Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan or adware, cant remove or find

Started by Derobmai41 , Jun 06 2010 08:49 PM

Please log in to reply

#1
Derobmai41

Posted 06 June 2010 - 08:49 PM

Member

Member
51 posts

I have gotten some sort of virus in my computer, i have ran MBAM and removed some viruses from my computer but my computer does freeze up when im running scans or restarts on me. it took me a long time to obtain the OTL and GMER logs as the computer kept restarting midway. i also got a virus in the sd card on my phone which AVG on my dads computer removed but my access is denied to it, but that can wait for now. I will post the MBAM OTL and GMER logs once i get a chance to to the site in my computer.

#2
Derobmai41

Posted 06 June 2010 - 08:52 PM

Member

Topic Starter
Member
51 posts

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/6/2010 11:29:26
mbam-log-2010-06-06 (11-29-26).txt

Scan type: Quick scan
Objects scanned: 151428
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3
Derobmai41

Posted 06 June 2010 - 08:53 PM

Member

Topic Starter
Member
51 posts

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-06 12:23:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\C4BOMB~1\LOCALS~1\Temp\kftoruow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9859000, 0x1C5D38, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xAD4ABA00]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHChangeNotify + 7E5 7C9F8BFE 1 Byte [85]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHChangeNotify + 7ED 7C9F8C06 1 Byte [3B]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHChangeNotify + 805 7C9F8C1E 1 Byte [89]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHChangeNotify + 855 7C9F8C6E 1 Byte [8B]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHChangeNotify + 85D 7C9F8C76 1 Byte [CC] {INT 3 }
.text ...
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHCreatePropSheetExtArray + 93 7CA77BE6 1 Byte [7C]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHCreatePropSheetExtArray + AB 7CA77BFE 1 Byte [4B]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHCreatePropSheetExtArray + B3 7CA77C06 1 Byte [08]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHCreatePropSheetExtArray + CB 7CA77C1E 1 Byte [08]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHCreatePropSheetExtArray + 113 7CA77C66 1 Byte [56]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryPoint + 2E 7CA77CF6 1 Byte [39]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryPoint + 46 7CA77D0E 1 Byte [0F]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryFile + 30 7CA77D66 1 Byte [E0]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryFile + 38 7CA77D6E 1 Byte [90]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryFile + 40 7CA77D76 1 Byte [59]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryFile + 48 7CA77D7E 1 Byte [04]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryFile + B0 7CA77DE6 1 Byte [89]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!RestartDialogEx + 41 7CA784E6 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!RestartDialogEx + 69 7CA7850E 1 Byte [90]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!RestartDialogEx + D1 7CA78576 1 Byte [F0]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!RestartDialogEx + D9 7CA7857E 1 Byte [FD]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!RestartDialogEx + E9 7CA7858E 1 Byte [01]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHDoDragDrop + 2F09 7CAB1BE6 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHDoDragDrop + 2F11 7CAB1BEE 1 Byte [85]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHDoDragDrop + 2F19 7CAB1BF6 1 Byte [BD]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHDoDragDrop + 2F29 7CAB1C06 1 Byte [85]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHDoDragDrop + 2F39 7CAB1C16 1 Byte [FF]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DllInstall + 3A 7CAB1CE6 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DllInstall + 4A 7CAB1CF6 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DllInstall + 62 7CAB1D0E 1 Byte [74]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DllInstall + 6A 7CAB1D16 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DllInstall + 72 7CAB1D1E 1 Byte [89]
.text ...
.text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[2528] SHELL32.dll!SHCreateLocalServerRunDll + 8469 7CB66BE6 1 Byte [FF]
.text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[2528] SHELL32.dll!SHCreateLocalServerRunDll + 8479 7CB66BF6 1 Byte [0C]
.text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[2528] SHELL32.dll!SHCreateLocalServerRunDll + 8481 7CB66BFE 1 Byte [FF]
.text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[2528] SHELL32.dll!SHCreateLocalServerRunDll + 8489 7CB66C06 1 Byte [A0]
.text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[2528] SHELL32.dll!SHCreateLocalServerRunDll + 84A1 7CB66C1E 1 Byte [10]
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\JRAID \Device\Scsi\JRAID1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\[email protected]8 C:\Program Files\Adobe\Adobe Device Central CS4\adobe_epic\eula\hu_HU\

---- EOF - GMER 1.0.15 ----

#4
Derobmai41

Posted 06 June 2010 - 08:54 PM

Member

Topic Starter
Member
51 posts

OTL logfile created on: 6/6/2010 12:54:54 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 29.86 Gb Free Space | 50.96% Space Free | Partition Type: NTFS
Drive D: | 43.95 Gb Total Space | 40.23 Gb Free Space | 91.55% Space Free | Partition Type: NTFS
Drive E: | 46.50 Gb Total Space | 10.59 Gb Free Space | 22.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESTRUCTOR
Current User Name: C4 BOMB
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/06 11:40:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/06/06 11:40:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/03/06 20:00:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/06/29 12:02:46 | 000,651,268 | ---- | M] (NCH Software) [Disabled | Stopped] -- C:\Program Files\NCH Swift Sound\VRS\vrs.exe -- (VRSService)
SRV - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Stopped] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/06/21 22:00:00 | 000,425,988 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NCH Software\Eyeline\eyeline.exe -- (EyelineService)
SRV - [2008/06/21 21:59:57 | 000,368,644 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NCH Software\BroadCam\broadCam.exe -- (BroadCamService)
SRV - [2007/11/06 16:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/06/29 18:54:16 | 000,073,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - [2010/05/12 19:51:58 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/05/12 19:51:58 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/05/12 19:51:42 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/05/12 19:51:39 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/07/21 12:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/05 20:16:25 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/07/26 10:25:12 | 000,039,808 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2007/07/03 19:59:10 | 000,086,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 19:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 19:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 19:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/06/12 12:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007/04/25 21:19:54 | 000,169,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2007/02/09 13:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 13:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/11/16 18:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/08/14 14:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/08/04 04:29:24 | 000,043,904 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/05/02 13:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/03/17 14:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 07:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/12/21 22:22:20 | 000,005,685 | R--- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/08/10 10:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/20 16:01:32 | 000,025,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/05/20 16:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/05/20 16:00:48 | 000,054,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2005/05/20 16:00:36 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/09/24 14:02:58 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/09/24 14:02:58 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2003/09/24 14:02:56 | 000,260,224 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/09/24 14:02:56 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/09/24 14:02:56 | 000,022,777 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/09/24 14:02:56 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 06:10:10 | 000,036,356 | ---- | M] (Siemens) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SS1020N5.sys -- (SS1020)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ondemand5.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:0.5.7
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20080616
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/16 21:44:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/19 10:42:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009/05/14 18:41:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010/05/19 10:17:27 | 000,000,000 | ---D | M]

[2009/02/26 23:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Extensions
[2009/02/26 23:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Extensions\[email protected]
[2009/12/02 21:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Firefox\Profiles\dwkh1mpg.default\extensions
[2009/07/01 23:04:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Firefox\Profiles\dwkh1mpg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/19 21:52:34 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Firefox\Profiles\dwkh1mpg.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/02/14 23:27:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Firefox\Profiles\dwkh1mpg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/06/19 21:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Firefox\Profiles\dwkh1mpg.default\extensions\[email protected]
[2009/05/14 18:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Sunbird\Profiles\gy63u0dv.default\extensions
[2009/12/22 16:58:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/31 16:23:00 | 000,399,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/03/06 20:51:36 | 000,000,509 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMax] C:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/02/16 21:27:41 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/02/16 21:27:41 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/02/16 21:27:41 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/02/16 21:27:41 | 000,000,000 | ---D | M]
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai...cat-no-eula.cab (Citrix ICA Client)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1171077850125 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\bw+0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (D:\Glacial Inferno 1024x768.exe) - D:\Glacial Inferno 1024x768.exe (OmegaSistem)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\C4 BOMB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\C4 BOMB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/09 23:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{345057cf-b883-11db-b332-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{345057cf-b883-11db-b332-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{345057cf-b883-11db-b332-806d6172696f}\Shell\AutoRun\command - "" = F:\ASUSACPI.exe -- File not found
O33 - MountPoints2\{a683220f-223c-11de-bb02-0030f11ef50f}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O33 - MountPoints2\{f6a15473-00fd-11de-ac76-0030f11ef50f}\Shell - "" = AutoRun
O33 - MountPoints2\{f6a15473-00fd-11de-ac76-0030f11ef50f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/02/09 23:03:03 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/19 11:45:33 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\WINDOWS\System32\KeyHelp.ocx
[2010/05/19 11:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2010/05/19 11:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/05/19 11:24:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/19 11:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/19 11:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C4 BOMB\Desktop\New Folder
[2010/05/19 10:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C4 BOMB\DoctorWeb
[2010/05/19 10:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/19 10:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\123Movies2PSP
[2010/05/19 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C4 BOMB\.limewire
[2010/05/19 10:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/05/19 00:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA(2)
[2010/05/14 20:11:01 | 000,000,000 | ---D | C] -- C:\divx
[2010/05/14 19:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/05/14 19:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/12 21:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/05/12 19:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/05/12 19:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/05/12 19:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Seagate
[2010/04/16 18:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C4 BOMB\Local Settings\Application Data\IsolatedStorage
[2010/03/18 16:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C4 BOMB\Application Data\Facebook

========== Files - Modified Within 90 Days ==========

[2010/06/06 12:49:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/06 12:48:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 12:47:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/06 12:47:30 | 009,342,976 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\ntuser.dat
[2010/06/06 12:47:30 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\C4 BOMB\ntuser.ini
[2010/06/06 12:47:16 | 000,000,812 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/06 12:47:16 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/06/06 12:47:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/19 12:09:48 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 12:04:52 | 000,000,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/05/19 12:04:47 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\ntuser.bak
[2010/05/19 11:24:48 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/19 11:23:52 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\Desktop\NTREGOPT.lnk
[2010/05/19 11:23:52 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\Desktop\ERUNT.lnk
[2010/05/19 11:05:25 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\default.pls
[2010/05/19 11:05:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/17 11:52:34 | 000,000,995 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\My Documents\Playlist1.wpl
[2010/05/16 20:29:39 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/12 19:51:37 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate DiscWizard.lnk
[2010/05/12 19:39:40 | 000,097,120 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/12 19:36:43 | 002,235,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/12 17:18:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/12 14:19:25 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/09 18:58:27 | 000,000,596 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/05/09 18:58:11 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\Application Data\mcs.rma
[2010/05/09 18:58:11 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\Application Data\B30D64
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/16 19:21:24 | 001,383,912 | ---- | M] () -- C:\Unfiled Notes.one
[2010/04/16 19:21:05 | 000,529,008 | ---- | M] () -- C:\2009 Nowak J Form 1040 Individual Tax Return.tax2009
[2010/04/16 19:17:30 | 000,055,603 | ---- | M] () -- C:\2009_temp_pdf_file.pdf
[2010/04/16 19:15:49 | 000,072,638 | ---- | M] () -- C:\2009 Nowak J Form 1040 Individual Tax Return.tax2009.pdf
[2010/04/16 18:58:05 | 000,037,116 | ---- | M] () -- C:\...hi.pdf
[2010/04/16 18:14:49 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/03 20:47:36 | 000,455,204 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/03 20:47:36 | 000,077,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/03 20:47:36 | 000,004,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2010/05/19 12:04:52 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/05/19 12:04:32 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\C4 BOMB\ntuser.tmp.LOG
[2010/05/19 11:23:52 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\C4 BOMB\Desktop\NTREGOPT.lnk
[2010/05/19 11:23:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\C4 BOMB\Desktop\ERUNT.lnk
[2010/05/12 21:30:25 | 009,437,184 | ---- | C] () -- C:\Documents and Settings\C4 BOMB\ntuser.bak
[2010/05/12 21:30:25 | 009,342,976 | ---- | C] () -- C:\Documents and Settings\C4 BOMB\ntuser.dat
[2010/05/12 19:51:37 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate DiscWizard.lnk
[2010/05/12 14:19:25 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/09 18:58:18 | 000,000,596 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/17 00:58:06 | 000,229,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/16 19:21:24 | 001,383,912 | ---- | C] () -- C:\Unfiled Notes.one
[2010/04/16 19:17:30 | 000,055,603 | ---- | C] () -- C:\2009_temp_pdf_file.pdf
[2010/04/16 19:15:49 | 000,072,638 | ---- | C] () -- C:\2009 Nowak J Form 1040 Individual Tax Return.tax2009.pdf
[2010/04/16 19:15:21 | 000,529,008 | ---- | C] () -- C:\2009 Nowak J Form 1040 Individual Tax Return.tax2009
[2010/04/16 18:58:05 | 000,037,116 | ---- | C] () -- C:\...hi.pdf
[2010/04/16 18:14:49 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2009/10/11 20:02:50 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/10/09 16:45:01 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/01/12 01:21:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/01/11 16:56:50 | 000,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2008/12/30 11:18:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/25 10:05:25 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2008/12/18 18:24:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/06/16 19:49:06 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys
[2008/05/23 09:36:44 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/04/22 20:15:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2008/04/12 09:49:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/02/20 19:21:54 | 000,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2008/02/20 19:21:54 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2008/02/20 19:21:54 | 000,042,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2008/02/20 19:21:54 | 000,039,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/09/15 13:25:15 | 000,017,768 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/09/10 18:42:59 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/09/10 18:42:59 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/09/10 18:42:56 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2007/09/10 18:42:56 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2007/08/24 23:52:22 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/06/19 09:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/06/18 16:37:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/04/20 08:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/04/04 14:07:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2007/02/10 13:46:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/10 01:06:31 | 000,019,400 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/02/10 01:03:49 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/02/10 01:03:44 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/04 08:00:00 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\syscvchk.dll
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2008/12/18 18:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/12/02 20:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/05/19 11:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/05/19 10:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA(2)
[2008/12/27 16:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/02/05 20:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/12 21:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/05/12 19:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2007/09/06 17:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/02/20 19:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2008/07/04 13:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/15 13:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/11 19:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/12/18 18:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\acccore
[2007/02/10 00:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Aim
[2009/10/09 16:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/25 12:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\DisplayTune
[2010/03/18 16:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Facebook
[2009/02/01 23:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\FileSubmit
[2009/03/08 20:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\GARMIN
[2008/01/25 15:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\ICAClient
[2009/12/24 13:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\NCH Swift Sound
[2009/10/09 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\PrimoPDF
[2008/04/28 16:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Recordpad
[2007/02/18 00:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Simple Star
[2009/03/17 20:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Smith Micro
[2007/02/18 00:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Snapfish
[2007/09/06 17:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Sony
[2007/08/22 01:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\SoundSpectrum
[2010/05/19 10:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\uTorrent
[2007/02/13 15:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Viewpoint
[2010/05/14 19:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Vso
[2007/02/28 15:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\WNR

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/04/16 18:58:05 | 000,037,116 | ---- | M] () -- C:\...hi.pdf
[2009/07/27 11:32:56 | 000,383,460 | ---- | M] () -- C:\0727090732.jpg
[2009/07/28 21:35:54 | 000,309,759 | ---- | M] () -- C:\0728091735.jpg
[2009/07/30 00:19:22 | 000,457,918 | ---- | M] () -- C:\0729092019.jpg
[2010/04/16 19:21:05 | 000,529,008 | ---- | M] () -- C:\2009 Nowak J Form 1040 Individual Tax Return.tax2009
[2010/04/16 19:15:49 | 000,072,638 | ---- | M] () -- C:\2009 Nowak J Form 1040 Individual Tax Return.tax2009.pdf
[2010/04/16 19:17:30 | 000,055,603 | ---- | M] () -- C:\2009_temp_pdf_file.pdf
[2007/02/09 23:03:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/06 12:47:16 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/05/19 12:09:22 | 002,115,183 | ---- | M] () -- C:\caisslog.txt
[2007/02/09 23:03:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/02/09 23:03:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/02 20:15:34 | 000,001,971 | -H-- | M] () -- C:\IPH.PH
[2009/03/01 14:22:01 | 000,000,964 | ---- | M] () -- C:\moduleName.txt
[2007/02/09 23:03:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/20 21:23:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/06 12:48:22 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/12/25 10:06:04 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2008/12/25 10:05:28 | 000,000,184 | ---- | M] () -- C:\pivot.log
[2008/06/15 17:24:21 | 000,081,920 | -HS- | M] () -- C:\Thumbs.db
[2010/04/16 19:21:24 | 001,383,912 | ---- | M] () -- C:\Unfiled Notes.one

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\config\*.sav >
[2007/02/09 17:49:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/02/09 17:49:22 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/02/09 17:49:22 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

========== Files - Unicode (All) ==========
[2007/08/03 23:10:31 | 000,019,968 | ---- | M] ()(C:\Documents and Settings\C4 BOMB\My Documents\?.doc) -- C:\Documents and Settings\C4 BOMB\My Documents\陳.doc
[2007/08/03 23:10:31 | 000,019,968 | ---- | C] ()(C:\Documents and Settings\C4 BOMB\My Documents\?.doc) -- C:\Documents and Settings\C4 BOMB\My Documents\陳.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129
< End of report >

#5
Derobmai41

Posted 06 June 2010 - 08:54 PM

Member

Topic Starter
Member
51 posts

OTL Extras logfile created on: 6/6/2010 12:54:54 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 29.86 Gb Free Space | 50.96% Space Free | Partition Type: NTFS
Drive D: | 43.95 Gb Total Space | 40.23 Gb Free Space | 91.55% Space Free | Partition Type: NTFS
Drive E: | 46.50 Gb Total Space | 10.59 Gb Free Space | 22.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESTRUCTOR
Current User Name: C4 BOMB
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"86:TCP" = 86:TCP:*:Enabled:BroadCam Web Server
"94:TCP" = 94:TCP:*:Enabled:VRS Recording System Web Control Panel
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\StubInstaller.exe" = D:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe" = C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)
"C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe" = C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead -- (Electronic Arts Inc.)
"C:\Program Files\EA GAMES\MOHAA\fpupdate.exe" = C:\Program Files\EA GAMES\MOHAA\fpupdate.exe:*:Enabled:fpupdate -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe" = C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe:*:Enabled:Proxy Switcher -- File not found
"C:\Program Files\EA GAMES\MOHAA\moh_breakthrough.exe" = C:\Program Files\EA GAMES\MOHAA\moh_breakthrough.exe:*:Enabled:Medal of Honor Allied Assault™ Breakthrough -- (Electronic Arts Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe" = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe:*:Enabled:GRAW -- File not found
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault™ -- (Electronic Arts Inc.)
"C:\Program Files\Sony\Media Manager for PSP 2.0\MediaManager.exe" = C:\Program Files\Sony\Media Manager for PSP 2.0\MediaManager.exe:*:Enabled:Media Manager for PSP 2.0 -- (Sony Media Software, Inc.)
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa_server.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa_server.exe:*:Enabled:Medal of Honor Pacific Assault™ -- (Electronic Arts Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"F:\Installation\Setupx.exe" = F:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)
"C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\EiB.exe" = C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\EiB.exe:*:Enabled:Brothers In Arms Earned In Blood -- File not found
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05861C9A-98C0-4A8F-9A36-EB2F7E0FA2D1}" = Sony Media Manager for PSP 2.0
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A4065B8-44BF-4B34-A71D-CC5FA82E9480}" = 20081
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}" = Medal of Honor Allied Assault™ Spearhead Patch 2.15
"{2000BE04-8B25-4776-93FC-830959521033}" = Nero 7 Essentials
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{48AFBB60-8CF5-4605-BB04-704DD8702B80}" = VZAccess Manager for RIM
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}" = Windows Media Player 9 Series Winter Fun Pack
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault™
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{6E868E3B-94AF-4C8B-A5A7-304B8E723B2C}" = 28224
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault™ Spearhead
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D0C553E-4D2B-442F-8617-665F22B10B6E}" = 18026
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault™ Breakthrough
"{824539D7-D27E-4CC3-B36F-6404B5EB726B}" = Medal of Honor Pacific Assault™ Patch2
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8833B3BE-3422-41A9-A52D-CCAB3CB159CA}" = Prepware 8
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90274E54-11AD-4ECA-8704-0DCF1B9B334E}" = 180964
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9AC8A085-6644-4430-BD4F-C546E45239B8}" = 21666
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}" = Medal of Honor Allied Assault™ Spearhead
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DF9046D6-5F1F-40B6-9782-3DC2D902D391}" = Medal of Honor Allied Assault™ Breakthrough Patch v2.40
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E486A342-E322-455D-99D4-660D96DD0CEA}" = 33775
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"AutoRun Pro Enterprise_is1" = AutoRun Pro Enterprise version 12.0.4.132
"AviSynth" = AviSynth 2.5
"BroadCam" = BroadCam
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Debut" = Debut Video Recorder
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"DVDFab Platinum_is1" = DVDFab Platinum 4.1.1.6 Beta by Team RES
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ExpressBurn" = Express Burn
"Eyeline" = Eyeline
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"LimeWire" = LimeWire PRO 5.4.6
"Logon Loader" = Logon Loader 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MP3 Stream Editor_is1" = MP3 Stream Editor 3.4.4.1808
"mpegable DS" = mpegable DS decoder
"MSNINST" = MSN
"Nero PhotoShow Express" = Nero PhotoShow Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NYR - Madison Square Garden" = NYR - Madison Square Garden Screen Saver
"PCFriendly" = PCFriendly
"PowerISO" = PowerISO
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"VCast Music Essentials Manager" = V CAST Music Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"VRS" = VRS Recording System
"VX2" = VX2 Screen Saver
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/20/2010 00:49:11 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5622, fault address 0x00057054.

Error - 5/20/2010 00:52:41 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5622, fault address 0x00057054.

Error - 5/20/2010 00:53:06 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5622, fault address 0x00057054.

Error - 5/20/2010 00:54:49 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5622, fault address 0x00057054.

Error - 5/20/2010 00:55:54 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5622, fault address 0x00057054.

Error - 5/28/2010 23:07:22 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module ole32.dll,
version 5.1.2600.5512, fault address 0x00030f56.

Error - 6/6/2010 11:06:50 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
ole32.dll, version 5.1.2600.5512, fault address 0x00030f56.

Error - 6/6/2010 11:15:14 | Computer Name = DESTRUCTOR | Source = MsiInstaller | ID = 1013
Description = Internal MSI error. Installer terminated prematurely.

Error - 6/6/2010 11:18:41 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.46.0.1, faulting module mbam.dll,
version 1.46.0.0, fault address 0x00001990.

Error - 6/6/2010 11:23:44 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.46.0.1, faulting module mbam.dll,
version 1.46.0.0, fault address 0x00001990.

[ System Events ]
Error - 6/6/2010 12:48:59 | Computer Name = DESTRUCTOR | Source = sfsync02 | ID = 262156
Description =

Error - 6/6/2010 12:49:31 | Computer Name = DESTRUCTOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/6/2010 12:49:46 | Computer Name = DESTRUCTOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/6/2010 12:49:59 | Computer Name = DESTRUCTOR | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 6/6/2010 12:49:59 | Computer Name = DESTRUCTOR | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 6/6/2010 12:49:59 | Computer Name = DESTRUCTOR | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 6/6/2010 12:49:59 | Computer Name = DESTRUCTOR | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/6/2010 12:49:59 | Computer Name = DESTRUCTOR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AsIO cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT Pivot RasAcd Rdbss SCDEmu Tcpip

Error - 6/6/2010 12:50:11 | Computer Name = DESTRUCTOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/6/2010 12:50:14 | Computer Name = DESTRUCTOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

< End of report >