Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System Administrator prevents installation

Started by Erichw , Jul 30 2010 03:35 PM

This topic is locked

#1
Erichw

Posted 30 July 2010 - 03:35 PM

Member

Member
19 posts

I've tried to install the new Kaspersky Internet Security and Anti-virus programme however each time I try I get the following message:

'Your System Administrator has set policies to prevent this installation..'

I've followed various suggestions online like logging in as Administrator, changing security settings etc. but none has helped so far. This is the case with each programme I try to install and now I'm stuck without an anti virus programme or online protection.

I think this may have resulted from disabling the login prompt at start up, but can't be 100% sure.

I would appreciate any help.

#2
Essexboy

Posted 31 July 2010 - 05:10 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there let me see what you have

Posted Image

GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
Posted Image

[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...

IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select Scan all users
Under the Custom Scan box paste this in

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
Erichw

Posted 31 July 2010 - 09:45 AM

Member

Topic Starter
Member
19 posts

Hi thanks for the help.

I've tried to install GMER however I get the typical 'gmer.exe has encountered a problem and needs to close. We are sorry for the inconvenience' message, then send error report. I assume that this is due to the very same problem that I have of not being able to install any programmes.

However I still have Hijack This installed but not sure whether it would do a thorough scan? Would you be able to work from this log? Haven't tried to install OTL but sure that I will face the same issue.

#4
Essexboy

Posted 31 July 2010 - 10:00 AM

GeekU Moderator

Retired Staff
69,964 posts

Yes try the OTL as that should run OK

#5
Erichw

Posted 31 July 2010 - 01:27 PM

Member

Topic Starter
Member
19 posts

Hi I've managed to create a log with OTL as follows: (OTL.txt first)

OTL logfile created on: 31/07/2010 20:15:49 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Erich\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.76 Gb Total Space | 3.35 Gb Free Space | 10.90% Space Free | Partition Type: NTFS
Drive D: | 39.55 Gb Total Space | 32.49 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
Drive E: | 59.77 Gb Total Space | 4.46 Gb Free Space | 7.47% Space Free | Partition Type: NTFS
Drive F: | 59.84 Gb Total Space | 12.69 Gb Free Space | 21.21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAPPY-1
Current User Name: Erich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/31 20:05:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erich\My Documents\Downloads\OTL.exe
PRC - [2010/06/03 18:33:16 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
PRC - [2010/06/03 18:33:14 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
PRC - [2010/05/07 13:36:10 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/01/08 10:35:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2003/01/27 18:16:58 | 000,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe

========== Modules (SafeList) ==========

MOD - [2010/07/31 20:05:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erich\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/09 12:32:30 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AOLService)
SRV - [2010/06/15 00:31:16 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/03 18:33:16 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe -- (EmmaUpdMgmtSvc)
SRV - [2010/06/03 18:33:14 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe -- (EmmaDevMgmtSvc)
SRV - [2010/05/07 13:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/05 21:44:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/01/08 10:35:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/02/01 18:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/01/17 22:14:01 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Freeloader Shared\Service\Freeloader Subscription Service File.exe -- (Freeloader Subscription Service)
SRV - [2007/01/08 16:08:10 | 000,094,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MA111nd5.sys -- (WlanUIB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PPPoEWin.SYS -- (PPPoEWin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Erich\LOCALS~1\Temp\iMSPQMn.sys -- (iMSPQMn)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Erich\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2010/07/06 11:15:22 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2009/11/08 00:01:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/06 09:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/06 09:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/03/30 16:32:20 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (ETD)
DRV - [2009/03/04 14:42:56 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/03/04 14:42:56 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/03/04 14:42:42 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/03/04 14:42:42 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/03/04 14:42:30 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/03/04 14:42:30 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/03/04 14:42:16 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/03/04 14:42:16 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/02/22 18:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/05/03 05:46:00 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 19:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/14 07:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/08/07 20:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/02/16 01:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/02/14 17:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2005/08/09 16:08:10 | 000,010,991 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2005/08/09 16:08:10 | 000,010,991 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2005/08/09 16:08:10 | 000,007,278 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005/04/01 23:43:14 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/03/31 17:13:34 | 000,016,640 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/03/31 17:13:32 | 000,146,684 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/03/31 17:13:32 | 000,052,856 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/03/31 17:13:32 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/03/31 17:13:30 | 001,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/03/05 17:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 17:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2004/02/24 04:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/03/25 18:50:46 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 16:14:46 | 000,049,024 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 18:19:08 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 16:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.startup.homepage: "http://en-GB.start2....en-GB:official"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: [email protected]:2.21.3
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.fastbrows...3DB593B530}&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/28 17:55:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 09:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 09:41:38 | 000,000,000 | ---D | M]

[2008/09/05 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Extensions
[2008/09/05 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Extensions\[email protected]
[2010/07/30 22:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions
[2010/04/29 11:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/29 11:00:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/25 23:54:20 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010/04/18 18:10:13 | 000,000,000 | ---D | M] (Property Bee) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
[2010/06/07 14:39:28 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/07/24 12:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\[email protected]
[2010/07/24 12:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\[email protected]
[2010/07/30 22:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 12:09:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/01/23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/22 16:17:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/22 16:17:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/22 16:17:48 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/22 16:17:48 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/15 01:58:26 | 000,001,295 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 pagead2.googlesyndication.com
O1 - Hosts: om
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RemoteCenter] File not found
O4 - HKU\S-1-5-21-776561741-2049760794-682003330-1003..\Run: [RemoteControl] File not found
O4 - HKU\S-1-5-21-776561741-2049760794-682003330-1003..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = DF 00 00 00 [binary data]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....015/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...rl/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aolsvc....kup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by21fd.bay21....es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1135809803691 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-phot...opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.planning...ImageUpload.dll (IlosoftImageUploadCtl Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15023/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Erich\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erich\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/27 16:04:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 09:59:28 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{f8a4ad61-9ed4-11d9-9342-806d6172696f}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- [2008/04/14 05:42:42 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvid.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/30 22:22:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Erich\Recent
[2010/07/30 00:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/07/29 23:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\PCFix
[2010/07/29 21:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/07/29 21:42:15 | 000,000,000 | -H-D | C] -- C:\kleaner.tmp
[2010/07/26 14:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\DoroPDFWriter
[2010/07/21 17:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/07/21 17:19:19 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2010/07/21 17:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995
[2010/07/16 11:32:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/16 01:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CADProfi
[2010/07/12 18:15:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegCure
[2010/07/12 18:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/07/12 14:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/07/11 16:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\XviD
[2010/07/07 16:24:45 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010/07/07 16:12:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\nvidia icons
[2010/07/07 16:07:16 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/07/01 13:01:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/06/21 10:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\My Documents\Defrag Reports
[2010/06/17 10:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint 5.5
[2010/06/15 01:38:35 | 000,000,000 | ---D | C] -- C:\_AcroTemp
[2010/06/15 00:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/06/15 00:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/06/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/06/10 02:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Local Settings\Application Data\Sony
[2010/06/10 02:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\My Documents\My Podcasts
[2010/06/10 02:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\My Documents\Media Go
[2010/06/10 02:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2010/06/10 02:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/06/10 02:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/06/10 02:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\Sony Setup
[2010/06/10 02:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\Sony
[2010/06/10 01:42:10 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010/06/10 01:42:10 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010/06/10 01:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Ericsson
[2010/06/10 01:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\My Documents\Sony Ericsson
[2010/06/10 01:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/06/10 01:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Local Settings\Application Data\Sony Ericsson
[2010/06/10 01:24:31 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeFB.dll
[2010/06/10 01:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010/06/10 01:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2010/05/14 23:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\Smart PDF Creator
[2010/05/05 21:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Maxtor
[2010/05/04 17:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/05/03 14:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Local Settings\Application Data\Autodesk
[2010/05/03 14:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\Autodesk
[2010/05/03 14:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2007/04/09 13:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/03/27 17:19:52 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005/03/27 17:19:52 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/31 19:56:27 | 043,627,008 | ---- | M] () -- C:\Program Files\CIS_Setup.msi
[2010/07/31 16:47:36 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/07/31 16:47:36 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/07/31 16:47:36 | 000,031,608 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/07/31 16:47:36 | 000,031,608 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/07/31 16:47:36 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/07/31 16:47:15 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\Erich\ntuser.dat
[2010/07/31 16:47:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Erich\ntuser.ini
[2010/07/31 16:47:07 | 005,557,912 | -H-- | M] () -- C:\Documents and Settings\Erich\Local Settings\Application Data\IconCache.db
[2010/07/31 16:47:07 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-20011102}.CDF
[2010/07/31 16:47:07 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-20011102}.BAK
[2010/07/30 22:21:31 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Erich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/29 22:51:33 | 000,006,548 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/07/28 14:32:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/26 15:00:34 | 000,159,014 | ---- | M] () -- C:\WINDOWS\System32\25 Tomlins Grove-b.pdf
[2010/07/24 11:51:39 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Maxtor Manager.lnk
[2010/07/21 17:27:10 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2010/07/21 17:27:10 | 000,000,025 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/07/21 17:27:09 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/07/12 18:16:23 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/12 18:15:59 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Erich\Desktop\RegCure Application.lnk
[2010/07/12 14:52:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010/07/08 11:30:00 | 000,054,808 | ---- | M] () -- C:\Documents and Settings\Erich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/07 23:02:45 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Erich\Desktop\CCleaner.lnk
[2010/07/06 11:15:22 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010/06/28 18:57:40 | 000,231,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/28 17:35:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/26 17:10:52 | 000,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/06/24 13:01:38 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/24 11:22:49 | 007,368,736 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/06/24 11:22:49 | 000,876,576 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/06/24 11:22:49 | 000,062,840 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/06/24 11:22:49 | 000,008,268 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/06/10 03:46:58 | 000,000,725 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/10 02:42:18 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk
[2010/06/10 01:45:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/06/10 01:45:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/06/10 01:45:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/06/10 01:24:33 | 000,001,853 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/06/10 01:24:31 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeFB.dll
[2010/06/04 01:03:19 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Erich\Desktop\SpywareBlaster.lnk
[2010/06/02 22:33:56 | 000,000,166 | ---- | M] () -- C:\WINDOWS\EnvironmentsDlg.ini
[2010/06/02 13:52:40 | 000,000,196 | ---- | M] () -- C:\WINDOWS\MaterialsDlg.ini
[2010/05/23 15:05:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/23 15:05:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/14 23:54:48 | 000,939,676 | ---- | M] () -- C:\WINDOWS\System32\SSPDFD
[2010/05/09 03:10:27 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Erich\Application Data\vso_ts_preview.xml
[2010/05/06 21:17:14 | 000,000,023 | ---- | M] () -- C:\WINDOWS\ANS2000.INI
[2010/05/06 21:17:14 | 000,000,020 | -H-- | M] () -- C:\WINDOWS\akebook.ini
[2010/05/06 21:17:14 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\a3kebook.ini
[2010/05/06 14:54:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/04 18:51:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Erich\Application Data\AVSDVDPlayer.m3u
[2010/05/04 18:11:00 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Erich\Desktop\MagicISO.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/31 00:30:49 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-20011102}.BAK
[2010/07/30 00:14:25 | 043,627,008 | ---- | C] () -- C:\Program Files\CIS_Setup.msi
[2010/07/26 15:00:33 | 000,159,014 | ---- | C] () -- C:\WINDOWS\System32\25 Tomlins Grove-b.pdf
[2010/07/21 17:19:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/07/21 17:19:19 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/07/12 18:16:22 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/12 18:16:16 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/12 18:15:59 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\Erich\Desktop\RegCure Application.lnk
[2010/07/12 14:52:26 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010/07/07 14:32:14 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/07/07 14:32:14 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/07/07 14:32:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/07/07 14:32:13 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2010/07/07 14:32:12 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/07/07 14:32:11 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/07/07 14:32:09 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/07/07 14:32:00 | 000,018,070 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/07/07 14:31:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/07/07 14:31:36 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/07/01 13:07:45 | 000,006,548 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/06/10 02:42:18 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk
[2010/06/10 01:45:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/06/10 01:45:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/06/10 01:45:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/06/10 01:24:33 | 000,001,853 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/06/02 13:52:40 | 000,000,196 | ---- | C] () -- C:\WINDOWS\MaterialsDlg.ini
[2010/06/02 13:52:40 | 000,000,166 | ---- | C] () -- C:\WINDOWS\EnvironmentsDlg.ini
[2010/05/14 23:54:47 | 000,939,676 | ---- | C] () -- C:\WINDOWS\System32\SSPDFD
[2010/05/06 21:17:14 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2010/05/06 21:17:14 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2010/05/06 21:17:14 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2010/05/06 14:54:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/05 21:20:06 | 000,002,397 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Maxtor Manager.lnk
[2010/05/04 18:11:00 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Erich\Desktop\MagicISO.lnk
[2010/04/08 00:25:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/04/08 00:25:17 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2009/12/14 03:23:26 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2009/12/14 03:23:25 | 001,271,296 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2009/12/14 03:23:24 | 001,015,128 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2009/12/14 03:23:24 | 000,369,152 | ---- | C] () -- C:\WINDOWS\System32\cygfreetype-6.dll
[2009/12/14 03:23:24 | 000,176,640 | ---- | C] () -- C:\WINDOWS\System32\cygpng12.dll
[2009/11/05 22:32:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2009/08/30 22:21:04 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/04/02 18:53:49 | 000,054,060 | ---- | C] () -- C:\WINDOWS\nick.ini
[2009/04/02 18:53:49 | 000,030,848 | ---- | C] () -- C:\WINDOWS\servers.ini
[2009/04/02 18:53:49 | 000,028,000 | ---- | C] () -- C:\WINDOWS\ident.ini
[2009/04/02 18:53:49 | 000,006,365 | ---- | C] () -- C:\WINDOWS\isim.ini
[2009/04/02 18:53:49 | 000,006,365 | ---- | C] () -- C:\WINDOWS\email.ini
[2009/04/02 18:53:49 | 000,003,535 | ---- | C] () -- C:\WINDOWS\script1.ini
[2009/04/02 18:53:49 | 000,003,318 | ---- | C] () -- C:\WINDOWS\mirc.ini
[2009/04/02 18:53:49 | 000,000,910 | ---- | C] () -- C:\WINDOWS\netdep.ini
[2009/04/02 18:53:49 | 000,000,840 | ---- | C] () -- C:\WINDOWS\script.ini
[2009/04/02 18:53:49 | 000,000,368 | ---- | C] () -- C:\WINDOWS\script2.ini
[2009/04/02 18:53:49 | 000,000,326 | ---- | C] () -- C:\WINDOWS\remote.ini
[2009/04/02 18:53:49 | 000,000,285 | ---- | C] () -- C:\WINDOWS\aliases.ini
[2009/04/02 18:53:49 | 000,000,111 | ---- | C] () -- C:\WINDOWS\perform.ini
[2009/04/02 18:53:49 | 000,000,090 | ---- | C] () -- C:\WINDOWS\dos.ini
[2009/04/02 18:53:49 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SCRNCAM.ini
[2009/04/02 18:53:49 | 000,000,016 | ---- | C] () -- C:\WINDOWS\tmon.ini
[2009/04/02 18:53:49 | 000,000,014 | ---- | C] () -- C:\WINDOWS\umon.ini
[2009/04/02 18:53:49 | 000,000,014 | ---- | C] () -- C:\WINDOWS\dmon.ini
[2009/04/02 18:53:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\one.ini
[2009/03/04 12:47:28 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008/09/27 18:42:35 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/21 00:19:01 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/08/13 20:45:02 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/07/01 18:03:15 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Ef.INI
[2007/04/23 13:15:16 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:32:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/02/05 23:50:02 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/05 23:50:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/24 00:04:40 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/11/08 00:52:22 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2006/11/08 00:52:22 | 000,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2006/11/08 00:52:22 | 000,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2006/11/08 00:52:22 | 000,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2006/11/08 00:52:22 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2006/10/02 17:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/07/15 16:02:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/29 22:47:07 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/31 20:40:51 | 000,000,048 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2006/05/22 23:40:51 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/05/22 23:34:57 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/05/22 19:43:00 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2005/08/28 12:32:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/05/01 22:58:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/25 20:19:33 | 000,000,674 | ---- | C] () -- C:\WINDOWS\CheckIt.INI
[2005/04/02 00:19:12 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2005/04/02 00:18:57 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2005/03/28 16:47:23 | 000,018,542 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/03/27 23:13:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/27 21:26:34 | 000,000,543 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/03/27 20:50:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/03/27 20:45:59 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2005/03/27 20:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/27 18:28:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2004/08/22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/03 23:56:44 | 000,002,112 | ---- | C] () -- C:\WINDOWS\System32\b44itwnw.dll
[2004/03/31 17:13:32 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2004/03/31 17:13:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/03/31 17:13:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2004/03/31 17:13:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2004/03/31 17:13:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll
[2004/03/31 17:13:30 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2004/03/31 17:13:30 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/03/27 16:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 18:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2002/04/05 16:40:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/10/28 02:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2010/06/28 12:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IMSIDesign
[2010/06/26 12:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/07/12 13:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2005/03/27 16:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2010/06/10 01:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/07/16 01:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CADProfi
[2009/11/07 23:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/08 16:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/01/25 17:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2007/05/12 19:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/04/07 18:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSIDesign
[2010/04/08 15:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/02/23 17:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008/08/07 23:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/01/25 14:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/07/28 19:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/07/21 17:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/12/14 03:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/31 12:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/05 22:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2005/03/27 21:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/24 22:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2008/09/21 00:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/01/16 00:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2009/03/20 00:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/08 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 23:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 23:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/03 09:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\AltrixSoft
[2007/09/11 19:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Applied Acoustics Systems
[2010/05/26 00:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Audacity
[2010/07/12 13:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Autodesk
[2010/07/29 22:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\BitTorrent
[2008/09/28 17:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/04 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2009/09/12 18:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DAEMON Tools
[2009/09/12 18:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DAEMON Tools Lite
[2006/03/14 18:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DataLayer
[2008/06/19 00:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DeepBurner
[2009/11/05 20:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DeviceDoctorSoftware
[2009/01/25 17:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\eBay
[2006/06/25 14:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Elaborate Bytes
[2007/06/18 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\FlashFXP
[2007/05/10 00:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\ImgBurn
[2010/04/07 18:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\IMSIDesign
[2005/04/02 14:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\IsolatedStorage
[2006/02/14 17:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Leadertech
[2007/06/21 23:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Learn2.com
[2007/05/08 20:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\MSNInstaller
[2008/07/27 17:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Nokia
[2008/08/07 23:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\NSeries
[2008/07/27 17:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\PC Suite
[2010/07/29 23:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\PCFix
[2008/02/05 22:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\SlySoft
[2010/05/14 23:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Smart PDF Creator
[2010/06/10 02:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Sony
[2010/06/10 02:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Sony Setup
[2006/06/15 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Steinberg
[2010/02/10 23:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\SystemRequirementsLab
[2008/09/05 22:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\TomTom
[2006/05/19 17:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\TrojanHunter
[2010/04/08 17:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Uniblue
[2009/08/24 22:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Virgin Broadband
[2010/05/02 23:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Vso
[2007/09/11 20:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Waves Audio
[2008/01/25 19:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\WholeSecurity
[2010/04/08 00:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\WinBatch
[2003/01/02 00:32:39 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/07/12 18:16:23 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/08/28 12:17:27 | 000,001,056 | -HS- | M] () -- C:\2lwjovma.sys
[2009/12/14 11:32:23 | 000,000,095 | ---- | M] () -- C:\a.ini
[2005/03/27 16:04:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/12 19:10:43 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2005/03/27 16:04:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/08/23 20:19:23 | 000,000,227 | ---- | M] () -- C:\CtDrvIns.log
[2007/08/23 20:19:23 | 000,018,604 | ---- | M] () -- C:\CtDrvStp.log
[2006/05/23 21:30:50 | 000,000,000 | ---- | M] () -- C:\debug.txt
[2009/12/14 13:04:35 | 000,021,129 | ---- | M] () -- C:\dvddebug.txt
[2009/12/14 11:33:05 | 000,029,162 | ---- | M] () -- C:\dvddebugfinal.txt
[2005/08/21 08:14:33 | 000,000,047 | ---- | M] () -- C:\GESYSTEM.LOG
[2005/03/27 16:04:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/08/30 18:50:14 | 000,000,420 | -H-- | M] () -- C:\IPH.PH
[2005/08/21 08:14:33 | 000,000,047 | ---- | M] () -- C:\MEM.LOG
[2005/03/27 16:04:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/10/10 20:09:31 | 000,000,000 | ---- | M] () -- C:\MyCompSettings_debug.txt
[2004/08/03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/07 14:18:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2005/12/31 01:14:30 | 001,618,688 | ---- | M] () -- C:\OPCUploaderLog - II.txt
[2005/12/31 01:14:30 | 000,710,652 | ---- | M] () -- C:\OPCUploaderLog.txt
[2003/01/02 00:32:16 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2008/01/24 00:43:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/01/25 18:32:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/07/02 23:15:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/12/01 02:28:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/12/19 10:16:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/12/19 10:20:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/06 00:49:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/02/03 12:50:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/02/03 12:53:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/02/03 12:54:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/02/03 12:58:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/02/03 13:00:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/02/10 00:11:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/02/13 01:20:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/04/26 22:10:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/01/24 00:43:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/01/25 18:32:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/07/02 23:15:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/12/01 02:28:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/12/19 10:16:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/12/19 10:20:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/06 00:49:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/02/03 12:50:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/02/03 12:53:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/02/03 12:54:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/02/03 12:58:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/02/03 13:00:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/02/10 00:11:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/02/13 01:20:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/04/26 22:10:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/05/14 18:41:36 | 000,001,238 | ---- | M] () -- C:\sti.log
[2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2006/11/12 19:18:36 | 000,000,029 | ---- | M] () -- C:\wizard.txt
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/03/27 16:03:26 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2006/07/22 21:52:58 | 000,232,784 | ---- | M] (MacSourcery) -- C:\WINDOWS\Matrix Code.scr
[2005/03/27 23:57:59 | 000,401,508 | ---- | M] (MacSourcery) -- C:\WINDOWS\U2 - SLANE (Blue).scr
[2005/03/27 23:58:06 | 000,401,508 | ---- | M] (MacSourcery) -- C:\WINDOWS\U2 - SLANE (Red).scr
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/02/28 20:35:49 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\Erich\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2010/07/31 19:56:27 | 043,627,008 | ---- | M] () -- C:\Program Files\CIS_Setup.msi

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/03/27 16:44:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/03/27 16:44:17 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/27 16:44:17 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-30 23:53:36

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99671BE2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD34FE88
< End of report >

OTL Extras logfile created on: 31/07/2010 20:05:49 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Erich\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.76 Gb Total Space | 3.35 Gb Free Space | 10.89% Space Free | Partition Type: NTFS
Drive D: | 39.55 Gb Total Space | 32.49 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
Drive E: | 59.77 Gb Total Space | 4.46 Gb Free Space | 7.47% Space Free | Partition Type: NTFS
Drive F: | 59.84 Gb Total Space | 12.69 Gb Free Space | 21.21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAPPY-1
Current User Name: Erich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>Ý\†Ð=ŸàÛ±Þ" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"8668:TCP" = 8668:TCP:*:Enabled:BitComet 8668 TCP
"8668:UDP" = 8668:UDP:*:Enabled:BitComet 8668 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"F:\FlashFXP\FlashFXP.exe" = F:\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"F:\FlashFXP\FlashFXP.exe" = F:\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\DOCUME~1\Erich\LOCALS~1\Temp\IXP000.TMP\vc.exe" = C:\DOCUME~1\Erich\LOCALS~1\Temp\IXP000.TMP\vc.exe:*:Enabled:Windows Application Service -- File not found
"C:\DOCUME~1\Erich\LOCALS~1\Temp\IXP001.TMP\vc.exe" = C:\DOCUME~1\Erich\LOCALS~1\Temp\IXP001.TMP\vc.exe:*:Enabled:Windows Application Service -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Documents and Settings\Erich\Local Settings\Temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = C:\Documents and Settings\Erich\Local Settings\Temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- File not found
"C:\Sun\SDK\Java\jdk\bin\java.exe" = C:\Sun\SDK\Java\jdk\bin\java.exe:*:Enabled:Java™ Platform SE binary -- File not found
"C:\Documents and Settings\Erich\Local Settings\Temp\java_ee_sdk-5_08-jdk-6u17-windows.exe2\package\jre\bin\javaw.exe" = C:\Documents and Settings\Erich\Local Settings\Temp\java_ee_sdk-5_08-jdk-6u17-windows.exe2\package\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- File not found
"C:\Sun\SDK\jdk\bin\java.exe" = C:\Sun\SDK\jdk\bin\java.exe:*:Enabled:Java™ Platform SE binary -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe" = C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe:*:Enabled:SEMC OMSI Module -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}" = KeyMail Decoder
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26022CEC-C8C4-485B-B5CB-1D65A6C387D5}" = DVConnect
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28E5956B-DBA5-4C14-A97D-79220CCB1FB9}" = ConvertX 3.8.0.193f
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = MouseWare 9.60
"{5B88B667-D3AF-4750-A2AE-B60D66B5249E}" = IE Internet Helper
"{61CC67B1-6FE9-433F-93B2-32D2BCC76990}" = TurboCAD Professional 16
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}" =
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E98D6792-FC51-4187-9448-CA9BF893384E}" = MicroStar Bluetooth Software
"{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Absolute Fretboard Trainer PRO" = Absolute Fretboard Trainer PRO
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Applied Accoustics UltraAnalog VA-1 v1.01" = Applied Accoustics UltraAnalog VA-1 v1.01
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AudioCS" = Creative Audio Console
"BitTorrent" = BitTorrent
"BroadJump Client Foundation" = BroadJump Client Foundation
"CCleaner" = CCleaner
"CDRW Drive Update" = Creative CD Burner Drive Update
"CheckIt Diagnostics" = CheckIt Diagnostics
"CloneDVD2" = CloneDVD2
"Doro_is1" = Doro 1.45
"Elantech" = ETDWare PS/2-x86 7.0.5.2 WHQL
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"KeyStation1x1" = USB Keyboard Device 1.0.1.0
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"mRouterRuntime" =
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments Battery 3" = Native Instruments Battery 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"PowerISO" = PowerISO
"RealPlayer 6.0" = RealPlayer
"RegCure" = RegCure
"SEMC OMSI Module" = SEMC OMSI Module
"SHOWCASE" = Feature Showcase Demo
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SpywareBlaster_is1" = SpywareBlaster 4.3
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SuperOthello1.3" = SuperOthello
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.7.4.1962
"Uninstaller_B224D000_Freeloader Subscription" = Freeloader Subscription (Shared Components)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XviD" = XviD MPEG-4 Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/07/2010 15:03:12 | Computer Name = HAPPY-1 | Source = MsiInstaller | ID = 1024
Description =

Error - 28/07/2010 15:02:32 | Computer Name = HAPPY-1 | Source = MsiInstaller | ID = 1024
Description =

Error - 28/07/2010 15:03:46 | Computer Name = HAPPY-1 | Source = MsiInstaller | ID = 1024
Description =

Error - 28/07/2010 15:03:46 | Computer Name = HAPPY-1 | Source = MsiInstaller | ID = 1024
Description =

Error - 28/07/2010 15:04:24 | Computer Name = HAPPY-1 | Source = MsiInstaller | ID = 1024
Description =

Error - 28/07/2010 16:59:56 | Computer Name = HAPPY-1 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module xvid.dll, version 0.0.0.0, fault address 0x000077a1.

Error - 29/07/2010 15:02:42 | Computer Name = HAPPY-1 | Source = MsiInstaller | ID = 1024
Description =

Error - 29/07/2010 15:04:18 | Computer Name = HAPPY-1 | Source = MsiInstaller | ID = 1024
Description =

Error - 29/07/2010 15:04:18 | Computer Name = HAPPY-1 | Source = MsiInstaller | ID = 1024
Description =

Error - 29/07/2010 15:05:00 | Computer Name = HAPPY-1 | Source = MsiInstaller | ID = 1024
Description =

[ System Events ]
Error - 30/07/2010 06:09:04 | Computer Name = HAPPY-1 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%2

Error - 30/07/2010 06:09:12 | Computer Name = HAPPY-1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PQIMount

Error - 30/07/2010 15:02:37 | Computer Name = HAPPY-1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070659: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB2202122).

Error - 30/07/2010 15:03:30 | Computer Name = HAPPY-1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070659: Security Update for Microsoft Office Access 2003 (KB981716).

Error - 30/07/2010 15:06:01 | Computer Name = HAPPY-1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070659: Security Update for Microsoft Office Outlook 2003 (KB980373).

Error - 30/07/2010 19:52:30 | Computer Name = HAPPY-1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070659: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB2202122).

Error - 30/07/2010 19:53:18 | Computer Name = HAPPY-1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070659: Security Update for Microsoft Office Access 2003 (KB981716).

Error - 30/07/2010 19:53:36 | Computer Name = HAPPY-1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070659: Security Update for Microsoft Office Outlook 2003 (KB980373).

Error - 31/07/2010 06:05:01 | Computer Name = HAPPY-1 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%2

Error - 31/07/2010 06:05:07 | Computer Name = HAPPY-1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PQIMount

< End of report >

#6
Essexboy

Posted 31 July 2010 - 01:41 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets see what this does

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Erich\LOCALS~1\Temp\iMSPQMn.sys -- (iMSPQMn)
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={7779CE3D-7639-9238-AB7A-813DB593B530}&q="
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 pagead2.googlesyndication.com
O1 - Hosts: om
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [RemoteCenter] File not found
O4 - HKU\S-1-5-21-776561741-2049760794-682003330-1003..\Run: [RemoteControl] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2005/08/28 12:17:27 | 000,001,056 | -HS- | M] () -- C:\2lwjovma.sys
[2009/12/14 11:32:23 | 000,000,095 | ---- | M] () -- C:\a.ini

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>Ý\†Ð=ŸàÛ±Þ"=- 

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#7
Erichw

Posted 31 July 2010 - 03:17 PM

Member

Topic Starter
Member
19 posts

OTL logfile created on: 31/07/2010 22:12:06 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Erich\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.76 Gb Total Space | 3.45 Gb Free Space | 11.21% Space Free | Partition Type: NTFS
Drive D: | 39.55 Gb Total Space | 32.49 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
Drive E: | 59.77 Gb Total Space | 4.46 Gb Free Space | 7.47% Space Free | Partition Type: NTFS
Drive F: | 59.84 Gb Total Space | 12.69 Gb Free Space | 21.21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAPPY-1
Current User Name: Erich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/31 20:05:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erich\My Documents\Downloads\OTL.exe
PRC - [2010/07/25 09:41:18 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/25 09:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/03 18:33:16 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
PRC - [2010/06/03 18:33:14 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
PRC - [2010/05/07 13:36:10 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/01/08 10:35:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2003/01/27 18:16:58 | 000,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe

========== Modules (SafeList) ==========

MOD - [2010/07/31 20:05:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erich\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/09 12:32:30 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AOLService)
SRV - [2010/06/15 00:31:16 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/03 18:33:16 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe -- (EmmaUpdMgmtSvc)
SRV - [2010/06/03 18:33:14 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe -- (EmmaDevMgmtSvc)
SRV - [2010/05/07 13:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/05 21:44:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/01/08 10:35:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/02/01 18:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/01/17 22:14:01 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Freeloader Shared\Service\Freeloader Subscription Service File.exe -- (Freeloader Subscription Service)
SRV - [2007/01/08 16:08:10 | 000,094,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MA111nd5.sys -- (WlanUIB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PPPoEWin.SYS -- (PPPoEWin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Erich\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2010/07/06 11:15:22 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2009/11/08 00:01:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/06 09:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/06 09:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/03/30 16:32:20 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ETD.sys -- (ETD)
DRV - [2009/03/04 14:42:56 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/03/04 14:42:56 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/03/04 14:42:42 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/03/04 14:42:42 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/03/04 14:42:30 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/03/04 14:42:30 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/03/04 14:42:16 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/03/04 14:42:16 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/02/22 18:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/05/03 05:46:00 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 19:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/14 07:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/08/07 20:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/02/16 01:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/02/14 17:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2005/08/09 16:08:10 | 000,010,991 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2005/08/09 16:08:10 | 000,010,991 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2005/08/09 16:08:10 | 000,007,278 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005/04/01 23:43:14 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/03/31 17:13:34 | 000,016,640 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/03/31 17:13:32 | 000,146,684 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/03/31 17:13:32 | 000,052,856 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/03/31 17:13:32 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/03/31 17:13:30 | 001,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/03/05 17:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 17:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2004/02/24 04:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/03/25 18:50:46 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 16:14:46 | 000,049,024 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 18:19:08 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 16:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://en-GB.start2....en-GB:official"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: [email protected]:2.21.3
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/28 17:55:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 09:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 09:41:38 | 000,000,000 | ---D | M]

[2008/09/05 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Extensions
[2008/09/05 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Extensions\[email protected]
[2010/07/30 22:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions
[2010/04/29 11:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/29 11:00:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/25 23:54:20 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010/04/18 18:10:13 | 000,000,000 | ---D | M] (Property Bee) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
[2010/06/07 14:39:28 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/07/24 12:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\[email protected]
[2010/07/24 12:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\[email protected]
[2010/07/30 22:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 12:09:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/01/23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/22 16:17:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/22 16:17:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/22 16:17:48 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/22 16:17:48 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/31 21:46:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-776561741-2049760794-682003330-1003..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = DF 00 00 00 [binary data]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....015/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...rl/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aolsvc....kup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by21fd.bay21....es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1135809803691 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-phot...opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.planning...ImageUpload.dll (IlosoftImageUploadCtl Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15023/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Erich\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erich\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/27 16:04:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 09:59:28 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{f8a4ad61-9ed4-11d9-9342-806d6172696f}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- [2008/04/14 05:42:42 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/31 21:46:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/30 22:22:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Erich\Recent
[2010/07/30 00:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/07/29 23:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\PCFix
[2010/07/29 21:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/07/26 14:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\DoroPDFWriter
[2010/07/21 17:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/07/21 17:19:19 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2010/07/21 17:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995
[2010/07/16 11:32:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/16 01:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CADProfi
[2010/07/12 18:15:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegCure
[2010/07/12 18:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/07/12 14:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/07/11 16:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\XviD
[2010/07/07 16:24:45 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010/07/07 16:12:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\nvidia icons
[2010/07/07 16:07:16 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/07/01 13:01:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/06/21 10:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\My Documents\Defrag Reports
[2010/06/17 10:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint 5.5
[2010/06/15 01:38:35 | 000,000,000 | ---D | C] -- C:\_AcroTemp
[2010/06/15 00:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/06/15 00:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/06/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/06/10 02:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Local Settings\Application Data\Sony
[2010/06/10 02:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\My Documents\My Podcasts
[2010/06/10 02:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\My Documents\Media Go
[2010/06/10 02:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2010/06/10 02:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/06/10 02:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/06/10 02:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\Sony Setup
[2010/06/10 02:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\Sony
[2010/06/10 01:42:10 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010/06/10 01:42:10 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010/06/10 01:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Ericsson
[2010/06/10 01:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\My Documents\Sony Ericsson
[2010/06/10 01:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/06/10 01:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Local Settings\Application Data\Sony Ericsson
[2010/06/10 01:24:31 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeFB.dll
[2010/06/10 01:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010/06/10 01:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2010/05/14 23:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\Smart PDF Creator
[2010/05/05 21:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Maxtor
[2010/05/04 17:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/05/03 14:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Local Settings\Application Data\Autodesk
[2010/05/03 14:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\Autodesk
[2010/05/03 14:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2007/04/09 13:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/03/27 17:19:52 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005/03/27 17:19:52 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/31 21:56:18 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/31 21:56:17 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/31 21:56:15 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/31 21:54:37 | 000,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/07/31 21:54:17 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/31 21:54:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/31 21:54:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/31 21:54:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/31 21:51:47 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\Erich\ntuser.dat
[2010/07/31 21:51:47 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/07/31 21:51:47 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/07/31 21:51:47 | 000,031,608 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/07/31 21:51:47 | 000,031,608 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/07/31 21:51:47 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/07/31 21:48:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Erich\ntuser.ini
[2010/07/31 21:46:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/31 19:56:27 | 043,627,008 | ---- | M] () -- C:\Program Files\CIS_Setup.msi
[2010/07/31 16:47:07 | 005,557,912 | -H-- | M] () -- C:\Documents and Settings\Erich\Local Settings\Application Data\IconCache.db
[2010/07/31 16:47:07 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-20011102}.CDF
[2010/07/31 16:47:07 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-20011102}.BAK
[2010/07/30 22:21:31 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Erich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/29 22:51:33 | 000,006,548 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/07/28 14:32:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/26 15:00:34 | 000,159,014 | ---- | M] () -- C:\WINDOWS\System32\25 Tomlins Grove-b.pdf
[2010/07/24 11:51:39 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Maxtor Manager.lnk
[2010/07/21 17:27:10 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2010/07/21 17:27:10 | 000,000,025 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/07/21 17:27:09 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/07/12 18:16:23 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/12 18:15:59 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Erich\Desktop\RegCure Application.lnk
[2010/07/12 14:52:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010/07/08 11:30:00 | 000,054,808 | ---- | M] () -- C:\Documents and Settings\Erich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/07 23:02:45 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Erich\Desktop\CCleaner.lnk
[2010/07/06 11:15:22 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010/06/28 18:57:40 | 000,231,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/28 17:35:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/26 17:10:52 | 000,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/06/24 13:01:38 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/24 11:22:49 | 007,368,736 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/06/24 11:22:49 | 000,876,576 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/06/24 11:22:49 | 000,062,840 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/06/24 11:22:49 | 000,008,268 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/06/10 03:46:58 | 000,000,725 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/10 02:42:18 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk
[2010/06/10 01:45:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/06/10 01:45:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/06/10 01:45:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/06/10 01:24:33 | 000,001,853 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/06/10 01:24:31 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeFB.dll
[2010/06/04 01:03:19 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Erich\Desktop\SpywareBlaster.lnk
[2010/06/02 22:33:56 | 000,000,166 | ---- | M] () -- C:\WINDOWS\EnvironmentsDlg.ini
[2010/06/02 13:52:40 | 000,000,196 | ---- | M] () -- C:\WINDOWS\MaterialsDlg.ini
[2010/05/23 15:05:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/23 15:05:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/14 23:54:48 | 000,939,676 | ---- | M] () -- C:\WINDOWS\System32\SSPDFD
[2010/05/09 03:10:27 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Erich\Application Data\vso_ts_preview.xml
[2010/05/06 21:17:14 | 000,000,023 | ---- | M] () -- C:\WINDOWS\ANS2000.INI
[2010/05/06 21:17:14 | 000,000,020 | -H-- | M] () -- C:\WINDOWS\akebook.ini
[2010/05/06 21:17:14 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\a3kebook.ini
[2010/05/06 14:54:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/04 18:51:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Erich\Application Data\AVSDVDPlayer.m3u
[2010/05/04 18:11:00 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Erich\Desktop\MagicISO.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/31 00:30:49 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-20011102}.BAK
[2010/07/30 00:14:25 | 043,627,008 | ---- | C] () -- C:\Program Files\CIS_Setup.msi
[2010/07/26 15:00:33 | 000,159,014 | ---- | C] () -- C:\WINDOWS\System32\25 Tomlins Grove-b.pdf
[2010/07/21 17:19:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/07/21 17:19:19 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/07/12 18:16:22 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/12 18:16:16 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/12 18:15:59 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\Erich\Desktop\RegCure Application.lnk
[2010/07/12 14:52:26 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010/07/07 14:32:14 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/07/07 14:32:14 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/07/07 14:32:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/07/07 14:32:13 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2010/07/07 14:32:12 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/07/07 14:32:11 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/07/07 14:32:09 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/07/07 14:32:00 | 000,018,070 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/07/07 14:31:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/07/07 14:31:36 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/07/01 13:07:45 | 000,006,548 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/06/10 02:42:18 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk
[2010/06/10 01:45:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/06/10 01:45:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/06/10 01:45:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/06/10 01:24:33 | 000,001,853 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/06/02 13:52:40 | 000,000,196 | ---- | C] () -- C:\WINDOWS\MaterialsDlg.ini
[2010/06/02 13:52:40 | 000,000,166 | ---- | C] () -- C:\WINDOWS\EnvironmentsDlg.ini
[2010/05/14 23:54:47 | 000,939,676 | ---- | C] () -- C:\WINDOWS\System32\SSPDFD
[2010/05/06 21:17:14 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2010/05/06 21:17:14 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2010/05/06 21:17:14 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2010/05/06 14:54:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/05 21:20:06 | 000,002,397 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Maxtor Manager.lnk
[2010/05/04 18:11:00 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Erich\Desktop\MagicISO.lnk
[2010/04/08 00:25:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/04/08 00:25:17 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2009/12/14 03:23:26 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2009/12/14 03:23:25 | 001,271,296 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2009/12/14 03:23:24 | 001,015,128 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2009/12/14 03:23:24 | 000,369,152 | ---- | C] () -- C:\WINDOWS\System32\cygfreetype-6.dll
[2009/12/14 03:23:24 | 000,176,640 | ---- | C] () -- C:\WINDOWS\System32\cygpng12.dll
[2009/11/05 22:32:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2009/08/30 22:21:04 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/04/02 18:53:49 | 000,054,060 | ---- | C] () -- C:\WINDOWS\nick.ini
[2009/04/02 18:53:49 | 000,030,848 | ---- | C] () -- C:\WINDOWS\servers.ini
[2009/04/02 18:53:49 | 000,028,000 | ---- | C] () -- C:\WINDOWS\ident.ini
[2009/04/02 18:53:49 | 000,006,365 | ---- | C] () -- C:\WINDOWS\isim.ini
[2009/04/02 18:53:49 | 000,006,365 | ---- | C] () -- C:\WINDOWS\email.ini
[2009/04/02 18:53:49 | 000,003,535 | ---- | C] () -- C:\WINDOWS\script1.ini
[2009/04/02 18:53:49 | 000,003,318 | ---- | C] () -- C:\WINDOWS\mirc.ini
[2009/04/02 18:53:49 | 000,000,910 | ---- | C] () -- C:\WINDOWS\netdep.ini
[2009/04/02 18:53:49 | 000,000,840 | ---- | C] () -- C:\WINDOWS\script.ini
[2009/04/02 18:53:49 | 000,000,368 | ---- | C] () -- C:\WINDOWS\script2.ini
[2009/04/02 18:53:49 | 000,000,326 | ---- | C] () -- C:\WINDOWS\remote.ini
[2009/04/02 18:53:49 | 000,000,285 | ---- | C] () -- C:\WINDOWS\aliases.ini
[2009/04/02 18:53:49 | 000,000,111 | ---- | C] () -- C:\WINDOWS\perform.ini
[2009/04/02 18:53:49 | 000,000,090 | ---- | C] () -- C:\WINDOWS\dos.ini
[2009/04/02 18:53:49 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SCRNCAM.ini
[2009/04/02 18:53:49 | 000,000,016 | ---- | C] () -- C:\WINDOWS\tmon.ini
[2009/04/02 18:53:49 | 000,000,014 | ---- | C] () -- C:\WINDOWS\umon.ini
[2009/04/02 18:53:49 | 000,000,014 | ---- | C] () -- C:\WINDOWS\dmon.ini
[2009/04/02 18:53:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\one.ini
[2009/03/04 12:47:28 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008/09/27 18:42:35 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/21 00:19:01 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/08/13 20:45:02 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/07/01 18:03:15 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Ef.INI
[2007/04/23 13:15:16 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:32:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/02/05 23:50:02 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/05 23:50:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/24 00:04:40 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/11/08 00:52:22 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2006/11/08 00:52:22 | 000,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2006/11/08 00:52:22 | 000,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2006/11/08 00:52:22 | 000,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2006/11/08 00:52:22 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2006/10/02 17:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/07/15 16:02:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/29 22:47:07 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/31 20:40:51 | 000,000,048 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2006/05/22 23:40:51 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/05/22 23:34:57 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/05/22 19:43:00 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2005/08/28 12:32:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/05/01 22:58:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/25 20:19:33 | 000,000,674 | ---- | C] () -- C:\WINDOWS\CheckIt.INI
[2005/04/02 00:19:12 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2005/04/02 00:18:57 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2005/03/28 16:47:23 | 000,018,542 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/03/27 23:13:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/27 21:26:34 | 000,000,543 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/03/27 20:50:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/03/27 20:45:59 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2005/03/27 20:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/27 18:28:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2004/08/22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/03 23:56:44 | 000,002,112 | ---- | C] () -- C:\WINDOWS\System32\b44itwnw.dll
[2004/03/31 17:13:32 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2004/03/31 17:13:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/03/31 17:13:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2004/03/31 17:13:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2004/03/31 17:13:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll
[2004/03/31 17:13:30 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2004/03/31 17:13:30 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/03/27 16:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 18:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2002/04/05 16:40:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/10/28 02:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2010/06/28 12:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IMSIDesign
[2010/06/26 12:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/07/12 13:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2005/03/27 16:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2010/06/10 01:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/07/16 01:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CADProfi
[2009/11/07 23:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/08 16:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/01/25 17:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2007/05/12 19:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/04/07 18:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSIDesign
[2010/04/08 15:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/02/23 17:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008/08/07 23:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/01/25 14:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/07/28 19:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/07/21 17:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/12/14 03:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/31 12:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/05 22:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2005/03/27 21:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/24 22:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2008/09/21 00:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/01/16 00:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2009/03/20 00:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/08 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 23:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 23:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/03 09:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\AltrixSoft
[2007/09/11 19:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Applied Acoustics Systems
[2010/05/26 00:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Audacity
[2010/07/12 13:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Autodesk
[2010/07/29 22:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\BitTorrent
[2008/09/28 17:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/04 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2009/09/12 18:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DAEMON Tools
[2009/09/12 18:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DAEMON Tools Lite
[2006/03/14 18:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DataLayer
[2008/06/19 00:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DeepBurner
[2009/11/05 20:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DeviceDoctorSoftware
[2009/01/25 17:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\eBay
[2006/06/25 14:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Elaborate Bytes
[2007/06/18 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\FlashFXP
[2007/05/10 00:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\ImgBurn
[2010/04/07 18:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\IMSIDesign
[2005/04/02 14:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\IsolatedStorage
[2006/02/14 17:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Leadertech
[2007/06/21 23:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Learn2.com
[2007/05/08 20:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\MSNInstaller
[2008/07/27 17:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Nokia
[2008/08/07 23:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\NSeries
[2008/07/27 17:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\PC Suite
[2010/07/29 23:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\PCFix
[2008/02/05 22:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\SlySoft
[2010/05/14 23:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Smart PDF Creator
[2010/06/10 02:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Sony
[2010/06/10 02:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Sony Setup
[2006/06/15 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Steinberg
[2010/02/10 23:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\SystemRequirementsLab
[2008/09/05 22:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\TomTom
[2006/05/19 17:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\TrojanHunter
[2010/04/08 17:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Uniblue
[2009/08/24 22:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Virgin Broadband
[2010/05/02 23:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Vso
[2007/09/11 20:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Waves Audio
[2008/01/25 19:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\WholeSecurity
[2010/04/08 00:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\WinBatch
[2010/07/31 21:54:17 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/07/12 18:16:23 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99671BE2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD34FE88
< End of report >

#8
Erichw

Posted 31 July 2010 - 04:28 PM

Member

Topic Starter
Member
19 posts

Here is the Malware log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4375

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31/07/2010 23:14:23
mbam-log-2010-07-31 (23-14-23).txt

Scan type: Quick scan
Objects scanned: 142207
Time elapsed: 42 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\bszip.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\Program Files\outlook\p.zip (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmd.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ping.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regedit.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taskkill.com (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully.

#9
Essexboy

Posted 31 July 2010 - 04:31 PM

GeekU Moderator

Retired Staff
69,964 posts

Looks better - one final programme to run I feel - On completion of this run can you let me know what problems remain

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#10
Erichw

Posted 01 August 2010 - 05:29 AM

Member

Topic Starter
Member
19 posts

Hi here is the log:

ComboFix 10-07-31.04 - Erich 01/08/2010 11:54:53.1.1 - x86
Running from: c:\documents and settings\Erich\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hpeFB.dll
c:\documents and settings\Erich\Application Data\inst.exe
c:\program files\outlook
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\daemon.dll
c:\windows\mirc.ini
c:\windows\remote.ini
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SrchSTS.exe
F:\AUTORUN.INF

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-07-31 21:24 . 2010-07-31 21:24 -------- d-----w- c:\documents and settings\Erich\Application Data\Malwarebytes
2010-07-31 21:23 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 21:23 . 2010-07-31 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-31 21:23 . 2010-07-31 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 21:23 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 20:46 . 2010-07-31 20:46 -------- d-----w- C:\_OTL
2010-07-29 23:14 . 2010-07-31 18:56 43627008 ----a-w- c:\program files\CIS_Setup.msi
2010-07-29 23:13 . 2010-07-29 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-07-29 22:27 . 2010-07-29 22:28 -------- d-----w- c:\documents and settings\Erich\Application Data\PCFix
2010-07-29 20:59 . 2010-07-29 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-07-26 13:57 . 2010-07-26 13:57 -------- d-----w- c:\program files\DoroPDFWriter
2010-07-21 16:19 . 2010-07-21 16:27 25 ----a-w- c:\windows\wpd99.drv
2010-07-21 16:19 . 2010-07-21 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-07-21 16:19 . 2010-07-21 16:27 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-07-21 16:19 . 2010-07-21 16:27 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-07-21 16:19 . 2010-07-21 16:24 -------- d-----w- c:\program files\pdf995
2010-07-16 11:04 . 2010-07-16 11:04 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-16 00:40 . 2010-07-16 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\CADProfi
2010-07-14 11:06 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 17:15 . 2010-07-12 17:20 -------- d-----w- c:\program files\RegCure
2010-07-12 17:15 . 2010-07-12 17:15 -------- d-----w- c:\windows\RegCure
2010-07-12 13:52 . 2010-07-12 13:52 -------- d-----w- c:\program files\PowerISO
2010-07-11 15:38 . 2010-07-11 15:38 -------- d-----w- c:\program files\XviD
2010-07-07 15:24 . 2010-07-06 10:15 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-07-07 15:12 . 2010-07-07 15:12 -------- d-----w- c:\windows\nvidia icons
2010-07-07 15:08 . 2008-04-30 16:27 442368 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-07 15:07 . 2010-07-07 15:11 -------- d-----w- C:\NVIDIA
2010-07-07 13:31 . 2008-05-03 04:46 442368 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-07 13:31 . 2008-05-03 04:46 286720 ----a-w- c:\windows\system32\nvnt4cpl.dll
2010-07-07 13:31 . 2008-05-03 04:46 1703936 ----a-w- c:\windows\system32\nvwdmcpl.dll
2010-07-07 13:31 . 2008-05-03 04:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-07 13:31 . 2008-05-03 04:46 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-07 13:31 . 2008-05-03 04:46 13529088 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-07 13:31 . 2008-05-03 04:46 8769536 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-07 13:31 . 2008-05-03 04:46 41984 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-07 13:31 . 2008-05-03 04:46 41984 ----a-w- c:\windows\system32\nvcod.dll
2010-07-07 13:31 . 2008-05-03 04:46 159812 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-07 13:04 . 2008-05-03 04:46 6554496 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-07 13:04 . 2008-05-03 04:46 6554496 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-07-07 13:04 . 2008-05-03 04:46 6108160 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-07 13:04 . 2004-01-29 08:45 4163968 ----a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-07-06 10:15 . 2010-07-07 15:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\eSupport.com
2010-07-05 18:22 . 2010-07-05 22:15 -------- d-----w- c:\documents and settings\Administrator\Tracing

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 22:18 . 2010-07-31 22:18 0 --sh--w- c:\windows\S3EB99085.tmp
2010-07-31 11:59 . 2008-09-30 19:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-29 21:58 . 2008-11-17 21:48 -------- d-----w- c:\program files\MSECache
2010-07-29 21:38 . 2010-02-22 20:36 -------- d-----w- c:\documents and settings\Erich\Application Data\BitTorrent
2010-07-16 00:43 . 2005-03-27 16:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 11:02 . 2006-05-19 20:13 -------- d-----w- c:\program files\SpywareBlaster
2010-07-12 12:55 . 2010-05-03 13:21 -------- d-----w- c:\documents and settings\Erich\Application Data\Autodesk
2010-07-12 12:55 . 2010-05-03 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-07-11 14:56 . 2007-06-25 15:09 -------- d-----w- c:\program files\Native Instruments
2010-07-11 08:45 . 2008-09-27 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-08 10:30 . 2005-03-27 16:03 54808 ----a-w- c:\documents and settings\Erich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-07 22:02 . 2006-05-18 18:36 -------- d-----w- c:\program files\CCleaner
2010-07-07 15:29 . 2007-02-05 22:50 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-01 21:50 . 2010-07-01 18:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-07-01 19:37 . 2010-03-20 22:39 -------- d-----w- c:\program files\iTunes
2010-06-28 19:42 . 2010-06-26 19:30 54808 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 11:59 . 2010-06-28 11:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\IMSIDesign
2010-06-26 19:03 . 2010-06-26 18:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Creative
2010-06-26 11:33 . 2010-06-26 11:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2010-06-24 10:22 . 2009-01-31 18:08 876576 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-06-24 10:22 . 2009-01-31 18:08 8268 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-06-24 10:22 . 2009-01-31 18:08 7368736 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-24 10:22 . 2009-01-31 18:08 62840 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-17 09:40 . 2010-06-17 09:40 -------- d-----w- c:\program files\Microsoft IntelliPoint 5.5
2010-06-14 23:55 . 2010-06-14 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-06-14 23:31 . 2005-03-27 19:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-14 23:31 . 2010-06-14 23:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-14 19:01 . 2010-06-14 19:01 -------- d-----w- c:\program files\TomTom International B.V
2010-06-14 14:31 . 2005-03-27 15:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 01:42 . 2010-06-10 01:34 -------- d-----w- c:\documents and settings\Erich\Application Data\Sony
2010-06-10 01:42 . 2010-06-10 01:42 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-06-10 01:41 . 2010-06-10 01:40 -------- d-----w- c:\program files\Sony
2010-06-10 01:40 . 2010-06-10 01:40 10134 ----a-r- c:\documents and settings\Erich\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-06-10 01:40 . 2010-06-10 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-06-10 01:34 . 2010-06-10 01:34 -------- d-----w- c:\documents and settings\Erich\Application Data\Sony Setup
2010-06-10 01:03 . 2010-06-10 01:03 105592 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\35\1\.cp\lib\BHQFlash.dll
2010-06-10 01:03 . 2010-06-10 01:03 1772664 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\35\1\.cp\lib\BHQ.dll
2010-06-10 01:03 . 2010-06-10 01:03 105592 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\59\1\.cp\lib\MemStickFlash.dll
2010-06-10 01:01 . 2010-06-10 01:01 81016 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\69\1\.cp\lib\S1SLEngineWrapper.dll
2010-06-10 01:01 . 2010-06-10 01:01 101496 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\80\1\.cp\lib\USBFlash.dll
2010-06-10 00:59 . 2010-06-10 00:59 56440 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\73\1\.cp\lib\sef3x1Controller.dll
2010-06-10 00:45 . 2010-06-10 00:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-06-10 00:45 . 2010-06-10 00:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-06-10 00:45 . 2010-06-10 00:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-06-10 00:43 . 2010-06-10 00:43 109688 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\82\1\.cp\lib\WinMobileWrapper.dll
2010-06-10 00:43 . 2010-06-10 00:43 109688 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\65\1\.cp\lib\osds.dll
2010-06-10 00:42 . 2010-06-10 00:42 89208 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\78\1\.cp\lib\UAC.dll
2010-06-10 00:42 . 2010-06-10 00:42 323648 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\10\1\.cp\lib\win32\DIFxAPI.dll
2010-06-10 00:42 . 2010-06-10 00:42 158840 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\10\1\.cp\lib\win32\DriverInstaller.exe
2010-06-10 00:42 . 2010-06-10 00:42 154744 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\8\1\.cp\lib\win32\DeviceRemover.exe
2010-06-10 00:42 . 2010-06-10 00:42 57344 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\4\1\.cp\lib\serialio.dll
2010-06-10 00:42 . 2010-06-10 00:42 216184 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\67\1\.cp\lib\RegistryReader.dll
2010-06-10 00:42 . 2010-06-10 00:42 117880 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\6\1\.cp\lib\DeviceManager.dll
2010-06-10 00:41 . 2010-06-10 00:41 -------- d-----w- c:\program files\Common Files\Sony Ericsson
2010-06-10 00:40 . 2010-06-10 00:24 -------- d-----w- c:\program files\Sony Ericsson
2010-06-10 00:39 . 2010-06-10 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-06-10 00:27 . 2010-06-10 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-06-07 14:52 . 2010-04-07 16:56 -------- d-----w- c:\program files\TurboCAD Pro 16.2
2010-06-05 11:07 . 2009-09-19 09:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-27 15:35 . 2010-05-27 15:35 503808 ----a-w- c:\documents and settings\Erich\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-64772aa9-n\msvcp71.dll
2010-05-27 15:35 . 2010-05-27 15:35 499712 ----a-w- c:\documents and settings\Erich\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-64772aa9-n\jmc.dll
2010-05-27 15:35 . 2010-05-27 15:35 348160 ----a-w- c:\documents and settings\Erich\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-64772aa9-n\msvcr71.dll
2010-05-27 15:35 . 2010-05-27 15:35 61440 ----a-w- c:\documents and settings\Erich\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1f4a2f54-n\decora-sse.dll
2010-05-27 15:35 . 2010-05-27 15:35 12800 ----a-w- c:\documents and settings\Erich\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1f4a2f54-n\decora-d3d.dll
2010-05-06 13:54 . 2010-05-06 13:54 0 ----a-w- c:\windows\nsreg.dat
2010-05-06 10:41 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2008-06-30 12:44 . 2008-09-21 15:57 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Mozilla Firefox\firefox.exe" [2010-07-25 910296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-23 204800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MA111 Configuration Utility.lnk]
backup=c:\windows\pss\MA111 Configuration Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Erich^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erich^Start Menu^Programs^Startup^ZooskMessenger.lnk]
backup=c:\windows\pss\ZooskMessenger.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverGenius
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mapper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Manager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-04-03 15:44 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-04-03 21:32 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 10:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-16 20:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-07-02 09:03 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2009-03-30 12:04 418816 ----a-w- c:\program files\Elantech\ETDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 00:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2007-09-06 13:53 169264 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-03 04:46 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-03-14 23:50 233472 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2003-06-12 08:47 135168 ----a-w- c:\program files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-03 17:06 45056 ----a-w- c:\program files\Creative\SB Drive Det\SBDrvDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 09:17 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 15:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-05-07 12:36 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster]
2009-09-29 14:44 59184 ----a-w- c:\program files\Uniblue\RegistryBooster 2010\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"Symantec RemoteAssist"=3 (0x3)
"rpcapd"=2 (0x2)
"MA_CMIDI_InstallerService"=2 (0x2)
"Maxtor Sync Service"=2 (0x2)
"iPod Service"=3 (0x3)
"btwdins"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOLService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Freeloader Subscription Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8668:TCP"= 8668:TCP:BitComet 8668 TCP
"8668:UDP"= 8668:UDP:BitComet 8668 UDP

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [27/03/2005 17:19 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [27/03/2005 17:19 5248]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [02/04/2005 15:43 3744]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [03/06/2010 18:33 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [03/06/2010 18:33 162936]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [02/04/2005 15:43 3904]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [10/06/2010 01:24 90112]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [07/05/2010 13:36 92008]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [04/03/2009 14:42 566296]
S0 PQV2i;PQV2i; [x]
S1 PQIMount;PQIMount; [x]
S3 Amsras;Amsras; [x]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [04/03/2009 14:42 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [04/03/2009 14:42 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [05/11/2009 21:44 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [04/03/2009 14:42 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [04/03/2009 14:42 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [04/03/2009 14:42 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [04/03/2009 14:42 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [04/03/2009 14:42 566296]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [07/07/2010 16:24 23456]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [05/11/2009 22:17 129024]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/06/2010 01:42 13224]
S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\system32\DRIVERS\MA111nd5.sys --> c:\windows\system32\DRIVERS\MA111nd5.sys [?]
S4 Freeloader Subscription Service;Freeloader Subscription Service;c:\program files\Common Files\Freeloader Shared\Service\Freeloader Subscription Service File.exe [17/01/2007 22:14 68096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/09/2008 18:42 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-08-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]

2010-07-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.planningandprojects.co.uk/auth/controls/IlosoftImageUpload.dll
FF - ProfilePath - c:\documents and settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Broadbandadvisor - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 12:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89FC2E68]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf7588cb8
\Driver\atapi -> 0x89fc2e68
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: SiS 900-Based PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7881b0a
PacketIndicateHandler -> NDIS.sys @ 0xf788ca21
SendHandler -> NDIS.sys @ 0xf7881949
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1744)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\System32\GEARSec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-08-01 12:18:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-01 11:18

Pre-Run: 3,763,949,568 bytes free
Post-Run: 3,755,372,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 19EBAEE91D97878173A0E364030DAE84

#11
Essexboy

Posted 01 August 2010 - 05:34 AM

GeekU Moderator

Retired Staff
69,964 posts

What are your current problems ?

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

MBR::

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new OTListit log.

#12
Erichw

Posted 01 August 2010 - 08:12 AM

Member

Topic Starter
Member
19 posts

Hi just checking whether the code in code box is complete as this seems very short...?

Also, can I now install Kaspersky before these final checks?

#13
Essexboy

Posted 01 August 2010 - 09:26 AM

GeekU Moderator

Retired Staff
69,964 posts

Yes that is correct I am just checking the MBR this time

I feel it is OK but I just need to be sure

#14
Erichw

Posted 01 August 2010 - 11:34 AM

Member

Topic Starter
Member
19 posts

ComboFix 10-07-31.04 - Erich 01/08/2010 18:03:53.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1670 [GMT 1:00]
Running from: c:\documents and settings\Erich\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Erich\My Documents\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Erich\.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-07-31 21:24 . 2010-07-31 21:24 -------- d-----w- c:\documents and settings\Erich\Application Data\Malwarebytes
2010-07-31 21:23 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 21:23 . 2010-07-31 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-31 21:23 . 2010-07-31 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 21:23 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 20:46 . 2010-07-31 20:46 -------- d-----w- C:\_OTL
2010-07-29 23:14 . 2010-07-31 18:56 43627008 ----a-w- c:\program files\CIS_Setup.msi
2010-07-29 23:13 . 2010-07-29 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-07-29 22:27 . 2010-07-29 22:28 -------- d-----w- c:\documents and settings\Erich\Application Data\PCFix
2010-07-29 20:59 . 2010-07-29 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-07-26 13:57 . 2010-07-26 13:57 -------- d-----w- c:\program files\DoroPDFWriter
2010-07-21 16:19 . 2010-07-21 16:27 25 ----a-w- c:\windows\wpd99.drv
2010-07-21 16:19 . 2010-07-21 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-07-21 16:19 . 2010-07-21 16:27 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-07-21 16:19 . 2010-07-21 16:27 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-07-21 16:19 . 2010-07-21 16:24 -------- d-----w- c:\program files\pdf995
2010-07-16 11:04 . 2010-07-16 11:04 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-16 00:40 . 2010-07-16 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\CADProfi
2010-07-14 11:06 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 17:15 . 2010-07-12 17:20 -------- d-----w- c:\program files\RegCure
2010-07-12 17:15 . 2010-07-12 17:15 -------- d-----w- c:\windows\RegCure
2010-07-12 13:52 . 2010-07-12 13:52 -------- d-----w- c:\program files\PowerISO
2010-07-11 15:38 . 2010-07-11 15:38 -------- d-----w- c:\program files\XviD
2010-07-07 15:24 . 2010-07-06 10:15 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-07-07 15:12 . 2010-07-07 15:12 -------- d-----w- c:\windows\nvidia icons
2010-07-07 15:08 . 2008-04-30 16:27 442368 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-07 15:07 . 2010-07-07 15:11 -------- d-----w- C:\NVIDIA
2010-07-07 13:31 . 2008-05-03 04:46 442368 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-07 13:31 . 2008-05-03 04:46 286720 ----a-w- c:\windows\system32\nvnt4cpl.dll
2010-07-07 13:31 . 2008-05-03 04:46 1703936 ----a-w- c:\windows\system32\nvwdmcpl.dll
2010-07-07 13:31 . 2008-05-03 04:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-07 13:31 . 2008-05-03 04:46 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-07 13:31 . 2008-05-03 04:46 13529088 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-07 13:31 . 2008-05-03 04:46 8769536 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-07 13:31 . 2008-05-03 04:46 41984 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-07 13:31 . 2008-05-03 04:46 41984 ----a-w- c:\windows\system32\nvcod.dll
2010-07-07 13:31 . 2008-05-03 04:46 159812 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-07 13:04 . 2008-05-03 04:46 6554496 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-07 13:04 . 2008-05-03 04:46 6554496 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-07-07 13:04 . 2008-05-03 04:46 6108160 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-07 13:04 . 2004-01-29 08:45 4163968 ----a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-07-06 10:15 . 2010-07-07 15:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\eSupport.com
2010-07-05 18:22 . 2010-07-05 22:15 -------- d-----w- c:\documents and settings\Administrator\Tracing

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 22:18 . 2010-07-31 22:18 0 --sh--w- c:\windows\S3EB99085.tmp
2010-07-31 11:59 . 2008-09-30 19:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-29 21:58 . 2008-11-17 21:48 -------- d-----w- c:\program files\MSECache
2010-07-29 21:38 . 2010-02-22 20:36 -------- d-----w- c:\documents and settings\Erich\Application Data\BitTorrent
2010-07-16 00:43 . 2005-03-27 16:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 11:02 . 2006-05-19 20:13 -------- d-----w- c:\program files\SpywareBlaster
2010-07-12 12:55 . 2010-05-03 13:21 -------- d-----w- c:\documents and settings\Erich\Application Data\Autodesk
2010-07-12 12:55 . 2010-05-03 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-07-11 14:56 . 2007-06-25 15:09 -------- d-----w- c:\program files\Native Instruments
2010-07-11 08:45 . 2008-09-27 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-08 10:30 . 2005-03-27 16:03 54808 ----a-w- c:\documents and settings\Erich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-07 22:02 . 2006-05-18 18:36 -------- d-----w- c:\program files\CCleaner
2010-07-07 15:29 . 2007-02-05 22:50 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-01 21:50 . 2010-07-01 18:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-07-01 19:37 . 2010-03-20 22:39 -------- d-----w- c:\program files\iTunes
2010-06-28 19:42 . 2010-06-26 19:30 54808 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 11:59 . 2010-06-28 11:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\IMSIDesign
2010-06-26 19:03 . 2010-06-26 18:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Creative
2010-06-26 11:33 . 2010-06-26 11:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2010-06-24 10:22 . 2009-01-31 18:08 876576 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-06-24 10:22 . 2009-01-31 18:08 8268 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-06-24 10:22 . 2009-01-31 18:08 7368736 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-24 10:22 . 2009-01-31 18:08 62840 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-17 09:40 . 2010-06-17 09:40 -------- d-----w- c:\program files\Microsoft IntelliPoint 5.5
2010-06-14 23:55 . 2010-06-14 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-06-14 23:31 . 2005-03-27 19:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-14 23:31 . 2010-06-14 23:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-14 19:01 . 2010-06-14 19:01 -------- d-----w- c:\program files\TomTom International B.V
2010-06-14 14:31 . 2005-03-27 15:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 01:42 . 2010-06-10 01:34 -------- d-----w- c:\documents and settings\Erich\Application Data\Sony
2010-06-10 01:42 . 2010-06-10 01:42 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-06-10 01:41 . 2010-06-10 01:40 -------- d-----w- c:\program files\Sony
2010-06-10 01:40 . 2010-06-10 01:40 10134 ----a-r- c:\documents and settings\Erich\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-06-10 01:40 . 2010-06-10 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-06-10 01:34 . 2010-06-10 01:34 -------- d-----w- c:\documents and settings\Erich\Application Data\Sony Setup
2010-06-10 01:03 . 2010-06-10 01:03 105592 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\35\1\.cp\lib\BHQFlash.dll
2010-06-10 01:03 . 2010-06-10 01:03 1772664 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\35\1\.cp\lib\BHQ.dll
2010-06-10 01:03 . 2010-06-10 01:03 105592 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\59\1\.cp\lib\MemStickFlash.dll
2010-06-10 01:01 . 2010-06-10 01:01 81016 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\69\1\.cp\lib\S1SLEngineWrapper.dll
2010-06-10 01:01 . 2010-06-10 01:01 101496 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\80\1\.cp\lib\USBFlash.dll
2010-06-10 00:59 . 2010-06-10 00:59 56440 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\73\1\.cp\lib\sef3x1Controller.dll
2010-06-10 00:45 . 2010-06-10 00:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-06-10 00:45 . 2010-06-10 00:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-06-10 00:45 . 2010-06-10 00:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-06-10 00:43 . 2010-06-10 00:43 109688 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\82\1\.cp\lib\WinMobileWrapper.dll
2010-06-10 00:43 . 2010-06-10 00:43 109688 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\65\1\.cp\lib\osds.dll
2010-06-10 00:42 . 2010-06-10 00:42 89208 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\78\1\.cp\lib\UAC.dll
2010-06-10 00:42 . 2010-06-10 00:42 323648 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\10\1\.cp\lib\win32\DIFxAPI.dll
2010-06-10 00:42 . 2010-06-10 00:42 158840 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\10\1\.cp\lib\win32\DriverInstaller.exe
2010-06-10 00:42 . 2010-06-10 00:42 154744 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\8\1\.cp\lib\win32\DeviceRemover.exe
2010-06-10 00:42 . 2010-06-10 00:42 57344 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\4\1\.cp\lib\serialio.dll
2010-06-10 00:42 . 2010-06-10 00:42 216184 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\67\1\.cp\lib\RegistryReader.dll
2010-06-10 00:42 . 2010-06-10 00:42 117880 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\6\1\.cp\lib\DeviceManager.dll
2010-06-10 00:41 . 2010-06-10 00:41 -------- d-----w- c:\program files\Common Files\Sony Ericsson
2010-06-10 00:40 . 2010-06-10 00:24 -------- d-----w- c:\program files\Sony Ericsson
2010-06-10 00:39 . 2010-06-10 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-06-10 00:27 . 2010-06-10 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-06-07 14:52 . 2010-04-07 16:56 -------- d-----w- c:\program files\TurboCAD Pro 16.2
2010-06-05 11:07 . 2009-09-19 09:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-27 15:35 . 2010-05-27 15:35 503808 ----a-w- c:\documents and settings\Erich\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-64772aa9-n\msvcp71.dll
2010-05-27 15:35 . 2010-05-27 15:35 499712 ----a-w- c:\documents and settings\Erich\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-64772aa9-n\jmc.dll
2010-05-27 15:35 . 2010-05-27 15:35 348160 ----a-w- c:\documents and settings\Erich\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-64772aa9-n\msvcr71.dll
2010-05-27 15:35 . 2010-05-27 15:35 61440 ----a-w- c:\documents and settings\Erich\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1f4a2f54-n\decora-sse.dll
2010-05-27 15:35 . 2010-05-27 15:35 12800 ----a-w- c:\documents and settings\Erich\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1f4a2f54-n\decora-d3d.dll
2010-05-06 13:54 . 2010-05-06 13:54 0 ----a-w- c:\windows\nsreg.dat
2010-05-06 10:41 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2008-06-30 12:44 . 2008-09-21 15:57 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Mozilla Firefox\firefox.exe" [2010-07-25 910296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-23 204800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MA111 Configuration Utility.lnk]
backup=c:\windows\pss\MA111 Configuration Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Erich^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erich^Start Menu^Programs^Startup^ZooskMessenger.lnk]
backup=c:\windows\pss\ZooskMessenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-04-03 15:44 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-04-03 21:32 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 10:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-16 20:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-07-02 09:03 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2009-03-30 12:04 418816 ----a-w- c:\program files\Elantech\ETDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 00:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2007-09-06 13:53 169264 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-03 04:46 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-03-14 23:50 233472 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2003-06-12 08:47 135168 ----a-w- c:\program files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-03 17:06 45056 ----a-w- c:\program files\Creative\SB Drive Det\SBDrvDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 09:17 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 15:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-05-07 12:36 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster]
2009-09-29 14:44 59184 ----a-w- c:\program files\Uniblue\RegistryBooster 2010\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"Symantec RemoteAssist"=3 (0x3)
"rpcapd"=2 (0x2)
"MA_CMIDI_InstallerService"=2 (0x2)
"Maxtor Sync Service"=2 (0x2)
"iPod Service"=3 (0x3)
"btwdins"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOLService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Freeloader Subscription Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8668:TCP"= 8668:TCP:BitComet 8668 TCP
"8668:UDP"= 8668:UDP:BitComet 8668 UDP

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [27/03/2005 17:19 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [27/03/2005 17:19 5248]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [02/04/2005 15:43 3744]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [03/06/2010 18:33 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [03/06/2010 18:33 162936]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [02/04/2005 15:43 3904]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [10/06/2010 01:24 90112]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [07/05/2010 13:36 92008]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [04/03/2009 14:42 566296]
S0 PQV2i;PQV2i; [x]
S1 PQIMount;PQIMount; [x]
S3 Amsras;Amsras; [x]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [04/03/2009 14:42 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [04/03/2009 14:42 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [05/11/2009 21:44 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [04/03/2009 14:42 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [04/03/2009 14:42 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [04/03/2009 14:42 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [04/03/2009 14:42 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [04/03/2009 14:42 566296]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [07/07/2010 16:24 23456]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [05/11/2009 22:17 129024]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/06/2010 01:42 13224]
S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\system32\DRIVERS\MA111nd5.sys --> c:\windows\system32\DRIVERS\MA111nd5.sys [?]
S4 Freeloader Subscription Service;Freeloader Subscription Service;c:\program files\Common Files\Freeloader Shared\Service\Freeloader Subscription Service File.exe [17/01/2007 22:14 68096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/09/2008 18:42 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-08-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]

2010-07-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.planningandprojects.co.uk/auth/controls/IlosoftImageUpload.dll
FF - ProfilePath - c:\documents and settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 18:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89FE5130]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf7588cb8
\Driver\atapi -> 0x89fe5130
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: SiS 900-Based PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7881b0a
PacketIndicateHandler -> NDIS.sys @ 0xf788ca21
SendHandler -> NDIS.sys @ 0xf7881949
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\System32\GEARSec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-08-01 18:26:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-01 17:26
ComboFix2.txt 2010-08-01 11:18

Pre-Run: 3,761,209,344 bytes free
Post-Run: 3,739,906,048 bytes free

- - End Of File - - EE2A969DE526D4A30F904F4EAD66E9D3

#15
Erichw

Posted 01 August 2010 - 11:46 AM

Member

Topic Starter
Member
19 posts

Here is the OTL scan:

OTL logfile created on: 01/08/2010 18:36:14 - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Erich\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.76 Gb Total Space | 3.52 Gb Free Space | 11.44% Space Free | Partition Type: NTFS
Drive D: | 39.55 Gb Total Space | 32.49 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
Drive E: | 59.77 Gb Total Space | 4.47 Gb Free Space | 7.47% Space Free | Partition Type: NTFS
Drive F: | 59.84 Gb Total Space | 17.07 Gb Free Space | 28.52% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAPPY-1
Current User Name: Erich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/31 20:05:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erich\My Documents\Downloads\OTL.exe
PRC - [2010/06/03 18:33:16 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
PRC - [2010/06/03 18:33:14 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
PRC - [2010/05/07 13:36:10 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/01/08 10:35:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2003/01/27 18:16:58 | 000,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe

========== Modules (SafeList) ==========

MOD - [2010/07/31 20:05:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erich\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AOLService)
SRV - [2010/06/15 00:31:16 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/03 18:33:16 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe -- (EmmaUpdMgmtSvc)
SRV - [2010/06/03 18:33:14 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe -- (EmmaDevMgmtSvc)
SRV - [2010/05/07 13:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/05 21:44:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/01/08 10:35:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/02/01 18:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/01/17 22:14:01 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Freeloader Shared\Service\Freeloader Subscription Service File.exe -- (Freeloader Subscription Service)
SRV - [2007/01/08 16:08:10 | 000,094,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MA111nd5.sys -- (WlanUIB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PPPoEWin.SYS -- (PPPoEWin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Erich\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2010/07/06 11:15:22 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2009/11/08 00:01:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/06 09:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/06 09:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/03/30 16:32:20 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ETD.sys -- (ETD)
DRV - [2009/03/04 14:42:56 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/03/04 14:42:56 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/03/04 14:42:42 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/03/04 14:42:42 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/03/04 14:42:30 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/03/04 14:42:30 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/03/04 14:42:16 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/03/04 14:42:16 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/02/22 18:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/05/03 05:46:00 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 19:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/14 07:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/08/07 20:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/02/16 01:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/02/14 17:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2005/08/09 16:08:10 | 000,010,991 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2005/08/09 16:08:10 | 000,010,991 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2005/08/09 16:08:10 | 000,007,278 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005/04/01 23:43:14 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/03/31 17:13:34 | 000,016,640 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/03/31 17:13:32 | 000,146,684 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/03/31 17:13:32 | 000,052,856 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/03/31 17:13:32 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/03/31 17:13:30 | 001,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/03/05 17:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 17:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2004/02/24 04:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/03/25 18:50:46 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 16:14:46 | 000,049,024 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 18:19:08 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 16:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-2049760794-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://en-GB.start2....en-GB:official"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: [email protected]:2.21.3
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/28 17:55:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 09:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 09:41:38 | 000,000,000 | ---D | M]

[2008/09/05 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Extensions
[2008/09/05 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Extensions\[email protected]
[2010/08/01 11:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions
[2010/04/29 11:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/29 11:00:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/25 23:54:20 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010/04/18 18:10:13 | 000,000,000 | ---D | M] (Property Bee) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
[2010/06/07 14:39:28 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/07/24 12:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\[email protected]
[2010/07/24 12:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Mozilla\Firefox\Profiles\tysd4r3a.default\extensions\[email protected]
[2010/07/30 22:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 12:09:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/01/23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/22 16:17:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/22 16:17:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/22 16:17:48 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/22 16:17:48 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/01 18:16:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-776561741-2049760794-682003330-1003..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....015/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...rl/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aolsvc....kup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by21fd.bay21....es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1135809803691 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-phot...opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.planning...ImageUpload.dll (IlosoftImageUploadCtl Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15023/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Erich\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erich\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/27 16:04:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-776561741-2049760794-682003330-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/08/01 11:47:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/01 11:44:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/01 11:44:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/01 11:44:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/01 11:44:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/01 11:44:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/01 11:37:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/31 22:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\Malwarebytes
[2010/07/31 22:23:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/31 22:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/31 22:23:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/31 22:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/31 21:46:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/30 22:22:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Erich\Recent
[2010/07/30 00:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/07/29 23:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\PCFix
[2010/07/29 21:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/07/26 14:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\DoroPDFWriter
[2010/07/21 17:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/07/21 17:19:19 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2010/07/21 17:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995
[2010/07/16 11:32:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/16 01:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CADProfi
[2010/07/12 18:15:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegCure
[2010/07/12 18:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/07/12 14:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/07/11 16:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\XviD
[2010/07/07 16:24:45 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010/07/07 16:12:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\nvidia icons
[2010/07/07 16:07:16 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/07/01 13:01:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/06/21 10:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\My Documents\Defrag Reports
[2010/06/17 10:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint 5.5
[2010/06/15 01:38:35 | 000,000,000 | ---D | C] -- C:\_AcroTemp
[2010/06/15 00:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/06/15 00:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/06/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/06/10 02:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Local Settings\Application Data\Sony
[2010/06/10 02:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\My Documents\My Podcasts
[2010/06/10 02:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\My Documents\Media Go
[2010/06/10 02:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2010/06/10 02:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/06/10 02:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/06/10 02:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\Sony Setup
[2010/06/10 02:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\Sony
[2010/06/10 01:42:10 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010/06/10 01:42:10 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010/06/10 01:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Ericsson
[2010/06/10 01:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\My Documents\Sony Ericsson
[2010/06/10 01:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/06/10 01:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Local Settings\Application Data\Sony Ericsson
[2010/06/10 01:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010/06/10 01:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2010/05/14 23:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erich\Application Data\Smart PDF Creator
[2010/05/05 21:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Maxtor
[2010/05/04 17:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2007/04/09 13:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/03/27 17:19:52 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005/03/27 17:19:52 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/01 18:17:18 | 000,000,366 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/01 18:17:10 | 000,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/08/01 18:17:05 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-20011102}.CDF
[2010/08/01 18:17:05 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-20011102}.BAK
[2010/08/01 18:16:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/01 18:16:35 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/08/01 18:16:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/01 18:16:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/01 18:16:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/01 18:14:11 | 000,031,104 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/08/01 18:14:11 | 000,031,104 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/08/01 18:14:11 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/08/01 18:14:11 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/08/01 18:14:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2010/08/01 18:13:50 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\Erich\ntuser.dat
[2010/08/01 18:13:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Erich\ntuser.ini
[2010/08/01 11:47:41 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/01 11:39:00 | 006,106,936 | -H-- | M] () -- C:\Documents and Settings\Erich\Local Settings\Application Data\IconCache.db
[2010/08/01 11:37:01 | 003,748,898 | R--- | M] () -- C:\Documents and Settings\Erich\Desktop\ComboFix.exe
[2010/07/31 22:23:48 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/31 21:56:18 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/31 21:56:17 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/31 21:56:15 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/31 19:56:27 | 043,627,008 | ---- | M] () -- C:\Program Files\CIS_Setup.msi
[2010/07/30 22:21:31 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Erich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/29 22:51:33 | 000,006,548 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/07/26 15:00:34 | 000,159,014 | ---- | M] () -- C:\WINDOWS\System32\25 Tomlins Grove-b.pdf
[2010/07/24 11:51:39 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Maxtor Manager.lnk
[2010/07/21 17:27:10 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2010/07/21 17:27:10 | 000,000,025 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/07/21 17:27:09 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/07/12 18:16:23 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/12 18:15:59 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Erich\Desktop\RegCure Application.lnk
[2010/07/12 14:52:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010/07/08 11:30:00 | 000,054,808 | ---- | M] () -- C:\Documents and Settings\Erich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/07 23:02:45 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Erich\Desktop\CCleaner.lnk
[2010/07/06 11:15:22 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010/06/28 18:57:40 | 000,231,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/26 17:10:52 | 000,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/06/24 13:01:38 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/24 11:22:49 | 007,368,736 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/06/24 11:22:49 | 000,876,576 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/06/24 11:22:49 | 000,062,840 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/06/24 11:22:49 | 000,008,268 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/06/10 03:46:58 | 000,000,725 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/10 02:42:18 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk
[2010/06/10 01:45:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/06/10 01:45:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/06/10 01:45:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/06/10 01:24:33 | 000,001,853 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/06/04 01:03:19 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Erich\Desktop\SpywareBlaster.lnk
[2010/06/02 22:33:56 | 000,000,166 | ---- | M] () -- C:\WINDOWS\EnvironmentsDlg.ini
[2010/06/02 13:52:40 | 000,000,196 | ---- | M] () -- C:\WINDOWS\MaterialsDlg.ini
[2010/05/23 15:05:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/23 15:05:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/14 23:54:48 | 000,939,676 | ---- | M] () -- C:\WINDOWS\System32\SSPDFD
[2010/05/09 03:10:27 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Erich\Application Data\vso_ts_preview.xml
[2010/05/06 14:54:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/04 18:51:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Erich\Application Data\AVSDVDPlayer.m3u
[2010/05/04 18:11:00 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Erich\Desktop\MagicISO.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/01 11:47:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/01 11:47:37 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/01 11:44:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/01 11:44:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/01 11:44:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/01 11:44:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/01 11:44:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/01 11:37:01 | 003,748,898 | R--- | C] () -- C:\Documents and Settings\Erich\Desktop\ComboFix.exe
[2010/07/31 22:23:48 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/31 00:30:49 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-20011102}.BAK
[2010/07/30 00:14:25 | 043,627,008 | ---- | C] () -- C:\Program Files\CIS_Setup.msi
[2010/07/26 15:00:33 | 000,159,014 | ---- | C] () -- C:\WINDOWS\System32\25 Tomlins Grove-b.pdf
[2010/07/21 17:19:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/07/21 17:19:19 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/07/12 18:16:22 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/12 18:16:16 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/12 18:15:59 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\Erich\Desktop\RegCure Application.lnk
[2010/07/12 14:52:26 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010/07/07 14:32:14 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/07/07 14:32:14 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/07/07 14:32:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/07/07 14:32:13 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2010/07/07 14:32:12 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/07/07 14:32:11 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/07/07 14:32:09 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/07/07 14:32:00 | 000,018,070 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/07/07 14:31:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/07/07 14:31:36 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/07/01 13:07:45 | 000,006,548 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/06/10 02:42:18 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk
[2010/06/10 01:45:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/06/10 01:45:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/06/10 01:45:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/06/10 01:24:33 | 000,001,853 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/06/02 13:52:40 | 000,000,196 | ---- | C] () -- C:\WINDOWS\MaterialsDlg.ini
[2010/06/02 13:52:40 | 000,000,166 | ---- | C] () -- C:\WINDOWS\EnvironmentsDlg.ini
[2010/05/14 23:54:47 | 000,939,676 | ---- | C] () -- C:\WINDOWS\System32\SSPDFD
[2010/05/06 14:54:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/05 21:20:06 | 000,002,397 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Maxtor Manager.lnk
[2010/05/04 18:11:00 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Erich\Desktop\MagicISO.lnk
[2010/04/08 00:25:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/04/08 00:25:17 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2009/12/14 03:23:26 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2009/12/14 03:23:25 | 001,271,296 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2009/12/14 03:23:24 | 001,015,128 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2009/12/14 03:23:24 | 000,369,152 | ---- | C] () -- C:\WINDOWS\System32\cygfreetype-6.dll
[2009/12/14 03:23:24 | 000,176,640 | ---- | C] () -- C:\WINDOWS\System32\cygpng12.dll
[2009/11/05 22:32:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2009/04/02 18:53:49 | 000,054,060 | ---- | C] () -- C:\WINDOWS\nick.ini
[2009/04/02 18:53:49 | 000,030,848 | ---- | C] () -- C:\WINDOWS\servers.ini
[2009/04/02 18:53:49 | 000,028,000 | ---- | C] () -- C:\WINDOWS\ident.ini
[2009/04/02 18:53:49 | 000,006,365 | ---- | C] () -- C:\WINDOWS\isim.ini
[2009/04/02 18:53:49 | 000,006,365 | ---- | C] () -- C:\WINDOWS\email.ini
[2009/04/02 18:53:49 | 000,003,535 | ---- | C] () -- C:\WINDOWS\script1.ini
[2009/04/02 18:53:49 | 000,000,910 | ---- | C] () -- C:\WINDOWS\netdep.ini
[2009/04/02 18:53:49 | 000,000,840 | ---- | C] () -- C:\WINDOWS\script.ini
[2009/04/02 18:53:49 | 000,000,368 | ---- | C] () -- C:\WINDOWS\script2.ini
[2009/04/02 18:53:49 | 000,000,285 | ---- | C] () -- C:\WINDOWS\aliases.ini
[2009/04/02 18:53:49 | 000,000,111 | ---- | C] () -- C:\WINDOWS\perform.ini
[2009/04/02 18:53:49 | 000,000,090 | ---- | C] () -- C:\WINDOWS\dos.ini
[2009/04/02 18:53:49 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SCRNCAM.ini
[2009/04/02 18:53:49 | 000,000,016 | ---- | C] () -- C:\WINDOWS\tmon.ini
[2009/04/02 18:53:49 | 000,000,014 | ---- | C] () -- C:\WINDOWS\umon.ini
[2009/04/02 18:53:49 | 000,000,014 | ---- | C] () -- C:\WINDOWS\dmon.ini
[2009/04/02 18:53:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\one.ini
[2009/03/04 12:47:28 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008/09/21 00:19:01 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/08/13 20:45:02 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/07/01 18:03:15 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Ef.INI
[2007/04/23 13:15:16 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:32:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/02/05 23:50:02 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/05 23:50:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/24 00:04:40 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/11/08 00:52:22 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2006/11/08 00:52:22 | 000,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2006/11/08 00:52:22 | 000,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2006/11/08 00:52:22 | 000,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2006/11/08 00:52:22 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2006/10/02 17:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/07/15 16:02:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/29 22:47:07 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/31 20:40:51 | 000,000,048 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2006/05/22 23:40:51 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/05/22 23:34:57 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/05/22 19:43:00 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2005/08/28 12:32:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/05/01 22:58:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/25 20:19:33 | 000,000,674 | ---- | C] () -- C:\WINDOWS\CheckIt.INI
[2005/04/02 00:19:12 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2005/04/02 00:18:57 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2005/03/28 16:47:23 | 000,018,542 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/03/27 23:13:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/27 21:26:34 | 000,000,543 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/03/27 20:50:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/03/27 20:45:59 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2005/03/27 20:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/27 18:28:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2004/08/03 23:56:44 | 000,002,112 | ---- | C] () -- C:\WINDOWS\System32\b44itwnw.dll
[2004/03/31 17:13:32 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2004/03/31 17:13:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/03/31 17:13:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2004/03/31 17:13:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2004/03/31 17:13:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll
[2004/03/31 17:13:30 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2004/03/31 17:13:30 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/03/27 16:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 18:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2002/04/05 16:40:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/10/28 02:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2010/06/28 12:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IMSIDesign
[2010/06/26 12:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/07/12 13:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2005/03/27 16:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2010/06/10 01:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/07/16 01:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CADProfi
[2009/11/07 23:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/08 16:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/01/25 17:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2007/05/12 19:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/04/07 18:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSIDesign
[2010/04/08 15:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/02/23 17:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008/08/07 23:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/01/25 14:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/07/28 19:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/07/21 17:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/12/14 03:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/31 12:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/05 22:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2005/03/27 21:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/24 22:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2008/09/21 00:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/01/16 00:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2009/03/20 00:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/08 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 23:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 23:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/03 09:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\AltrixSoft
[2007/09/11 19:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Applied Acoustics Systems
[2010/05/26 00:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Audacity
[2010/07/12 13:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Autodesk
[2010/07/29 22:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\BitTorrent
[2008/09/28 17:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/04 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2009/09/12 18:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DAEMON Tools
[2009/09/12 18:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DAEMON Tools Lite
[2006/03/14 18:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DataLayer
[2008/06/19 00:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DeepBurner
[2009/11/05 20:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\DeviceDoctorSoftware
[2009/01/25 17:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\eBay
[2006/06/25 14:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Elaborate Bytes
[2007/06/18 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\FlashFXP
[2007/05/10 00:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\ImgBurn
[2010/04/07 18:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\IMSIDesign
[2005/04/02 14:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\IsolatedStorage
[2006/02/14 17:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Leadertech
[2007/06/21 23:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Learn2.com
[2007/05/08 20:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\MSNInstaller
[2008/07/27 17:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Nokia
[2008/08/07 23:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\NSeries
[2008/07/27 17:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\PC Suite
[2010/07/29 23:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\PCFix
[2008/02/05 22:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\SlySoft
[2010/05/14 23:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Smart PDF Creator
[2010/06/10 02:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Sony
[2010/06/10 02:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Sony Setup
[2006/06/15 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Steinberg
[2010/02/10 23:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\SystemRequirementsLab
[2008/09/05 22:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\TomTom
[2006/05/19 17:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\TrojanHunter
[2010/04/08 17:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Uniblue
[2009/08/24 22:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Virgin Broadband
[2010/05/02 23:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Vso
[2007/09/11 20:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\Waves Audio
[2008/01/25 19:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\WholeSecurity
[2010/04/08 00:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erich\Application Data\WinBatch
[2010/08/01 18:16:35 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/07/12 18:16:23 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99671BE2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD34FE88
< End of report >