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/05/11 03:12:26 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/05/11 03:11:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BRVPDNTA.DLL
[2007/05/11 03:11:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/05/11 03:11:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/05/11 03:11:51 | 000,011,568 | ---- | C] () -- C:\WINDOWS\HL-1440.INI
[2007/05/11 03:11:51 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/03/12 08:14:51 | 000,002,164 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/03/11 11:37:14 | 000,020,672 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/03/11 11:09:36 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2007/03/11 09:43:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2007/03/01 03:28:21 | 000,026,322 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2007/02/22 20:18:50 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/02/22 18:52:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/02/08 10:04:37 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/02/08 10:04:37 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/02/03 12:19:35 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/03 12:19:13 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/02/03 12:19:13 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/27 09:29:35 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/01/23 15:39:49 | 000,000,349 | ---- | C] () -- C:\WINDOWS\Ffpsettings.ini
[2007/01/19 12:02:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007/01/19 11:45:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/01/19 11:43:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2007/01/18 11:09:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/15 10:00:39 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netspeed.INI
[2007/01/14 09:43:58 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/14 09:00:52 | 000,000,497 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/13 14:00:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/13 12:53:12 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2007/01/13 12:53:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2007/01/13 12:53:12 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2007/01/13 12:38:01 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2006/03/18 09:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/11 12:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2005/01/12 13:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 19:49:16 | 000,001,270 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 19:49:16 | 000,000,517 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/04/05 12:17:52 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/14 16:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/12/14 16:46:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 16:46:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 16:46:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1995/03/14 00:22:21 | 000,003,440 | --S- | C] () -- C:\WINDOWS\System32\argtmp39.dll
========== LOP Check ==========
[2010/05/12 16:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2007/03/13 08:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2009/09/30 15:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/01/25 21:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2007/08/08 17:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GPSoftware
[2007/03/12 10:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2008/12/12 01:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008/11/29 13:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/09/24 02:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MP3Toys
[2008/11/26 03:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/22 18:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2007/08/10 08:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2009/10/06 22:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2009/09/17 15:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/05/13 14:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/02/04 21:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/10/31 00:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/25 22:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2009/02/10 15:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/01/19 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/08/16 07:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/22 04:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/05/06 11:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/17 15:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 11:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/31 00:24:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010/05/09 23:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.bittorrent
[2008/10/05 15:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
[2008/08/17 10:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AD ON Multimedia
[2007/03/08 20:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bersirc
[2009/09/28 00:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BOXEE
[2009/03/18 18:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bullzip
[2008/11/18 14:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Business Objects
[2009/01/08 02:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cYo
[2009/02/24 22:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
[2009/08/11 13:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2009/02/24 22:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2010/04/05 05:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dBpoweramp
[2007/02/01 10:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DeepBurner
[2009/10/28 04:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
[2008/08/04 08:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDFab
[2007/09/22 14:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eMusic
[2009/12/29 00:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2009/09/28 01:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FMZilla
[2009/02/24 22:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2009/10/06 14:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2010/05/10 03:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2009/12/28 23:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gizmotronix
[2010/05/12 02:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2007/02/02 01:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GPSoftware
[2010/03/30 00:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/03/22 13:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HandBrake
[2009/09/22 01:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IcoFX
[2010/05/07 00:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iPodder
[2010/05/10 00:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ipodderX
[2008/08/18 01:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JGsoft
[2009/03/03 00:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Launchy
[2009/02/10 15:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/02/01 03:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mazaika
[2008/04/21 13:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MiniLyrics
[2009/08/09 15:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Moyea
[2007/03/31 11:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mp3tag
[2009/04/20 01:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MP3Toys
[2007/08/16 07:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2007/11/04 18:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MusicIP
[2008/07/28 15:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NewsBin
[2010/01/12 00:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\nicotine
[2010/05/09 23:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nimiq
[2009/08/18 23:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++
[2007/09/10 10:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2007/02/22 18:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2008/02/22 21:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlainEdit
[2007/08/10 08:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\r2 Studios
[2010/04/05 15:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Chair Software
[2010/02/24 12:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RipIt4Me
[2007/01/18 07:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/01/06 12:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Schism Tracker
[2008/04/22 10:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2007/02/24 09:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softplicity
[2007/02/08 11:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\STOIK
[2010/01/22 14:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TaxCut
[2007/01/31 08:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2008/07/09 15:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tenebril
[2007/01/14 09:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2007/02/08 09:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2010/05/14 16:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/01/22 17:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2008/11/30 00:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2008/12/11 14:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2010/05/14 00:31:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/05/12 06:31:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/05/14 12:31:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/05/13 18:31:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/05/11 00:33:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/05/14 11:47:37 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/05/14 11:46:08 | 000,036,732 | ---- | M] () -- C:\aaw7boot.log
[2009/12/29 00:18:45 | 000,007,662 | ---- | M] () -- C:\archives.html
[2007/01/13 12:54:32 | 000,000,206 | ---- | M] () -- C:\audio.log
[2005/01/09 21:13:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/30 19:35:03 | 000,004,005 | ---- | M] () -- C:\Best of Skate Punk.m3u
[2009/10/24 01:21:59 | 000,000,197 | -HS- | M] () -- C:\boot.ini
[2005/12/15 03:00:13 | 000,000,199 | ---- | M] () -- C:\boot.ini.comodofirewall
[2005/01/09 21:13:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/05/07 02:48:43 | 000,460,202 | ---- | M] () -- C:\CTSUFile.txt
[2009/08/29 00:26:10 | 000,000,000 | ---- | M] () -- C:\DMF2_WKLog.txt
[2007/02/02 15:34:34 | 000,565,248 | -HS- | M] () -- C:\ehthumbs.db
[2007/03/11 12:14:04 | 000,118,104 | ---- | M] () -- C:\hcwclear.txt
[2010/05/14 11:46:17 | 3186,085,888 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/06 01:44:45 | 000,034,400 | ---- | M] () -- C:\hpCDE.log
[2009/12/29 00:18:44 | 000,008,490 | ---- | M] () -- C:\index.html
[2007/07/15 08:28:56 | 000,000,164 | ---- | M] () -- C:\install.dat
[2005/01/09 21:13:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/01/13 12:56:21 | 000,001,180 | -H-- | M] () -- C:\IPH.PH
[2008/02/01 09:50:04 | 000,229,376 | ---- | M] (J.C. Kessels) -- C:\JkDefrag.exe
[2008/12/14 18:39:05 | 000,001,439 | ---- | M] () -- C:\JkDefrag.log
[2007/01/13 12:32:03 | 000,000,086 | ---- | M] () -- C:\lan.log
[2007/11/03 11:57:51 | 000,026,234 | ---- | M] () -- C:\logfile
[2007/05/25 08:42:16 | 000,000,215 | ---- | M] () -- C:\MAC Library.log
[2007/05/25 08:41:35 | 000,401,800 | ---- | M] () -- C:\MAC Library.txt
[2008/12/15 01:36:44 | 000,036,497 | ---- | M] () -- C:\MediaMonkey.ini
[2008/12/15 01:31:22 | 176,993,280 | ---- | M] () -- C:\MM.DB
[2008/12/11 04:59:24 | 000,000,000 | ---- | M] () -- C:\MMiPodExcept.log
[2008/12/11 04:59:24 | 000,000,000 | ---- | M] () -- C:\MMWMDMExcept.log
[2007/01/13 11:14:02 | 000,000,064 | ---- | M] () -- C:\MOVE_RECOVERY
[2005/01/09 21:13:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/09 17:12:31 | 000,000,834 | ---- | M] () -- C:\mxlog.dat
[2004/08/10 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/08 11:21:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/01/13 12:52:59 | 000,000,086 | ---- | M] () -- C:\nvida.log
[2010/05/14 11:46:08 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2009/10/06 13:36:44 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2003/08/21 02:00:00 | 000,028,672 | ---- | M] (http://www.SteveMiller.net) -- C:\PureText.exe
[2008/12/15 01:37:08 | 000,000,864 | ---- | M] () -- C:\Restore.vbs
[2009/12/29 00:18:44 | 000,001,316 | ---- | M] () -- C:\rss.xml
[2003/12/21 22:44:22 | 000,032,768 | ---- | M] (http://www.beyondlogic.org) -- C:\smart.exe
[2007/12/17 15:13:11 | 000,003,891 | ---- | M] () -- C:\statistics.xml
[2007/08/11 22:49:53 | 000,000,140 | ---- | M] () -- C:\tomsteady.ini
[2007/01/13 12:29:39 | 000,000,002 | RHS- | M] () -- C:\USER
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/02/25 02:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msfeeds.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2005/01/09 12:58:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/09 12:58:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/09 12:58:49 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/04/03 22:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2010/05/14 12:09:54 | 000,063,296 | ---- | M] (Ray Hinchliffe) -- C:\WINDOWS\system32\drivers\SIVX32.sys
[2010/05/12 16:34:14 | 000,691,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAFF1466
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >