Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Killer-Virus on my computer! As soon as I get to my desktop it res

Started by Pawanhammers , Aug 13 2010 03:47 PM

This topic is locked

#61
Pawanhammers

Posted 25 August 2010 - 09:53 AM

Member

Topic Starter
Member
248 posts

Explorer was done succesfully, here is the ComboFix log. ( Finally it worked

)

ComboFix 10-08-24.07 - Administrator 25/08/2010 15:14:09.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.833 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}
c:\documents and settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}\install.rdf
c:\documents and settings\All Users.\documents\settings
c:\windows\system32\AVSredirect.dll

c:\windows\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-25 13:57 . 2004-08-03 23:56 1032192 ----a-w- c:\windows\explorer.exe
2010-08-24 22:13 . 2010-08-25 13:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\cacaoweb
2010-08-24 22:13 . 2010-08-24 22:13 -------- d-----w- c:\program files\cacaoweb
2010-08-24 21:59 . 2010-08-24 21:59 -------- d-----w- c:\program files\Xvid
2010-08-24 21:59 . 2009-06-07 15:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-08-24 21:59 . 2009-06-07 15:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-08-24 20:21 . 2010-08-24 20:21 -------- d-----w- C:\_OTL
2010-08-24 10:49 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\6730422.sys
2010-08-24 10:49 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\67304221.sys
2010-08-23 11:43 . 2010-08-23 11:43 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-08-22 16:32 . 2010-08-22 16:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\STOPzilla!
2010-08-22 16:30 . 2010-08-22 16:35 -------- d-----w- c:\program files\STOPzilla!
2010-08-22 15:40 . 2010-08-22 15:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-22 15:40 . 2010-08-22 15:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-08-22 12:48 . 2010-08-22 12:35 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-08-22 12:33 . 2010-08-22 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-08-22 12:19 . 2010-08-22 12:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Xfire
2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\program files\Xfire
2010-08-20 16:32 . 2010-08-20 16:32 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-08-20 16:32 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-08-20 16:32 . 2010-08-20 16:32 -------- d-----w- c:\program files\Microsoft WSE
2010-08-19 16:37 . 2010-08-19 16:37 -------- d-----w- c:\program files\SlySoft
2010-08-19 16:32 . 2010-08-19 16:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canneverbe Limited
2010-08-19 16:32 . 2010-08-19 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-08-19 16:32 . 2009-11-12 13:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-19 16:31 . 2010-08-19 16:32 -------- d-----w- c:\program files\CDBurnerXP
2010-08-19 15:15 . 2010-08-19 15:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-08-18 19:52 . 2010-08-18 19:52 92280 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll
2010-08-18 17:21 . 2010-08-18 19:53 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-17 16:46 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-08-17 16:46 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-08-17 16:46 . 2010-08-17 16:46 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-17 16:44 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-08-17 16:44 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-08-17 16:44 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-08-17 16:44 . 2010-08-17 16:44 -------- d-----w- c:\program files\eRightSoft
2010-08-17 14:14 . 2010-08-17 14:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\LEAPS
2010-08-16 16:56 . 2010-08-16 16:56 1078 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{89D86886-A5D1-4BE5-8446-56D902C5F36D}\_6ABB0E4E16E74822673FD5.exe
2010-08-16 16:56 . 2010-08-16 16:56 -------- d-----w- c:\program files\Computer++
2010-08-16 16:08 . 2010-08-16 16:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
2010-08-16 16:01 . 2010-08-16 16:06 -------- d-----w- c:\program files\Reasonable NoClone 2007 Enterprise
2010-08-16 15:39 . 2010-08-16 16:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Reasonable Software House Ltd
2010-08-13 14:43 . 2010-08-13 14:49 -------- d-----w- c:\program files\CamStudio
2010-08-12 20:28 . 2010-08-12 20:33 -------- d-----w- C:\SSBB
2010-08-12 20:21 . 2010-08-12 20:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Conduit
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\DVDVideoSoftTB
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Application Data\Apple Computer
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Apple Computer
2010-08-11 18:05 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-11 18:05 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-11 18:04 . 2010-08-11 18:04 -------- d-----w- c:\program files\iPod
2010-08-11 18:03 . 2010-08-11 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-11 18:03 . 2010-08-11 18:05 -------- d-----w- c:\program files\iTunes
2010-08-11 18:01 . 2010-08-11 18:02 -------- d-----w- c:\program files\QuickTime
2010-08-11 17:58 . 2010-08-11 17:58 -------- d-----w- c:\program files\Apple Software Update
2010-08-11 17:56 . 2010-08-11 17:56 -------- d-----w- c:\program files\Bonjour
2010-08-11 14:39 . 2010-08-12 00:04 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\LogMeIn Hamachi
2010-08-11 14:39 . 2010-08-11 14:39 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Scansoft
2010-08-11 14:39 . 2010-08-11 14:39 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Adobe
2010-08-11 14:38 . 2010-08-12 00:02 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\TSVNCache
2010-08-11 14:38 . 2010-08-11 14:38 -------- d-----w- c:\documents and settings\Pawan\Application Data\PC Suite
2010-08-10 17:21 . 2010-08-10 18:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Audacity
2010-08-10 17:21 . 2010-08-10 17:21 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-08-06 10:00 . 2010-08-06 10:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Scansoft
2010-08-05 18:43 . 2010-08-05 18:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\SmartFTP
2010-08-05 18:42 . 2010-08-05 18:42 -------- d-----w- c:\program files\SmartFTP Client
2010-08-05 18:42 . 2010-08-05 18:42 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-08-05 15:23 . 2010-08-05 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-08-05 15:21 . 2010-08-18 20:14 -------- d-----w- c:\windows\speech
2010-08-04 15:14 . 2010-08-04 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MySQL
2010-08-04 15:12 . 2009-07-10 11:33 1589248 ----a-w- c:\windows\system32\libmysql_d.dll
2010-08-04 15:11 . 2010-08-04 15:11 -------- d-----w- c:\program files\PremiumSoft
2010-08-04 14:44 . 2010-08-04 16:20 -------- d-----w- c:\program files\MySQL
2010-08-04 00:01 . 2010-08-04 01:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\CoreFTP
2010-08-04 00:00 . 2010-08-04 00:00 -------- d-----w- c:\program files\CoreFTP
2010-08-03 19:40 . 2010-08-04 01:12 -------- d-----w- C:\wamp
2010-08-03 19:07 . 2010-08-03 19:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Vitalwerks
2010-08-03 19:06 . 2010-08-03 19:06 -------- d-----w- c:\program files\No-IP
2010-08-03 17:17 . 2009-12-19 23:00 -------- d---a-w- C:\xampp
2010-08-03 12:37 . 2010-08-03 12:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SkinSoft
2010-08-02 22:10 . 2010-08-25 13:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2010-08-02 22:06 . 2010-08-22 13:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
2010-08-02 22:06 . 2010-08-25 14:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-08-02 22:05 . 2010-08-02 22:05 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-08-02 21:42 . 2010-08-02 21:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\TortoiseSVN
2010-08-02 21:29 . 2010-08-02 21:29 -------- d-----w- c:\program files\TortoiseSVN
2010-08-02 21:29 . 2010-08-02 21:29 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-08-02 20:05 . 2010-05-23 16:50 73216 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-08-02 20:05 . 2010-04-18 13:33 172032 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-08-02 20:05 . 2010-04-18 13:33 307200 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-08-02 18:58 . 2010-08-02 18:58 187328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2010-08-02 17:56 . 2010-08-02 17:56 0 ----a-w- c:\documents and settings\Administrator\jagex__preferences3.dat
2010-08-02 17:56 . 2010-08-08 11:42 99 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2010-08-02 17:54 . 2010-08-08 11:42 46 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2010-08-02 17:54 . 2010-08-02 17:54 -------- d-----w- c:\windows\.jagex_cache_32
2010-08-02 12:43 . 2010-08-16 16:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2010-08-02 11:36 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-02 11:17 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-02 11:17 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-02 11:17 . 2010-06-28 20:39 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-08-02 11:17 . 2010-06-28 20:39 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-08-02 11:16 . 2010-06-28 20:38 188168 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-08-02 11:16 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-02 11:16 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-02 11:16 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-02 11:16 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-02 11:16 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-02 11:16 . 2010-01-09 20:22 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-08-02 11:16 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-02 11:15 . 2010-08-02 11:15 -------- d-----w- c:\program files\Alwil Software
2010-08-02 11:15 . 2010-08-02 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-02 10:21 . 2010-08-02 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2010-08-02 10:21 . 2010-08-02 10:21 -------- d-----w- c:\program files\Siber Systems
2010-08-01 20:23 . 2010-08-01 20:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-08-01 20:23 . 2010-08-01 20:23 -------- d-----w- c:\program files\DVDVideoSoft
2010-08-01 20:13 . 2010-08-02 09:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
2010-08-01 20:13 . 2010-08-02 09:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2010-08-01 20:13 . 2010-08-01 20:13 -------- d-----w- c:\program files\Conduit
2010-08-01 20:13 . 2010-08-01 20:13 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-08-01 16:11 . 2010-08-01 16:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lunascape
2010-08-01 16:08 . 2010-08-01 16:08 -------- d-----w- c:\program files\Lunascape
2010-08-01 12:43 . 2010-08-17 17:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-08-01 12:41 . 2010-08-01 12:41 -------- d-----w- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 20:21 . 2010-07-04 08:54 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-08-24 11:55 . 2008-04-14 07:00 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-08-24 11:40 . 2010-07-25 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-22 23:31 . 2010-04-12 09:41 76248 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-22 16:29 . 2010-04-12 12:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-21 12:21 . 2010-05-08 04:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Geaw
2010-08-20 21:40 . 2010-06-26 18:28 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-20 21:40 . 2010-06-26 18:28 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-20 21:40 . 2010-06-26 18:28 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-20 20:44 . 2010-06-26 18:28 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-08-20 20:44 . 2010-06-26 18:28 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-08-20 20:44 . 2010-04-12 09:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 13:15 . 2010-04-13 23:09 -------- d-----w- c:\program files\SpeedFan
2010-08-19 22:05 . 2010-04-22 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-19 10:56 . 2010-04-12 12:12 -------- d-----w- c:\program files\uTorrent
2010-08-18 20:07 . 2010-04-13 19:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-18 19:52 . 2010-06-27 15:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2010-08-17 15:40 . 2010-05-10 16:03 -------- d-----w- c:\program files\Pegasys Inc
2010-08-16 16:07 . 2010-04-12 22:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 21:17 . 2010-07-05 07:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Idki
2010-08-12 20:29 . 2010-04-27 17:24 -------- d-----w- c:\program files\JDownloader
2010-08-12 20:22 . 2010-07-19 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-08-11 21:31 . 2010-04-14 13:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-08-11 18:04 . 2010-04-12 22:04 -------- d-----w- c:\program files\Common Files\Apple
2010-08-11 18:03 . 2010-04-12 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-08 12:06 . 2010-06-01 16:58 60912 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-06 14:17 . 2010-05-22 18:52 -------- d-----w- c:\program files\Cheat Engine
2010-08-06 11:30 . 2010-08-05 16:03 2554 ----a-w- c:\documents and settings\Administrator\Application Data\SAS7_000.DAT
2010-08-05 15:22 . 2010-04-12 09:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 12:21 . 2010-06-01 22:37 -------- d-----w- c:\program files\Microsoft.NET
2010-08-02 18:57 . 2010-06-01 22:40 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-08-02 18:56 . 2010-06-01 22:37 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-21 15:30 . 2010-07-21 15:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-21 13:32 . 2010-07-21 13:32 -------- d-----w- c:\program files\Gadwin Systems
2010-07-20 17:19 . 2010-07-20 17:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-20 10:43 . 2010-06-06 18:24 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-19 21:02 . 2010-07-19 21:02 -------- d-----w- c:\program files\Adobe Media Player
2010-07-12 20:08 . 2010-06-01 13:37 -------- d-----w- c:\program files\EASEUS
2010-07-11 13:27 . 2010-05-07 15:52 -------- d-----w- c:\program files\PFConfig
2010-07-09 19:00 . 2010-07-09 19:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-08 18:07 . 2010-07-08 18:07 24448 ----a-w- c:\windows\system32\drivers\fnetthjm.sys
2010-07-05 18:32 . 2010-05-08 13:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\MessengerDiscovery 2
2010-07-04 12:45 . 2010-07-04 12:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2010-07-04 12:40 . 2010-07-04 12:18 -------- d-----w- c:\program files\Common Files\Nero
2010-07-04 12:38 . 2010-07-04 12:19 -------- d-----w- c:\program files\Nero
2010-07-04 12:24 . 2010-07-04 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-02 10:14 . 2010-07-02 10:14 -------- d-----w- c:\documents and settings\Pawan\Application Data\ESET
2010-06-29 20:06 . 2010-06-29 20:04 -------- d-----w- c:\program files\Ultra Mobile 3GP Video Converter
2010-06-29 20:04 . 2010-06-29 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2010-06-29 19:30 . 2010-06-26 18:27 -------- d-----w- c:\program files\EA Sports
2010-06-29 17:13 . 2010-06-29 17:13 -------- d-----w- c:\program files\Eurekr.com
2010-06-29 17:09 . 2010-06-29 17:09 -------- d-----w- c:\program files\Moyea
2010-06-27 15:46 . 2010-06-27 15:45 -------- d-----w- c:\program files\directx2
2010-06-27 15:41 . 2010-06-27 15:41 85504 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-06-26 21:41 . 2010-06-26 21:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers
2010-06-26 18:47 . 2010-06-26 18:47 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-06-26 18:28 . 2010-06-26 18:28 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-06-26 17:21 . 2010-06-26 17:20 -------- d-----w- c:\program files\Ahead
2010-06-26 17:20 . 2010-06-26 17:20 -------- d-----w- c:\program files\Common Files\Ahead
2010-06-21 09:46 . 2010-06-21 09:46 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-21 09:44 . 2010-04-30 16:46 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-21 09:44 . 2010-04-30 16:46 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-19 11:36 . 2010-06-19 11:36 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-06-19 11:28 . 2010-06-19 11:28 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-06-19 11:26 . 2010-06-19 11:26 1025 ----a-w- c:\windows\system32\clauth2.dll
2010-06-19 11:26 . 2010-06-19 11:26 1025 ----a-w- c:\windows\system32\clauth1.dll
2010-06-19 11:22 . 2010-06-19 11:22 0 ----a-w- C:\license.dat
2010-06-19 11:22 . 2010-06-19 11:22 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-06-19 11:22 . 2010-06-19 11:22 1025 ----a-w- c:\windows\system32\serauth2.dll
2010-06-19 11:22 . 2010-06-19 11:22 1025 ----a-w- c:\windows\system32\serauth1.dll
2010-06-13 15:21 . 2010-04-12 09:34 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-11 17:49 . 2010-04-12 09:32 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\AcrobatUpdater.exe
2010-06-02 03:55 . 2010-06-27 15:53 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 03:55 . 2010-06-27 15:53 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 03:55 . 2010-06-27 15:53 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-01 22:41 . 2010-06-01 22:41 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2006-05-03 09:06 . 2010-08-17 16:44 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-08-17 16:44 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-08-17 16:44 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2010-08-24 . 5A0927A6909608CB08223B39E71BA566 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 01:20 561552 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:59 153184 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetMeter"="c:\program files\HooTech\NetMeter\HooNetMeter.exe" [2008-12-05 577536]
"Gadwin PrintScreen Pro"="c:\program files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"cacaoweb"="c:\program files\cacaoweb\cacaoweb.exe" [2010-08-24 305152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WUSB54GPv4"="c:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AccuMark Startup Manager.lnk - c:\program files\Common Files\Gerber Technology\acmkmgr.exe [2007-5-24 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-09-04 12:16 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-05-14 13:48 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 14:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 14:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-07-21 16:32 87336 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [02/08/2010 12:16 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [02/08/2010 12:16 188168]
R1 67304221;67304221;c:\windows\system32\drivers\67304221.sys [24/08/2010 11:49 128016]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [02/08/2010 12:17 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/08/2010 12:17 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/08/2010 12:17 165456]
R1 setup_9.0.0.722_23.08.2010_03-48drv;setup_9.0.0.722_23.08.2010_03-48drv;c:\windows\system32\drivers\6730422.sys [24/08/2010 11:49 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/08/2010 12:17 17744]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [31/12/2008 11:34 60928]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
R2 WUSB54GPv4SVC;WUSB54GPv4SVC;c:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe [12/04/2010 10:57 41025]
S0 67304222;67304222 Boot Guard Driver;c:\windows\system32\DRIVERS\67304222.sys --> c:\windows\system32\DRIVERS\67304222.sys [?]
S0 bsgbqnm;bsgbqnm; [x]
S0 cerc6;cerc6; [x]
S1 anf0100.sys;anf0100.sys;\??\c:\windows\system32\drivers\anf0100.sys --> c:\windows\system32\drivers\anf0100.sys [?]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [02/08/2010 12:16 119200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [31/12/2008 11:34 20992]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2010 17:38 135664]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [06/06/2010 14:09 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [06/06/2010 14:09 8456]
S3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [08/07/2010 19:07 24448]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 10:25 30969208]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [14/11/2007 20:40 34448]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder

2010-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:38]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: {25DBCD76-5389-49D3-9105-8143B83B7ABD} = 192.168.5.1,192.168.5.2
TCP: {5DCD2949-AB0B-46A4-B485-088C96A91502} = 192.168.5.1,192.168.5.2
TCP: {85C70598-6A88-4C5A-A48D-24B0E46FAF36} = 192.168.5.1,192.168.5.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://blogtv.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 15:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "c:\program files\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?es??????????????????M?????????????l?M???M???????????M???M? ??|`??|????????????????( ??????Service Pack 3?????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2010-08-25 15:40:08
ComboFix-quarantined-files.txt 2010-08-25 14:40

Pre-Run: 6,793,367,552 bytes free
Post-Run: 6,742,376,448 bytes free

- - End Of File - - 4CD42AA76EB84F74A27902DFE5075C35

#62
Essexboy

Posted 25 August 2010 - 10:10 AM

GeekU Moderator

Retired Staff
69,964 posts

Getting there I believe- looks like you used a Vista explorer, OK one more file to replace - after this fix run then run an OTL scan to locate it. How is the system running now ?

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
c:\windows\system32\drivers\tcpip.sys|c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys /replace
c:\documents and settings\Administrator\Application Data\cacaoweb
c:\program files\cacaoweb

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

OTL

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
/md5start
winlogon.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

#63
Pawanhammers

Posted 25 August 2010 - 11:33 AM

Member

Topic Starter
Member
248 posts

Run OTL

* Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:Files
c:\windows\system32\drivers\tcpip.sys|c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys /replace
c:\documents and settings\Administrator\Application Data\cacaoweb
c:\program files\cacaoweb

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

* Then click the Run Fix button at the top

All processes killed
========== FILES ==========
File c:\windows\system32\drivers\tcpip.sys successfully replaced with c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
c:\documents and settings\Administrator\Application Data\cacaoweb folder moved successfully.
c:\program files\cacaoweb folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 80146 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61095290 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 46686208 bytes
->Flash cache emptied: 3708 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: Pawan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 103.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Pawan

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.10.0 log created on 08252010_175806

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

* Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

OTL logfile created on: 25/08/2010 18:04:49 - Run 3
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 6.35 Gb Free Space | 26.01% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 10.97 Gb Free Space | 85.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WIIWII
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/28 18:39:04 | 000,516,096 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
PRC - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Program Files\Dokan\DokanLibrary\mounter.exe
PRC - [2008/12/06 00:18:58 | 000,577,536 | ---- | M] (Hoo Technologies) -- C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
PRC - [2007/05/24 09:00:43 | 000,081,920 | ---- | M] (Gerber Technology, A Gerber Scientific Company) -- C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2004/10/14 13:17:28 | 001,443,840 | ---- | M] (Linksys) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/14 16:16:18 | 000,045,056 | ---- | M] () -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2002/03/22 05:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

========== Modules (SafeList) ==========

MOD - [2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/14 20:41:34 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\67304222.sys -- (67304222)
DRV - [2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 17:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/23 11:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 11:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 21:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\6730422.sys -- (setup_9.0.0.722_23.08.2010_03-48drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\67304221.sys -- (67304221)
DRV - [2009/09/01 17:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/22 21:09:16] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008/12/31 11:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 20:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 09:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 11:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 14:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 19:02:34 | 000,000,000 | ---D | M]

[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/24 23:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 21:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/24 23:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 09:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 21:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 21:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/24 23:09:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 13:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll

O1 HOSTS File: ([2010/08/25 17:58:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKCU..\Run: [cacaoweb] C:\Program Files\cacaoweb\cacaoweb.exe File not found
O4 - HKCU..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 10:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:12:43 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:12:44 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/08/25 17:29:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/24 22:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/08/24 21:52:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/24 21:52:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/24 21:52:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/24 21:52:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/24 21:49:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/24 21:21:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/24 19:29:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/24 11:49:04 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\6730422.sys
[2010/08/24 11:49:04 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\67304221.sys
[2010/08/24 11:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2010/08/23 20:35:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/23 12:43:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2010/08/23 01:12:43 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010/08/22 18:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/08/22 17:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2010/08/22 17:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/08/22 16:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/08/22 13:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/20 22:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Xfire
[2010/08/20 22:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/08/20 17:32:55 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/08/20 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/08/19 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/08/19 17:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/08/19 17:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/08/19 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/08/19 16:15:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/18 18:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/18 17:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Graphics Bypasser
[2010/08/18 14:11:12 | 000,095,232 | ---- | C] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/08/17 17:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/08/17 17:44:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/17 17:44:29 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/08/17 17:44:29 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/08/17 17:44:29 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/08/17 17:44:29 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/08/17 17:44:29 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/08/17 17:44:29 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/08/17 17:44:29 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/08/17 17:44:29 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/08/17 17:44:29 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/08/17 17:44:29 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/08/17 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/08/17 15:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TMPGEnc-2.525.64.184-EN-Free
[2010/08/17 15:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/16 18:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GCT GENARATOR
[2010/08/16 17:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Computer++
[2010/08/16 17:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
[2010/08/16 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reasonable NoClone 2007 Enterprise
[2010/08/16 16:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/16 16:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desktop
[2010/08/15 13:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/15 13:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/15 13:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/13 15:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 21:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 19:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 19:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 19:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 18:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/06 14:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 14:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 14:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 19:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 19:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 16:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/08/05 16:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/08/04 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 15:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/04 01:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/04 01:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 20:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 20:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 18:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 13:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 23:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 22:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 18:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 13:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 12:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 12:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 12:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 12:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 12:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 12:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 12:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 12:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 12:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 12:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 12:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 12:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 12:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/02 11:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/02 11:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 21:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 17:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 17:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 13:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 13:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/25 11:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 11:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2010/07/25 11:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/07/21 14:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PrintScreen Files
[2010/07/21 14:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2010/07/20 18:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/19 22:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/07/19 22:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/07/14 20:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/07/12 19:28:32 | 000,000,000 | ---D | C] -- C:\Games
[2010/07/08 19:07:01 | 000,024,448 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/05 08:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/07/04 13:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2010/07/04 13:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/04 13:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/07/04 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/07/04 13:16:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/04 09:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/07/04 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/07/04 09:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/02 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Movies
[2010/07/02 08:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/29 21:04:38 | 000,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\WINDOWS\System32\GplMpgDec.ax
[2010/06/29 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Mobile 3GP Video Converter
[2010/06/29 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/06/29 20:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTubeAssistant
[2010/06/29 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 07
[2010/06/29 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/06/29 18:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/06/29 18:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My YouTube
[2010/06/29 18:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Eurekr.com
[2010/06/29 18:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2010/06/27 16:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/27 16:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\directx2
[2010/06/27 16:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/27 16:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 08
[2010/06/26 22:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/06/26 22:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVDVideoSoft
[2010/06/26 20:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\EA SPORTS™ FIFA Online
[2010/06/26 19:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/06/26 19:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
[2010/06/26 19:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/06/26 19:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2010/06/26 19:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup
[2010/06/26 18:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2010/06/26 18:21:09 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/06/26 18:21:02 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/06/21 11:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\VStitcher
[2010/06/21 11:28:16 | 000,000,000 | ---D | C] -- C:\mm95
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\dxf
[2010/06/21 11:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dvd
[2010/06/21 11:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVD Flick
[2010/06/21 11:06:36 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2010/06/21 11:06:36 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/06/21 11:06:36 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010/06/21 11:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/06/21 10:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DivX Author
[2010/06/21 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/21 10:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer
[2010/06/21 10:36:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/21 10:16:57 | 000,000,000 | ---D | C] -- C:\LEGEND
[2010/06/19 12:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/06/19 12:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gerber Technology
[2010/06/19 12:18:29 | 000,000,000 | ---D | C] -- C:\userroot
[2010/06/19 12:07:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/06/19 11:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/06/14 20:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/06/14 20:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/06/13 16:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\RCLogon
[2010/06/11 20:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/06/11 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/06/11 19:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/11 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/06/11 18:59:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/11 18:55:24 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/06/11 18:53:51 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/11 16:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/11 16:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/11 16:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/11 16:14:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/10 20:34:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/06 19:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/06 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dokan
[2010/06/06 14:49:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/06 14:33:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/06 14:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/06/06 14:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2010/06/01 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/06/01 23:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/01 23:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/06/01 23:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/01 23:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/06/01 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/06/01 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/01 15:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/01 14:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/05/29 08:59:04 | 000,000,000 | ---D | C] -- C:\aircrack-ng-1.1-win
[2010/05/29 08:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi
[2010/05/28 17:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nonoh

========== Files - Modified Within 90 Days ==========

[2010/08/25 18:02:39 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:02:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 18:02:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 18:02:13 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 17:58:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/25 17:48:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 15:36:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/25 14:57:32 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/25 14:57:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/25 14:13:50 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Safari.lnk
[2010/08/24 23:13:44 | 000,305,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cacaoweb.exe
[2010/08/24 22:05:40 | 003,827,180 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/08/24 15:42:06 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinLogon.reg
[2010/08/23 00:31:12 | 000,076,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/22 17:54:26 | 003,589,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/22 16:48:11 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/22 16:40:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 13:24:16 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 22:40:15 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/20 22:21:55 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:44 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/08/20 21:44:23 | 000,000,267 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/08/20 16:46:06 | 000,001,117 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 22:54:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/19 22:51:52 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 18:03:55 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:09:26 | 680,366,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 12:41:36 | 000,024,599 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 20:55:18 | 000,095,232 | ---- | M] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 18:27:03 | 002,264,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:44:29 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 13:40:46 | 115,548,956 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/14 15:56:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 15:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/13 00:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 13:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 12:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 12:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 12:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 11:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 17:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 00:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 13:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 13:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 13:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 18:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 16:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 12:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 17:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/19 22:16:54 | 000,087,607 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/15 18:01:32 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/12 20:30:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/07/12 20:30:37 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/07/11 15:13:18 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/04 13:20:37 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/07/01 09:08:24 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/26 19:28:00 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/21 11:45:07 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/21 11:45:06 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/21 11:31:02 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/21 11:30:57 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:57:16 | 000,000,607 | ---- | M] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/21 10:35:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:58:11 | 000,008,430 | ---- | M] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:28:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:24:02 | 000,000,054 | ---- | M] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | M] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:20:51 | 000,001,398 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 19:01:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/11 18:57:49 | 000,023,553 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/11 18:52:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/11 18:52:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/11 18:52:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/11 18:49:31 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/11 18:39:17 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:14:41 | 000,226,555 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/05/29 09:14:52 | 000,012,442 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk

========== Files Created - No Company Name ==========

[2010/08/24 23:13:39 | 000,305,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cacaoweb.exe
[2010/08/24 22:59:39 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/24 22:59:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/24 21:52:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/24 21:52:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/24 21:52:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/24 21:52:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/24 21:48:11 | 003,827,180 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/08/24 15:42:06 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinLogon.reg
[2010/08/24 12:38:53 | 1340,133,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/22 16:40:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 14:55:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/20 22:21:55 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:22 | 000,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/08/20 16:44:30 | 000,001,117 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 18:52:16 | 680,366,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 17:37:28 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:32:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 12:41:36 | 000,024,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/17 18:26:44 | 002,264,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:44:29 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/08/17 17:44:29 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/08/17 17:44:29 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/08/17 17:44:29 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/08/17 17:44:29 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/08/17 17:44:29 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/08/17 17:44:29 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/08/17 17:44:29 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/08/17 17:44:29 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 14:52:03 | 115,548,956 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/14 15:56:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/13 00:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 14:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 17:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 16:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/04 00:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 18:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 18:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 17:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/19 22:16:53 | 000,087,607 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/11 15:13:18 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/02 19:05:24 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/07/01 08:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 21:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 21:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/06/26 22:09:45 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/06/26 19:28:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 19:28:17 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/26 19:28:03 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/06/26 19:28:01 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/06/26 19:28:00 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/26 18:22:05 | 000,002,345 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/06/21 11:30:57 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 12:55:21 | 000,008,430 | ---- | C] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 12:33:35 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\A870.sentinel
[2010/06/19 12:28:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:26:18 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/19 12:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | C] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:22:36 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/19 12:22:36 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/19 12:20:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 18:56:07 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/06/11 18:55:15 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/11 18:54:45 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/06/11 18:54:44 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/11 18:54:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/11 18:54:33 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/11 18:54:31 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/11 18:54:21 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/11 18:54:16 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/11 18:54:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/06/11 18:53:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/11 18:53:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/06/11 18:53:46 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/06/11 18:53:45 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/06/11 18:51:40 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:39:17 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:38:39 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/11 18:38:39 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/11 18:38:39 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/06/11 18:38:39 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/06/11 18:38:39 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/11 18:38:39 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/06/11 18:38:39 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/06/11 18:38:39 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/06/11 18:38:39 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/06/11 18:38:39 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/06/11 18:38:39 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/11 18:38:39 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/06/11 18:38:39 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/06/11 18:38:39 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/11 18:38:39 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/11 18:38:38 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/06/11 18:38:38 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/06/11 18:38:38 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/06/06 14:33:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/06/06 14:09:48 | 001,718,912 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/06/06 14:09:48 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/06/06 14:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 14:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 14:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/06/01 17:58:53 | 000,060,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/01 17:38:29 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/01 17:38:28 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Safari.lnk
[2010/05/29 09:14:52 | 000,012,442 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
[2010/05/22 19:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 14:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/03 15:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 22:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 21:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/14 17:41:02 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 11:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 10:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 10:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/11/05 23:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2008/12/31 11:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2007/11/14 20:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 18:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/08/10 19:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/07/04 09:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/09 14:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2010/08/19 17:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/07/20 18:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/04 02:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/06/26 22:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/04/12 10:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/04/13 11:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/08/21 13:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Geaw
[2010/05/09 12:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GeoVid
[2010/06/29 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/05/02 20:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HTNetMeter
[2010/08/15 22:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/05/22 12:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/08/17 15:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/01 17:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/05/16 17:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2010/07/05 19:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MessengerDiscovery 2
[2010/05/01 21:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/05/01 21:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
[2010/05/28 17:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/05/01 21:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/21 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2010/05/27 18:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/08/16 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/12 21:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/22 17:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/18 20:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/21 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/14 20:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/08/22 17:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/08/02 12:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/19 17:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/06/21 11:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/04/12 12:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2010/04/12 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010/05/01 21:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/01 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/04 16:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/05/01 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/12 21:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/02 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/05/23 11:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/05/02 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/08/22 17:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/23 11:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/08/11 19:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========

< End of report >

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Select All Users
* Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
/md5start
winlogon.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

OTL logfile created on: 25/08/2010 18:17:54 - Run 4
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 6.34 Gb Free Space | 25.98% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 10.97 Gb Free Space | 85.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WIIWII
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/28 18:39:04 | 000,516,096 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
PRC - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Program Files\Dokan\DokanLibrary\mounter.exe
PRC - [2008/12/06 00:18:58 | 000,577,536 | ---- | M] (Hoo Technologies) -- C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
PRC - [2007/05/24 09:00:43 | 000,081,920 | ---- | M] (Gerber Technology, A Gerber Scientific Company) -- C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2004/10/14 13:17:28 | 001,443,840 | ---- | M] (Linksys) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/14 16:16:18 | 000,045,056 | ---- | M] () -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2002/03/22 05:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

========== Modules (SafeList) ==========

MOD - [2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/14 20:41:34 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\67304222.sys -- (67304222)
DRV - [2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 17:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/23 11:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 11:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 21:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\6730422.sys -- (setup_9.0.0.722_23.08.2010_03-48drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\67304221.sys -- (67304221)
DRV - [2009/09/01 17:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/22 21:09:16] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008/12/31 11:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 20:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 09:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 11:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 14:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 19:02:34 | 000,000,000 | ---D | M]

[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/24 23:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 21:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/24 23:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 09:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 21:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 21:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/24 23:09:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 13:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll

O1 HOSTS File: ([2010/08/25 17:58:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [cacaoweb] C:\Program Files\cacaoweb\cacaoweb.exe File not found
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 10:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:12:43 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:12:44 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-602162358-1500820517-682003330-500\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/25 17:29:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/24 22:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/08/24 21:52:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/24 21:52:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/24 21:52:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/24 21:52:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/24 21:49:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/24 21:21:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/24 19:29:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/24 11:49:04 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\6730422.sys
[2010/08/24 11:49:04 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\67304221.sys
[2010/08/24 11:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2010/08/23 20:35:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/23 12:43:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2010/08/23 01:12:43 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010/08/22 18:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/08/22 17:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2010/08/22 17:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/08/22 16:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/08/22 13:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/20 22:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Xfire
[2010/08/20 22:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/08/20 17:32:55 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/08/20 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/08/19 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/08/19 17:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/08/19 17:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/08/19 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/08/19 16:15:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/18 18:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/18 17:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Graphics Bypasser
[2010/08/18 14:11:12 | 000,095,232 | ---- | C] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/08/17 17:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/08/17 17:44:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/17 17:44:29 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/08/17 17:44:29 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/08/17 17:44:29 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/08/17 17:44:29 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/08/17 17:44:29 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/08/17 17:44:29 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/08/17 17:44:29 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/08/17 17:44:29 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/08/17 17:44:29 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/08/17 17:44:29 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/08/17 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/08/17 15:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TMPGEnc-2.525.64.184-EN-Free
[2010/08/17 15:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/16 18:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GCT GENARATOR
[2010/08/16 17:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Computer++
[2010/08/16 17:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
[2010/08/16 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reasonable NoClone 2007 Enterprise
[2010/08/16 16:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/16 16:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desktop
[2010/08/15 13:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/15 13:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/15 13:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/13 15:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 21:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 19:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 19:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 19:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 18:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/06 14:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 14:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 14:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 19:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 19:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 16:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/08/05 16:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/08/04 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 15:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/04 01:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/04 01:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 20:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 20:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 18:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 13:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 23:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 22:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 18:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 13:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 12:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 12:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 12:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 12:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 12:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 12:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 12:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 12:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 12:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 12:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 12:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 12:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 12:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/02 11:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/02 11:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 21:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 17:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 17:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 13:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 13:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/25 11:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 11:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2010/07/25 11:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/07/21 14:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PrintScreen Files
[2010/07/21 14:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2010/07/20 18:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/19 22:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/07/19 22:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/07/14 20:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/07/12 19:28:32 | 000,000,000 | ---D | C] -- C:\Games
[2010/07/08 19:07:01 | 000,024,448 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/05 08:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/07/04 13:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2010/07/04 13:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/04 13:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/07/04 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/07/04 13:16:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/04 09:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/07/04 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/07/04 09:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/02 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Movies
[2010/07/02 08:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/29 21:04:38 | 000,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\WINDOWS\System32\GplMpgDec.ax
[2010/06/29 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Mobile 3GP Video Converter
[2010/06/29 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/06/29 20:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTubeAssistant
[2010/06/29 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 07
[2010/06/29 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/06/29 18:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/06/29 18:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My YouTube
[2010/06/29 18:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Eurekr.com
[2010/06/29 18:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2010/06/27 16:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/27 16:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\directx2
[2010/06/27 16:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/27 16:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 08
[2010/06/26 22:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/06/26 22:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVDVideoSoft
[2010/06/26 20:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\EA SPORTS™ FIFA Online
[2010/06/26 19:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/06/26 19:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
[2010/06/26 19:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/06/26 19:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2010/06/26 19:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup
[2010/06/26 18:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2010/06/26 18:21:09 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/06/26 18:21:02 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/06/21 11:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\VStitcher
[2010/06/21 11:28:16 | 000,000,000 | ---D | C] -- C:\mm95
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\dxf
[2010/06/21 11:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dvd
[2010/06/21 11:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVD Flick
[2010/06/21 11:06:36 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2010/06/21 11:06:36 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/06/21 11:06:36 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010/06/21 11:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/06/21 10:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DivX Author
[2010/06/21 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/21 10:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer
[2010/06/21 10:36:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/21 10:16:57 | 000,000,000 | ---D | C] -- C:\LEGEND
[2010/06/19 12:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/06/19 12:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gerber Technology
[2010/06/19 12:18:29 | 000,000,000 | ---D | C] -- C:\userroot
[2010/06/19 12:07:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/06/19 11:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/06/14 20:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/06/14 20:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/06/13 16:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\RCLogon
[2010/06/11 20:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/06/11 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/06/11 19:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/11 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/06/11 18:59:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/11 18:55:24 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/06/11 18:53:51 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/11 16:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/11 16:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/11 16:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/11 16:14:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/10 20:34:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/06 19:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/06 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dokan
[2010/06/06 14:49:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/06 14:33:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/06 14:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/06/06 14:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2010/06/01 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/06/01 23:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/01 23:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/06/01 23:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/01 23:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/06/01 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/06/01 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/01 15:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/01 14:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/05/29 08:59:04 | 000,000,000 | ---D | C] -- C:\aircrack-ng-1.1-win
[2010/05/29 08:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi
[2010/05/28 17:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nonoh

========== Files - Modified Within 90 Days ==========

[2010/08/25 18:02:39 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:02:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 18:02:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 18:02:13 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 17:58:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/25 17:48:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 15:36:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/25 14:57:32 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/25 14:57:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/25 14:13:50 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Safari.lnk
[2010/08/24 23:13:44 | 000,305,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cacaoweb.exe
[2010/08/24 22:05:40 | 003,827,180 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/08/24 15:42:06 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinLogon.reg
[2010/08/23 00:31:12 | 000,076,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/22 17:54:26 | 003,589,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/22 16:48:11 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/22 16:40:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 13:24:16 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 22:40:15 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/20 22:21:55 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:44 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/08/20 21:44:23 | 000,000,267 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/08/20 16:46:06 | 000,001,117 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 22:54:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/19 22:51:52 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 18:03:55 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:09:26 | 680,366,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 12:41:36 | 000,024,599 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 20:55:18 | 000,095,232 | ---- | M] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 18:27:03 | 002,264,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:44:29 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 13:40:46 | 115,548,956 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/14 15:56:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 15:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/13 00:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 13:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 12:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 12:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 12:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 11:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 17:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 00:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 13:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 13:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 13:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 18:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 16:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 12:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 17:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/19 22:16:54 | 000,087,607 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/15 18:01:32 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/12 20:30:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/07/12 20:30:37 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/07/11 15:13:18 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/04 13:20:37 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/07/01 09:08:24 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/26 19:28:00 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/21 11:45:07 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/21 11:45:06 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/21 11:31:02 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/21 11:30:57 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:57:16 | 000,000,607 | ---- | M] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/21 10:35:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:58:11 | 000,008,430 | ---- | M] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:28:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:24:02 | 000,000,054 | ---- | M] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | M] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:20:51 | 000,001,398 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 19:01:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/11 18:57:49 | 000,023,553 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/11 18:52:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/11 18:52:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/11 18:52:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/11 18:49:31 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/11 18:39:17 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:14:41 | 000,226,555 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/05/29 09:14:52 | 000,012,442 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk

========== Files Created - No Company Name ==========

[2010/08/24 23:13:39 | 000,305,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cacaoweb.exe
[2010/08/24 22:59:39 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/24 22:59:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/24 21:52:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/24 21:52:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/24 21:52:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/24 21:52:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/24 21:48:11 | 003,827,180 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/08/24 15:42:06 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinLogon.reg
[2010/08/24 12:38:53 | 1340,133,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/22 16:40:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 14:55:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/20 22:21:55 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:22 | 000,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/08/20 16:44:30 | 000,001,117 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 18:52:16 | 680,366,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 17:37:28 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:32:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 12:41:36 | 000,024,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/17 18:26:44 | 002,264,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:44:29 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/08/17 17:44:29 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/08/17 17:44:29 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/08/17 17:44:29 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/08/17 17:44:29 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/08/17 17:44:29 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/08/17 17:44:29 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/08/17 17:44:29 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/08/17 17:44:29 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 14:52:03 | 115,548,956 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/14 15:56:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/13 00:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 14:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 17:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 16:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/04 00:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 18:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 18:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 17:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/19 22:16:53 | 000,087,607 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/11 15:13:18 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/02 19:05:24 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/07/01 08:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 21:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 21:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/06/26 22:09:45 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/06/26 19:28:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 19:28:17 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/26 19:28:03 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/06/26 19:28:01 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/06/26 19:28:00 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/26 18:22:05 | 000,002,345 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/06/21 11:30:57 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 12:55:21 | 000,008,430 | ---- | C] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 12:33:35 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\A870.sentinel
[2010/06/19 12:28:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:26:18 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/19 12:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | C] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:22:36 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/19 12:22:36 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/19 12:20:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 18:56:07 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/06/11 18:55:15 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/11 18:54:45 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/06/11 18:54:44 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/11 18:54:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/11 18:54:33 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/11 18:54:31 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/11 18:54:21 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/11 18:54:16 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/11 18:54:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/06/11 18:53:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/11 18:53:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/06/11 18:53:46 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/06/11 18:53:45 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/06/11 18:51:40 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:39:17 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:38:39 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/11 18:38:39 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/11 18:38:39 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/06/11 18:38:39 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/06/11 18:38:39 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/11 18:38:39 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/06/11 18:38:39 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/06/11 18:38:39 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/06/11 18:38:39 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/06/11 18:38:39 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/06/11 18:38:39 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/11 18:38:39 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/06/11 18:38:39 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/06/11 18:38:39 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/11 18:38:39 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/11 18:38:38 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/06/11 18:38:38 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/06/11 18:38:38 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/06/06 14:33:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/06/06 14:09:48 | 001,718,912 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/06/06 14:09:48 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/06/06 14:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 14:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 14:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/06/01 17:58:53 | 000,060,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/01 17:38:29 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/01 17:38:28 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Safari.lnk
[2010/05/29 09:14:52 | 000,012,442 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
[2010/05/22 19:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 14:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/03 15:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 22:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 21:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/14 17:41:02 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 11:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 10:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 10:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/11/05 23:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2008/12/31 11:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2007/11/14 20:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 18:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/08/10 19:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/07/04 09:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/09 14:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2010/08/19 17:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/07/20 18:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/04 02:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/06/26 22:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/04/12 10:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/04/13 11:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/08/21 13:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Geaw
[2010/05/09 12:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GeoVid
[2010/06/29 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/05/02 20:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HTNetMeter
[2010/08/15 22:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/05/22 12:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/08/17 15:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/01 17:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/05/16 17:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2010/07/05 19:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MessengerDiscovery 2
[2010/05/01 21:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/05/01 21:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
[2010/05/28 17:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/05/01 21:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/21 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2010/05/27 18:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/08/16 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/12 21:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/22 17:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/18 20:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/21 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/14 20:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/08/22 17:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/08/02 12:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/19 17:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/06/21 11:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/04/12 12:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2010/04/12 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010/05/01 21:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/01 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/04 16:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/05/01 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/12 21:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/02 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/05/23 11:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/05/02 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/08/22 17:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/23 11:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/08/11 19:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/24 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Nokia
[2010/07/02 11:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\ESET
[2010/08/11 15:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\PC Suite

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/06/13 14:09:38 | 000,000,195 | ---- | M] () -- C:\AllClassEditor.txt
[2010/04/12 10:35:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/12 20:30:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/08/25 15:40:10 | 000,041,552 | ---- | M] () -- C:\ComboFix.txt
[2010/07/12 20:30:37 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/05/09 12:52:57 | 000,002,192 | ---- | M] () -- C:\dvdlog.txt
[2010/08/15 13:03:08 | 000,003,855 | ---- | M] () -- C:\fix.txt
[2010/04/30 22:28:06 | 000,000,510 | ---- | M] () -- C:\graph.txt
[2010/08/25 18:02:13 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/12 10:35:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/27 17:58:15 | 000,000,000 | ---- | M] () -- C:\ipaddresses.txt
[2010/06/19 12:22:38 | 000,000,000 | ---- | M] () -- C:\license.dat
[2010/08/15 21:09:42 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/08/17 18:56:03 | 000,054,504 | ---- | M] () -- C:\MP4debug.log
[2010/04/12 10:35:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/25 18:02:10 | 2013,265,920 | -HS- | M] () -- C:\pagefile.sys
[2010/08/14 21:22:42 | 000,001,049 | ---- | M] () -- C:\scan.txt
[2010/05/27 18:33:22 | 000,000,281 | ---- | M] () -- C:\Untitled.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/06/11 18:52:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/01/31 16:04:10 | 000,051,840 | R--- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OPLAPP3.DLL
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/04/24 20:04:30 | 000,001,530 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/06/11 19:36:45 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/11 18:27:25 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/06/11 19:36:45 | 029,884,416 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/11 19:36:47 | 008,650,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/06/11 18:53:03 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/11 19:01:19 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/04/12 10:40:36 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/08/24 23:13:44 | 000,305,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cacaoweb.exe
[2010/08/24 22:05:40 | 003,827,180 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/08/18 20:55:18 | 000,095,232 | ---- | M] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2010/07/01 14:37:50 | 000,908,248 | ---- | M] (Mozilla Corporation) MD5=230EC324D37DFB594B8FF296D239423E -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2008/04/14 08:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< MD5 for: WINLOGON.EXE >
[2010/08/24 12:55:22 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=5A0927A6909608CB08223B39E71BA566 -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-11 22:37:24
< End of report >

There was no extras.txt, not sure why.

Edited by Pawanhammers, 25 August 2010 - 11:36 AM.

#64
Essexboy

Posted 25 August 2010 - 12:17 PM

GeekU Moderator

Retired Staff
69,964 posts

No winlogon either - you only get the extras on the first run

OK we now need a copy of winlogon - could you take it from your other computer and this time place it at C:\winlogon.exe

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Fcopy:
C:\winlogin.exe|c:\windows\system32\winlogon.exe

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new OTListit log.

#65
Pawanhammers

Posted 25 August 2010 - 03:14 PM

Member

Topic Starter
Member
248 posts

A new OTListit log.

What OTL log?
I moved winlogon.exe from an XP computer to C:\ before Combo. Also I didn't understand when you said a 'explorer.exe' from vista, it was copied from a XP system.
Here is the Combo log;
ComboFix 10-08-24.07 - Administrator 25/08/2010 21:39:18.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.759 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\winlogon.exe

c:\windows\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-25 13:57 . 2004-08-03 23:56 1032192 ----a-w- c:\windows\explorer.exe
2010-08-24 21:59 . 2010-08-24 21:59 -------- d-----w- c:\program files\Xvid
2010-08-24 21:59 . 2009-06-07 15:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-08-24 21:59 . 2009-06-07 15:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-08-24 20:21 . 2010-08-24 20:21 -------- d-----w- C:\_OTL
2010-08-24 10:49 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\6730422.sys
2010-08-24 10:49 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\67304221.sys
2010-08-23 11:43 . 2010-08-23 11:43 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-08-22 16:32 . 2010-08-22 16:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\STOPzilla!
2010-08-22 16:30 . 2010-08-22 16:35 -------- d-----w- c:\program files\STOPzilla!
2010-08-22 15:40 . 2010-08-22 15:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-22 15:40 . 2010-08-22 15:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-08-22 12:48 . 2010-08-22 12:35 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-08-22 12:33 . 2010-08-22 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-08-22 12:19 . 2010-08-22 12:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Xfire
2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\program files\Xfire
2010-08-20 16:32 . 2010-08-20 16:32 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-08-20 16:32 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-08-20 16:32 . 2010-08-20 16:32 -------- d-----w- c:\program files\Microsoft WSE
2010-08-19 16:37 . 2010-08-19 16:37 -------- d-----w- c:\program files\SlySoft
2010-08-19 16:32 . 2010-08-19 16:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canneverbe Limited
2010-08-19 16:32 . 2010-08-19 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-08-19 16:32 . 2009-11-12 13:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-19 16:31 . 2010-08-19 16:32 -------- d-----w- c:\program files\CDBurnerXP
2010-08-19 15:15 . 2010-08-19 15:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-08-18 19:52 . 2010-08-18 19:52 92280 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll
2010-08-18 17:21 . 2010-08-18 19:53 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-17 16:46 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-08-17 16:46 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-08-17 16:46 . 2010-08-17 16:46 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-17 16:44 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-08-17 16:44 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-08-17 16:44 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-08-17 16:44 . 2010-08-17 16:44 -------- d-----w- c:\program files\eRightSoft
2010-08-17 14:14 . 2010-08-17 14:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\LEAPS
2010-08-16 16:56 . 2010-08-16 16:56 1078 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{89D86886-A5D1-4BE5-8446-56D902C5F36D}\_6ABB0E4E16E74822673FD5.exe
2010-08-16 16:56 . 2010-08-16 16:56 -------- d-----w- c:\program files\Computer++
2010-08-16 16:08 . 2010-08-16 16:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
2010-08-16 16:01 . 2010-08-16 16:06 -------- d-----w- c:\program files\Reasonable NoClone 2007 Enterprise
2010-08-16 15:39 . 2010-08-16 16:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Reasonable Software House Ltd
2010-08-13 14:43 . 2010-08-13 14:49 -------- d-----w- c:\program files\CamStudio
2010-08-12 20:28 . 2010-08-12 20:33 -------- d-----w- C:\SSBB
2010-08-12 20:21 . 2010-08-12 20:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Conduit
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\DVDVideoSoftTB
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Application Data\Apple Computer
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Apple Computer
2010-08-11 18:05 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-11 18:05 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-11 18:04 . 2010-08-11 18:04 -------- d-----w- c:\program files\iPod
2010-08-11 18:03 . 2010-08-11 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-11 18:03 . 2010-08-11 18:05 -------- d-----w- c:\program files\iTunes
2010-08-11 18:01 . 2010-08-11 18:02 -------- d-----w- c:\program files\QuickTime
2010-08-11 17:58 . 2010-08-11 17:58 -------- d-----w- c:\program files\Apple Software Update
2010-08-11 17:56 . 2010-08-11 17:56 -------- d-----w- c:\program files\Bonjour
2010-08-11 14:39 . 2010-08-12 00:04 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\LogMeIn Hamachi
2010-08-11 14:39 . 2010-08-11 14:39 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Scansoft
2010-08-11 14:39 . 2010-08-11 14:39 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Adobe
2010-08-11 14:38 . 2010-08-12 00:02 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\TSVNCache
2010-08-11 14:38 . 2010-08-11 14:38 -------- d-----w- c:\documents and settings\Pawan\Application Data\PC Suite
2010-08-10 17:21 . 2010-08-10 18:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Audacity
2010-08-10 17:21 . 2010-08-10 17:21 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-08-06 10:00 . 2010-08-06 10:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Scansoft
2010-08-05 18:43 . 2010-08-05 18:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\SmartFTP
2010-08-05 18:42 . 2010-08-05 18:42 -------- d-----w- c:\program files\SmartFTP Client
2010-08-05 18:42 . 2010-08-05 18:42 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-08-05 15:23 . 2010-08-05 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-08-05 15:21 . 2010-08-18 20:14 -------- d-----w- c:\windows\speech
2010-08-04 15:14 . 2010-08-04 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MySQL
2010-08-04 15:12 . 2009-07-10 11:33 1589248 ----a-w- c:\windows\system32\libmysql_d.dll
2010-08-04 15:11 . 2010-08-04 15:11 -------- d-----w- c:\program files\PremiumSoft
2010-08-04 14:44 . 2010-08-04 16:20 -------- d-----w- c:\program files\MySQL
2010-08-04 00:01 . 2010-08-04 01:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\CoreFTP
2010-08-04 00:00 . 2010-08-04 00:00 -------- d-----w- c:\program files\CoreFTP
2010-08-03 19:40 . 2010-08-04 01:12 -------- d-----w- C:\wamp
2010-08-03 19:07 . 2010-08-03 19:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Vitalwerks
2010-08-03 19:06 . 2010-08-03 19:06 -------- d-----w- c:\program files\No-IP
2010-08-03 17:17 . 2009-12-19 23:00 -------- d---a-w- C:\xampp
2010-08-03 12:37 . 2010-08-03 12:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SkinSoft
2010-08-02 22:10 . 2010-08-25 20:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2010-08-02 22:06 . 2010-08-22 13:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
2010-08-02 22:06 . 2010-08-25 21:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-08-02 22:05 . 2010-08-02 22:05 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-08-02 21:42 . 2010-08-02 21:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\TortoiseSVN
2010-08-02 21:29 . 2010-08-02 21:29 -------- d-----w- c:\program files\TortoiseSVN
2010-08-02 21:29 . 2010-08-02 21:29 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-08-02 20:05 . 2010-05-23 16:50 73216 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-08-02 20:05 . 2010-04-18 13:33 172032 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-08-02 20:05 . 2010-04-18 13:33 307200 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-08-02 18:58 . 2010-08-02 18:58 187328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2010-08-02 17:56 . 2010-08-02 17:56 0 ----a-w- c:\documents and settings\Administrator\jagex__preferences3.dat
2010-08-02 17:56 . 2010-08-08 11:42 99 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2010-08-02 17:54 . 2010-08-08 11:42 46 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2010-08-02 17:54 . 2010-08-02 17:54 -------- d-----w- c:\windows\.jagex_cache_32
2010-08-02 12:43 . 2010-08-16 16:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2010-08-02 11:36 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-02 11:17 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-02 11:17 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-02 11:17 . 2010-06-28 20:39 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-08-02 11:17 . 2010-06-28 20:39 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-08-02 11:16 . 2010-06-28 20:38 188168 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-08-02 11:16 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-02 11:16 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-02 11:16 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-02 11:16 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-02 11:16 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-02 11:16 . 2010-01-09 20:22 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-08-02 11:16 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-02 11:15 . 2010-08-02 11:15 -------- d-----w- c:\program files\Alwil Software
2010-08-02 11:15 . 2010-08-02 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-02 10:21 . 2010-08-02 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2010-08-02 10:21 . 2010-08-02 10:21 -------- d-----w- c:\program files\Siber Systems
2010-08-01 20:23 . 2010-08-01 20:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-08-01 20:23 . 2010-08-01 20:23 -------- d-----w- c:\program files\DVDVideoSoft
2010-08-01 20:13 . 2010-08-02 09:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
2010-08-01 20:13 . 2010-08-02 09:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2010-08-01 20:13 . 2010-08-01 20:13 -------- d-----w- c:\program files\Conduit
2010-08-01 20:13 . 2010-08-01 20:13 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-08-01 16:11 . 2010-08-01 16:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lunascape
2010-08-01 16:08 . 2010-08-01 16:08 -------- d-----w- c:\program files\Lunascape
2010-08-01 12:43 . 2010-08-17 17:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-08-01 12:41 . 2010-08-01 12:41 -------- d-----w- c:\program files\VideoLAN
2010-08-01 12:31 . 2010-08-01 12:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 20:21 . 2010-07-04 08:54 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-08-24 11:55 . 2008-04-14 07:00 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-08-24 11:40 . 2010-07-25 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-22 23:31 . 2010-04-12 09:41 76248 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-22 16:29 . 2010-04-12 12:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-21 12:21 . 2010-05-08 04:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Geaw
2010-08-20 21:40 . 2010-06-26 18:28 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-20 21:40 . 2010-06-26 18:28 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-20 21:40 . 2010-06-26 18:28 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-20 20:44 . 2010-06-26 18:28 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-08-20 20:44 . 2010-06-26 18:28 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-08-20 20:44 . 2010-04-12 09:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 13:15 . 2010-04-13 23:09 -------- d-----w- c:\program files\SpeedFan
2010-08-19 22:05 . 2010-04-22 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-19 10:56 . 2010-04-12 12:12 -------- d-----w- c:\program files\uTorrent
2010-08-18 20:07 . 2010-04-13 19:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-18 19:52 . 2010-06-27 15:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2010-08-17 15:40 . 2010-05-10 16:03 -------- d-----w- c:\program files\Pegasys Inc
2010-08-16 16:07 . 2010-04-12 22:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 21:17 . 2010-07-05 07:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Idki
2010-08-12 20:29 . 2010-04-27 17:24 -------- d-----w- c:\program files\JDownloader
2010-08-12 20:22 . 2010-07-19 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-08-11 21:31 . 2010-04-14 13:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-08-11 18:04 . 2010-04-12 22:04 -------- d-----w- c:\program files\Common Files\Apple
2010-08-11 18:03 . 2010-04-12 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-08 12:06 . 2010-06-01 16:58 60912 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-06 14:17 . 2010-05-22 18:52 -------- d-----w- c:\program files\Cheat Engine
2010-08-06 11:30 . 2010-08-05 16:03 2554 ----a-w- c:\documents and settings\Administrator\Application Data\SAS7_000.DAT
2010-08-05 15:22 . 2010-04-12 09:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 12:21 . 2010-06-01 22:37 -------- d-----w- c:\program files\Microsoft.NET
2010-08-02 18:57 . 2010-06-01 22:40 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-08-02 18:56 . 2010-06-01 22:37 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-21 15:30 . 2010-07-21 15:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-21 13:32 . 2010-07-21 13:32 -------- d-----w- c:\program files\Gadwin Systems
2010-07-20 17:19 . 2010-07-20 17:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-20 10:43 . 2010-06-06 18:24 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-19 21:02 . 2010-07-19 21:02 -------- d-----w- c:\program files\Adobe Media Player
2010-07-12 20:08 . 2010-06-01 13:37 -------- d-----w- c:\program files\EASEUS
2010-07-11 13:27 . 2010-05-07 15:52 -------- d-----w- c:\program files\PFConfig
2010-07-09 19:00 . 2010-07-09 19:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-08 18:07 . 2010-07-08 18:07 24448 ----a-w- c:\windows\system32\drivers\fnetthjm.sys
2010-07-05 18:32 . 2010-05-08 13:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\MessengerDiscovery 2
2010-07-04 12:45 . 2010-07-04 12:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2010-07-04 12:40 . 2010-07-04 12:18 -------- d-----w- c:\program files\Common Files\Nero
2010-07-04 12:38 . 2010-07-04 12:19 -------- d-----w- c:\program files\Nero
2010-07-04 12:24 . 2010-07-04 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-02 10:14 . 2010-07-02 10:14 -------- d-----w- c:\documents and settings\Pawan\Application Data\ESET
2010-06-29 20:06 . 2010-06-29 20:04 -------- d-----w- c:\program files\Ultra Mobile 3GP Video Converter
2010-06-29 20:04 . 2010-06-29 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2010-06-29 19:30 . 2010-06-26 18:27 -------- d-----w- c:\program files\EA Sports
2010-06-29 17:13 . 2010-06-29 17:13 -------- d-----w- c:\program files\Eurekr.com
2010-06-29 17:09 . 2010-06-29 17:09 -------- d-----w- c:\program files\Moyea
2010-06-27 15:46 . 2010-06-27 15:45 -------- d-----w- c:\program files\directx2
2010-06-27 15:41 . 2010-06-27 15:41 85504 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-06-26 21:41 . 2010-06-26 21:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers
2010-06-26 18:28 . 2010-06-26 18:28 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-06-21 09:46 . 2010-06-21 09:46 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-21 09:44 . 2010-04-30 16:46 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-21 09:44 . 2010-04-30 16:46 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-19 11:36 . 2010-06-19 11:36 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-06-19 11:28 . 2010-06-19 11:28 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-06-19 11:26 . 2010-06-19 11:26 1025 ----a-w- c:\windows\system32\clauth2.dll
2010-06-19 11:26 . 2010-06-19 11:26 1025 ----a-w- c:\windows\system32\clauth1.dll
2010-06-19 11:22 . 2010-06-19 11:22 0 ----a-w- C:\license.dat
2010-06-19 11:22 . 2010-06-19 11:22 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-06-19 11:22 . 2010-06-19 11:22 1025 ----a-w- c:\windows\system32\serauth2.dll
2010-06-19 11:22 . 2010-06-19 11:22 1025 ----a-w- c:\windows\system32\serauth1.dll
2010-06-13 15:21 . 2010-04-12 09:34 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-11 17:49 . 2010-04-12 09:32 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\AcrobatUpdater.exe
2010-06-02 03:55 . 2010-06-27 15:53 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 03:55 . 2010-06-27 15:53 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 03:55 . 2010-06-27 15:53 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-01 22:41 . 2010-06-01 22:41 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2006-05-03 09:06 . 2010-08-17 16:44 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-08-17 16:44 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-08-17 16:44 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2010-08-24 . 5A0927A6909608CB08223B39E71BA566 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-25_14.36.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-25 20:24 . 2010-08-25 20:24 16384 c:\windows\Temp\Perflib_Perfdata_bac.dat
+ 2008-04-14 07:00 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
- 2008-04-14 07:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 01:20 561552 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:59 153184 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetMeter"="c:\program files\HooTech\NetMeter\HooNetMeter.exe" [2008-12-05 577536]
"Gadwin PrintScreen Pro"="c:\program files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WUSB54GPv4"="c:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AccuMark Startup Manager.lnk - c:\program files\Common Files\Gerber Technology\acmkmgr.exe [2007-5-24 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-09-04 12:16 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-05-14 13:48 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 14:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 14:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-07-21 16:32 87336 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [02/08/2010 12:16 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [02/08/2010 12:16 188168]
R1 67304221;67304221;c:\windows\system32\drivers\67304221.sys [24/08/2010 11:49 128016]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [02/08/2010 12:17 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/08/2010 12:17 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/08/2010 12:17 165456]
R1 setup_9.0.0.722_23.08.2010_03-48drv;setup_9.0.0.722_23.08.2010_03-48drv;c:\windows\system32\drivers\6730422.sys [24/08/2010 11:49 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/08/2010 12:17 17744]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [02/08/2010 12:16 119200]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [31/12/2008 11:34 60928]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
R2 WUSB54GPv4SVC;WUSB54GPv4SVC;c:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe [12/04/2010 10:57 41025]
S0 67304222;67304222 Boot Guard Driver;c:\windows\system32\DRIVERS\67304222.sys --> c:\windows\system32\DRIVERS\67304222.sys [?]
S0 bsgbqnm;bsgbqnm; [x]
S0 cerc6;cerc6; [x]
S1 anf0100.sys;anf0100.sys;\??\c:\windows\system32\drivers\anf0100.sys --> c:\windows\system32\drivers\anf0100.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [31/12/2008 11:34 20992]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2010 17:38 135664]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [06/06/2010 14:09 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [06/06/2010 14:09 8456]
S3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [08/07/2010 19:07 24448]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 10:25 30969208]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [14/11/2007 20:40 34448]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2010-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:38]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: {25DBCD76-5389-49D3-9105-8143B83B7ABD} = 192.168.5.1,192.168.5.2
TCP: {5DCD2949-AB0B-46A4-B485-088C96A91502} = 192.168.5.1,192.168.5.2
TCP: {85C70598-6A88-4C5A-A48D-24B0E46FAF36} = 192.168.5.1,192.168.5.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://blogtv.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cacaoweb - c:\program files\cacaoweb\cacaoweb.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "c:\program files\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?es??????????????????M?x???????x???l?M???M???????????M???M? ??|`??|????????????????( ??????Service Pack 3?????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2010-08-25 22:04:40
ComboFix-quarantined-files.txt 2010-08-25 21:04
ComboFix2.txt 2010-08-25 14:40

Pre-Run: 6,697,431,040 bytes free
Post-Run: 6,673,932,288 bytes free

- - End Of File - - BD84B66715E8C377E7BB5D3B3411AEA2

The system is acting slower then usual. Firefox is taking alot of ram.! And on windows live messenger its really buggy for me, i can't recieve or send messages. I think I have one or two bogies left on the machine.

EDIT: Ok my machine is working good like before, I just rebooted, no bugs with MSN, one more thing, when I play videos on youtube or bbc iplayer, whatever it may be, my computer makes LOADS of noise, and Mozilla takes up about 50 CPUS, bear-in mind I only have 96MB of Vram, that may be the problem.Everything is good with the virus stuff except one thing, the Intel LAN boot stuff, it still comes up, I tried what you said but there was no option for it. Oh and is my log(s) clean?

Edited by Pawanhammers, 25 August 2010 - 07:18 PM.

#66
Essexboy

Posted 26 August 2010 - 04:42 AM

GeekU Moderator

Retired Staff
69,964 posts

[6.00.2900.2180] . . c:\windows\explorer.exe this tells me it is a Vista copy

We still need to replace winlogon - Download a copy of the file from my site

Place the file in the following directory C:\WINDOWS\System32\dllcache

Then re-run Combofix

#67
Pawanhammers

Posted 26 August 2010 - 07:05 AM

Member

Topic Starter
Member
248 posts

ComboFix must be wrong, i'm 100% sure its an XP one, its defo not a Vista one, but i'll do the above.

#68
Essexboy

Posted 26 August 2010 - 07:16 AM

GeekU Moderator

Retired Staff
69,964 posts

[6.00.2900.2180] it reads the version number direct from the file

#69
Pawanhammers

Posted 26 August 2010 - 07:18 AM

Member

Topic Starter
Member
248 posts

WAAAAAAAAAAAAAAAAAAAAAAAAAAAAT! Its copied off from a dimension 5200 and its got xp sp2 on it. It cant possibly be vista, anyway will do the above 2.

#70
Pawanhammers

Posted 26 August 2010 - 11:32 AM

Member

Topic Starter
Member
248 posts

shall i run combo without dragging .txt's and renaming it?

#71
Essexboy

Posted 26 August 2010 - 12:18 PM

GeekU Moderator

Retired Staff
69,964 posts

Yes please I am hoping now that CF finds the new copy in the dll cache

#72
Essexboy

Posted 30 August 2010 - 04:38 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#73
Essexboy

Posted 30 August 2010 - 10:04 AM

GeekU Moderator

Retired Staff
69,964 posts

Sorry about not telling you that I was going holiday,
Here is the CF log.

ComboFix 10-08-24.07 - Administrator 30/08/2010 13:08:02.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.823 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-26 20:52 . 2010-08-26 20:52 1078 ----a-w- c:\windows\system32\unins000.dat
2010-08-26 20:52 . 2010-08-26 20:52 695578 ----a-w- c:\windows\system32\unins000.exe
2010-08-26 20:52 . 2008-09-30 18:35 65536 ----a-w- c:\windows\system32\camcodec.dll
2010-08-26 20:45 . 2010-08-26 20:45 -------- d-----w- C:\Fraps
2010-08-26 17:03 . 2010-08-26 17:04 502272 ----a-w- c:\windows\system32\dllcache\winlogon.exe
2010-08-25 21:37 . 2010-08-25 21:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mael
2010-08-25 21:27 . 2010-08-25 21:36 -------- d-----w- c:\program files\HxD
2010-08-25 13:57 . 2004-08-03 23:56 1032192 ----a-w- c:\windows\explorer.exe
2010-08-24 21:59 . 2010-08-24 21:59 -------- d-----w- c:\program files\Xvid
2010-08-24 21:59 . 2009-06-07 15:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-08-24 21:59 . 2009-06-07 15:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-08-24 20:21 . 2010-08-24 20:21 -------- d-----w- C:\_OTL
2010-08-24 10:49 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\6730422.sys
2010-08-24 10:49 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\67304221.sys
2010-08-23 11:43 . 2010-08-23 11:43 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-08-22 16:32 . 2010-08-22 16:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\STOPzilla!
2010-08-22 16:30 . 2010-08-22 16:35 -------- d-----w- c:\program files\STOPzilla!
2010-08-22 15:40 . 2010-08-22 15:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-22 15:40 . 2010-08-22 15:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-08-22 12:48 . 2010-08-22 12:35 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-08-22 12:33 . 2010-08-22 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-08-22 12:19 . 2010-08-22 12:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Xfire
2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\program files\Xfire
2010-08-20 16:32 . 2010-08-20 16:32 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-08-20 16:32 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-08-20 16:32 . 2010-08-20 16:32 -------- d-----w- c:\program files\Microsoft WSE
2010-08-19 16:37 . 2010-08-19 16:37 -------- d-----w- c:\program files\SlySoft
2010-08-19 16:32 . 2010-08-19 16:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canneverbe Limited
2010-08-19 16:32 . 2010-08-19 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-08-19 16:32 . 2009-11-12 13:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-19 16:31 . 2010-08-19 16:32 -------- d-----w- c:\program files\CDBurnerXP
2010-08-19 15:15 . 2010-08-19 15:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-08-18 19:52 . 2010-08-18 19:52 92280 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll
2010-08-18 17:21 . 2010-08-18 19:53 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-17 16:46 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-08-17 16:46 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-08-17 16:46 . 2010-08-17 16:46 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-17 16:44 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-08-17 16:44 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-08-17 16:44 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-08-17 16:44 . 2010-08-17 16:44 -------- d-----w- c:\program files\eRightSoft
2010-08-17 14:14 . 2010-08-17 14:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\LEAPS
2010-08-16 16:56 . 2010-08-16 16:56 1078 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{89D86886-A5D1-4BE5-8446-56D902C5F36D}\_6ABB0E4E16E74822673FD5.exe
2010-08-16 16:56 . 2010-08-16 16:56 -------- d-----w- c:\program files\Computer++
2010-08-16 16:08 . 2010-08-16 16:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
2010-08-16 16:01 . 2010-08-16 16:06 -------- d-----w- c:\program files\Reasonable NoClone 2007 Enterprise
2010-08-16 15:39 . 2010-08-16 16:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Reasonable Software House Ltd
2010-08-13 14:43 . 2010-08-13 14:49 -------- d-----w- c:\program files\CamStudio
2010-08-12 20:28 . 2010-08-12 20:33 -------- d-----w- C:\SSBB
2010-08-12 20:21 . 2010-08-12 20:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Conduit
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\DVDVideoSoftTB
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Application Data\Apple Computer
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Apple Computer
2010-08-11 18:05 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-11 18:05 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-11 18:04 . 2010-08-11 18:04 -------- d-----w- c:\program files\iPod
2010-08-11 18:03 . 2010-08-11 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-11 18:03 . 2010-08-11 18:05 -------- d-----w- c:\program files\iTunes
2010-08-11 18:01 . 2010-08-11 18:02 -------- d-----w- c:\program files\QuickTime
2010-08-11 17:58 . 2010-08-11 17:58 -------- d-----w- c:\program files\Apple Software Update
2010-08-11 17:56 . 2010-08-11 17:56 -------- d-----w- c:\program files\Bonjour
2010-08-11 14:39 . 2010-08-12 00:04 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\LogMeIn Hamachi
2010-08-11 14:39 . 2010-08-11 14:39 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Scansoft
2010-08-11 14:39 . 2010-08-11 14:39 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Adobe
2010-08-11 14:38 . 2010-08-12 00:02 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\TSVNCache
2010-08-11 14:38 . 2010-08-11 14:38 -------- d-----w- c:\documents and settings\Pawan\Application Data\PC Suite
2010-08-10 17:21 . 2010-08-10 18:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Audacity
2010-08-10 17:21 . 2010-08-10 17:21 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-08-06 10:00 . 2010-08-06 10:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Scansoft
2010-08-05 18:43 . 2010-08-05 18:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\SmartFTP
2010-08-05 18:42 . 2010-08-05 18:42 -------- d-----w- c:\program files\SmartFTP Client
2010-08-05 18:42 . 2010-08-05 18:42 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-08-05 15:23 . 2010-08-05 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-08-05 15:21 . 2010-08-18 20:14 -------- d-----w- c:\windows\speech
2010-08-04 15:14 . 2010-08-04 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MySQL
2010-08-04 15:12 . 2009-07-10 11:33 1589248 ----a-w- c:\windows\system32\libmysql_d.dll
2010-08-04 15:11 . 2010-08-04 15:11 -------- d-----w- c:\program files\PremiumSoft
2010-08-04 14:44 . 2010-08-04 16:20 -------- d-----w- c:\program files\MySQL
2010-08-04 00:01 . 2010-08-04 01:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\CoreFTP
2010-08-04 00:00 . 2010-08-04 00:00 -------- d-----w- c:\program files\CoreFTP
2010-08-03 19:40 . 2010-08-04 01:12 -------- d-----w- C:\wamp
2010-08-03 19:07 . 2010-08-03 19:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Vitalwerks
2010-08-03 19:06 . 2010-08-03 19:06 -------- d-----w- c:\program files\No-IP
2010-08-03 17:17 . 2009-12-19 23:00 -------- d---a-w- C:\xampp
2010-08-03 12:37 . 2010-08-03 12:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SkinSoft
2010-08-02 22:10 . 2010-08-30 11:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2010-08-02 22:06 . 2010-08-22 13:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
2010-08-02 22:06 . 2010-08-30 12:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-08-02 22:05 . 2010-08-02 22:05 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-08-02 21:42 . 2010-08-02 21:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\TortoiseSVN
2010-08-02 21:29 . 2010-08-02 21:29 -------- d-----w- c:\program files\TortoiseSVN
2010-08-02 21:29 . 2010-08-02 21:29 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-08-02 20:05 . 2010-05-23 16:50 73216 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-08-02 20:05 . 2010-04-18 13:33 172032 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-08-02 20:05 . 2010-04-18 13:33 307200 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-08-02 18:58 . 2010-08-02 18:58 187328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2010-08-02 17:56 . 2010-08-02 17:56 0 ----a-w- c:\documents and settings\Administrator\jagex__preferences3.dat
2010-08-02 17:56 . 2010-08-08 11:42 99 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2010-08-02 17:54 . 2010-08-08 11:42 46 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2010-08-02 17:54 . 2010-08-02 17:54 -------- d-----w- c:\windows\.jagex_cache_32
2010-08-02 12:43 . 2010-08-16 16:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2010-08-02 11:36 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-02 11:17 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-02 11:17 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-02 11:17 . 2010-06-28 20:39 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-08-02 11:17 . 2010-06-28 20:39 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-08-02 11:16 . 2010-06-28 20:38 188168 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-08-02 11:16 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-02 11:16 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-02 11:16 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-02 11:16 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-02 11:16 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-02 11:16 . 2010-01-09 20:22 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-08-02 11:16 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-02 11:15 . 2010-08-02 11:15 -------- d-----w- c:\program files\Alwil Software
2010-08-02 11:15 . 2010-08-02 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-02 10:21 . 2010-08-02 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2010-08-02 10:21 . 2010-08-02 10:21 -------- d-----w- c:\program files\Siber Systems
2010-08-01 20:23 . 2010-08-01 20:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-08-01 20:23 . 2010-08-01 20:23 -------- d-----w- c:\program files\DVDVideoSoft
2010-08-01 20:13 . 2010-08-02 09:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
2010-08-01 20:13 . 2010-08-02 09:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2010-08-01 20:13 . 2010-08-01 20:13 -------- d-----w- c:\program files\Conduit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 22:28 . 2010-04-22 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-24 20:21 . 2010-07-04 08:54 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-08-24 11:55 . 2008-04-14 07:00 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-08-24 11:40 . 2010-07-25 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-22 23:31 . 2010-04-12 09:41 76248 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-22 16:29 . 2010-04-12 12:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-21 12:21 . 2010-05-08 04:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Geaw
2010-08-20 21:40 . 2010-06-26 18:28 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-20 21:40 . 2010-06-26 18:28 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-20 21:40 . 2010-06-26 18:28 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-20 20:44 . 2010-06-26 18:28 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-08-20 20:44 . 2010-06-26 18:28 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-08-20 20:44 . 2010-04-12 09:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 13:15 . 2010-04-13 23:09 -------- d-----w- c:\program files\SpeedFan
2010-08-19 10:56 . 2010-04-12 12:12 -------- d-----w- c:\program files\uTorrent
2010-08-18 20:07 . 2010-04-13 19:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-18 19:52 . 2010-06-27 15:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2010-08-17 15:40 . 2010-05-10 16:03 -------- d-----w- c:\program files\Pegasys Inc
2010-08-16 16:07 . 2010-04-12 22:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 21:17 . 2010-07-05 07:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Idki
2010-08-12 20:29 . 2010-04-27 17:24 -------- d-----w- c:\program files\JDownloader
2010-08-12 20:22 . 2010-07-19 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-08-11 21:31 . 2010-04-14 13:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-08-11 18:04 . 2010-04-12 22:04 -------- d-----w- c:\program files\Common Files\Apple
2010-08-11 18:03 . 2010-04-12 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-08 12:06 . 2010-06-01 16:58 60912 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-06 14:17 . 2010-05-22 18:52 -------- d-----w- c:\program files\Cheat Engine
2010-08-06 11:30 . 2010-08-05 16:03 2554 ----a-w- c:\documents and settings\Administrator\Application Data\SAS7_000.DAT
2010-08-05 15:22 . 2010-04-12 09:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 12:21 . 2010-06-01 22:37 -------- d-----w- c:\program files\Microsoft.NET
2010-08-02 18:57 . 2010-06-01 22:40 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-08-02 18:56 . 2010-06-01 22:37 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-21 15:30 . 2010-07-21 15:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-21 13:32 . 2010-07-21 13:32 -------- d-----w- c:\program files\Gadwin Systems
2010-07-20 17:19 . 2010-07-20 17:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-20 10:43 . 2010-06-06 18:24 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-19 21:02 . 2010-07-19 21:02 -------- d-----w- c:\program files\Adobe Media Player
2010-07-12 20:08 . 2010-06-01 13:37 -------- d-----w- c:\program files\EASEUS
2010-07-11 13:27 . 2010-05-07 15:52 -------- d-----w- c:\program files\PFConfig
2010-07-09 19:00 . 2010-07-09 19:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-08 18:07 . 2010-07-08 18:07 24448 ----a-w- c:\windows\system32\drivers\fnetthjm.sys
2010-07-05 18:32 . 2010-05-08 13:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\MessengerDiscovery 2
2010-07-04 12:45 . 2010-07-04 12:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2010-07-04 12:40 . 2010-07-04 12:18 -------- d-----w- c:\program files\Common Files\Nero
2010-07-04 12:38 . 2010-07-04 12:19 -------- d-----w- c:\program files\Nero
2010-07-04 12:24 . 2010-07-04 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-02 10:14 . 2010-07-02 10:14 -------- d-----w- c:\documents and settings\Pawan\Application Data\ESET
2010-06-27 15:41 . 2010-06-27 15:41 85504 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-06-26 18:28 . 2010-06-26 18:28 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-06-21 09:46 . 2010-06-21 09:46 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-21 09:44 . 2010-04-30 16:46 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-21 09:44 . 2010-04-30 16:46 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-19 11:36 . 2010-06-19 11:36 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-06-19 11:28 . 2010-06-19 11:28 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-06-19 11:26 . 2010-06-19 11:26 1025 ----a-w- c:\windows\system32\clauth2.dll
2010-06-19 11:26 . 2010-06-19 11:26 1025 ----a-w- c:\windows\system32\clauth1.dll
2010-06-19 11:22 . 2010-06-19 11:22 0 ----a-w- C:\license.dat
2010-06-19 11:22 . 2010-06-19 11:22 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-06-19 11:22 . 2010-06-19 11:22 1025 ----a-w- c:\windows\system32\serauth2.dll
2010-06-19 11:22 . 2010-06-19 11:22 1025 ----a-w- c:\windows\system32\serauth1.dll
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-13 15:21 . 2010-04-12 09:34 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-11 17:49 . 2010-04-12 09:32 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\AcrobatUpdater.exe
2010-06-02 03:55 . 2010-06-27 15:53 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 03:55 . 2010-06-27 15:53 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 03:55 . 2010-06-27 15:53 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-01 22:41 . 2010-06-01 22:41 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2006-05-03 09:06 . 2010-08-17 16:44 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-08-17 16:44 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-08-17 16:44 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2010-08-26 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
[-] 2010-08-24 . 5A0927A6909608CB08223B39E71BA566 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-25_14.36.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-30 11:04 . 2010-08-30 11:04 16384 c:\windows\Temp\Perflib_Perfdata_b6c.dat
+ 2010-06-11 18:35 . 2010-08-29 22:28 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-04-14 07:00 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
- 2008-04-14 07:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2010-06-11 18:35 . 2010-08-29 22:28 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 01:20 561552 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:59 153184 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetMeter"="c:\program files\HooTech\NetMeter\HooNetMeter.exe" [2008-12-05 577536]
"Gadwin PrintScreen Pro"="c:\program files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WUSB54GPv4"="c:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AccuMark Startup Manager.lnk - c:\program files\Common Files\Gerber Technology\acmkmgr.exe [2007-5-24 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-09-04 12:16 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-05-14 13:48 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 14:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 14:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-07-21 16:32 87336 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [02/08/2010 12:16 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [02/08/2010 12:16 188168]
R1 67304221;67304221;c:\windows\system32\drivers\67304221.sys [24/08/2010 11:49 128016]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [02/08/2010 12:17 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/08/2010 12:17 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/08/2010 12:17 165456]
R1 setup_9.0.0.722_23.08.2010_03-48drv;setup_9.0.0.722_23.08.2010_03-48drv;c:\windows\system32\drivers\6730422.sys [24/08/2010 11:49 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/08/2010 12:17 17744]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [31/12/2008 11:34 60928]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
R2 WUSB54GPv4SVC;WUSB54GPv4SVC;c:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe [12/04/2010 10:57 41025]
S0 67304222;67304222 Boot Guard Driver;c:\windows\system32\DRIVERS\67304222.sys --> c:\windows\system32\DRIVERS\67304222.sys [?]
S0 bsgbqnm;bsgbqnm; [x]
S0 cerc6;cerc6; [x]
S1 anf0100.sys;anf0100.sys;\??\c:\windows\system32\drivers\anf0100.sys --> c:\windows\system32\drivers\anf0100.sys [?]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [02/08/2010 12:16 119200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [31/12/2008 11:34 20992]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2010 17:38 135664]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [06/06/2010 14:09 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [06/06/2010 14:09 8456]
S3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [08/07/2010 19:07 24448]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 10:25 30969208]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [14/11/2007 20:40 34448]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2010-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:38]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: {25DBCD76-5389-49D3-9105-8143B83B7ABD} = 192.168.5.1,192.168.5.2
TCP: {5DCD2949-AB0B-46A4-B485-088C96A91502} = 192.168.5.1,192.168.5.2
TCP: {85C70598-6A88-4C5A-A48D-24B0E46FAF36} = 192.168.5.1,192.168.5.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://blogtv.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 13:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2010-08-30 13:16:28
ComboFix-quarantined-files.txt 2010-08-30 12:16
ComboFix2.txt 2010-08-25 21:04
ComboFix3.txt 2010-08-25 14:40

Pre-Run: 5,951,209,472 bytes free
Post-Run: 6,035,562,496 bytes free

- - End Of File - - F36DDC55834485E230018AF4FAF836F3

#74
Essexboy

Posted 30 August 2010 - 10:12 AM

GeekU Moderator

Retired Staff
69,964 posts

REDUCED FUNCTIONALITY MODE

Could you delete your current copy of combofix and download a fresh copy please as this one is old. On completion can you let me know what problems remain

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Fcopy::
c:\windows\system32\dllcache\winlogon.exe|c:\windows\system32\winlogon.exe

Driver::
bsgbqnm

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new OTListit log.

#75
Pawanhammers

Posted 30 August 2010 - 01:41 PM

Member

Topic Starter
Member
248 posts

Combo Log;

ComboFix 10-08-29.04 - Administrator 30/08/2010 19:45:39.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.627 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\winlogon.exe --> c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BSGBQNM
-------\Service_bsgbqnm

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-26 20:52 . 2010-08-26 20:52 1078 ----a-w- c:\windows\system32\unins000.dat
2010-08-26 20:52 . 2010-08-26 20:52 695578 ----a-w- c:\windows\system32\unins000.exe
2010-08-26 20:52 . 2008-09-30 18:35 65536 ----a-w- c:\windows\system32\camcodec.dll
2010-08-26 20:45 . 2010-08-26 20:45 -------- d-----w- C:\Fraps
2010-08-26 17:03 . 2010-08-26 17:04 502272 ------w- c:\windows\system32\dllcache\winlogon.exe
2010-08-25 21:37 . 2010-08-25 21:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mael
2010-08-25 21:27 . 2010-08-25 21:36 -------- d-----w- c:\program files\HxD
2010-08-25 13:57 . 2004-08-03 23:56 1032192 ----a-w- c:\windows\explorer.exe
2010-08-24 21:59 . 2010-08-24 21:59 -------- d-----w- c:\program files\Xvid
2010-08-24 21:59 . 2009-06-07 15:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-08-24 21:59 . 2009-06-07 15:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-08-24 20:21 . 2010-08-24 20:21 -------- d-----w- C:\_OTL
2010-08-24 10:49 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\6730422.sys
2010-08-24 10:49 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\67304221.sys
2010-08-23 11:43 . 2010-08-23 11:43 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-08-22 16:32 . 2010-08-22 16:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\STOPzilla!
2010-08-22 16:30 . 2010-08-22 16:35 -------- d-----w- c:\program files\STOPzilla!
2010-08-22 15:40 . 2010-08-22 15:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-22 15:40 . 2010-08-22 15:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-08-22 12:48 . 2010-08-22 12:35 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-08-22 12:33 . 2010-08-22 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-08-22 12:19 . 2010-08-22 12:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Xfire
2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\program files\Xfire
2010-08-20 16:32 . 2010-08-20 16:32 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-08-20 16:32 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-08-20 16:32 . 2010-08-20 16:32 -------- d-----w- c:\program files\Microsoft WSE
2010-08-19 16:37 . 2010-08-19 16:37 -------- d-----w- c:\program files\SlySoft
2010-08-19 16:32 . 2010-08-19 16:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canneverbe Limited
2010-08-19 16:32 . 2010-08-19 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-08-19 16:32 . 2009-11-12 13:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-19 16:31 . 2010-08-19 16:32 -------- d-----w- c:\program files\CDBurnerXP
2010-08-19 15:15 . 2010-08-19 15:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-08-18 19:52 . 2010-08-18 19:52 92280 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll
2010-08-18 17:21 . 2010-08-18 19:53 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-17 16:46 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-08-17 16:46 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-08-17 16:46 . 2010-08-17 16:46 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-17 16:44 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-08-17 16:44 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-08-17 16:44 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-08-17 16:44 . 2010-08-17 16:44 -------- d-----w- c:\program files\eRightSoft
2010-08-17 14:14 . 2010-08-17 14:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\LEAPS
2010-08-16 16:56 . 2010-08-16 16:56 1078 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{89D86886-A5D1-4BE5-8446-56D902C5F36D}\_6ABB0E4E16E74822673FD5.exe
2010-08-16 16:56 . 2010-08-16 16:56 -------- d-----w- c:\program files\Computer++
2010-08-16 16:08 . 2010-08-16 16:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
2010-08-16 16:01 . 2010-08-16 16:06 -------- d-----w- c:\program files\Reasonable NoClone 2007 Enterprise
2010-08-16 15:39 . 2010-08-16 16:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Reasonable Software House Ltd
2010-08-13 14:43 . 2010-08-13 14:49 -------- d-----w- c:\program files\CamStudio
2010-08-12 20:28 . 2010-08-12 20:33 -------- d-----w- C:\SSBB
2010-08-12 20:21 . 2010-08-12 20:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Conduit
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\DVDVideoSoftTB
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Application Data\Apple Computer
2010-08-12 00:03 . 2010-08-12 00:03 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Apple Computer
2010-08-11 18:05 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-11 18:05 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-11 18:04 . 2010-08-11 18:04 -------- d-----w- c:\program files\iPod
2010-08-11 18:03 . 2010-08-11 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-11 18:03 . 2010-08-11 18:05 -------- d-----w- c:\program files\iTunes
2010-08-11 18:01 . 2010-08-11 18:02 -------- d-----w- c:\program files\QuickTime
2010-08-11 17:58 . 2010-08-11 17:58 -------- d-----w- c:\program files\Apple Software Update
2010-08-11 17:56 . 2010-08-11 17:56 -------- d-----w- c:\program files\Bonjour
2010-08-11 14:39 . 2010-08-12 00:04 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\LogMeIn Hamachi
2010-08-11 14:39 . 2010-08-11 14:39 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Scansoft
2010-08-11 14:39 . 2010-08-11 14:39 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\Adobe
2010-08-11 14:38 . 2010-08-12 00:02 -------- d-----w- c:\documents and settings\Pawan\Local Settings\Application Data\TSVNCache
2010-08-11 14:38 . 2010-08-11 14:38 -------- d-----w- c:\documents and settings\Pawan\Application Data\PC Suite
2010-08-10 17:21 . 2010-08-10 18:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Audacity
2010-08-10 17:21 . 2010-08-10 17:21 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-08-06 10:00 . 2010-08-06 10:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Scansoft
2010-08-05 18:43 . 2010-08-05 18:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\SmartFTP
2010-08-05 18:42 . 2010-08-05 18:42 -------- d-----w- c:\program files\SmartFTP Client
2010-08-05 18:42 . 2010-08-05 18:42 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-08-05 15:23 . 2010-08-05 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-08-05 15:21 . 2010-08-18 20:14 -------- d-----w- c:\windows\speech
2010-08-04 15:14 . 2010-08-04 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MySQL
2010-08-04 15:12 . 2009-07-10 11:33 1589248 ----a-w- c:\windows\system32\libmysql_d.dll
2010-08-04 15:11 . 2010-08-04 15:11 -------- d-----w- c:\program files\PremiumSoft
2010-08-04 14:44 . 2010-08-04 16:20 -------- d-----w- c:\program files\MySQL
2010-08-04 00:01 . 2010-08-04 01:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\CoreFTP
2010-08-04 00:00 . 2010-08-04 00:00 -------- d-----w- c:\program files\CoreFTP
2010-08-03 19:40 . 2010-08-04 01:12 -------- d-----w- C:\wamp
2010-08-03 19:07 . 2010-08-03 19:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Vitalwerks
2010-08-03 19:06 . 2010-08-03 19:06 -------- d-----w- c:\program files\No-IP
2010-08-03 17:17 . 2009-12-19 23:00 -------- d---a-w- C:\xampp
2010-08-03 12:37 . 2010-08-03 12:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SkinSoft
2010-08-02 22:10 . 2010-08-30 11:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2010-08-02 22:06 . 2010-08-22 13:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
2010-08-02 22:06 . 2010-08-30 19:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-08-02 22:05 . 2010-08-02 22:05 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-08-02 21:42 . 2010-08-02 21:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\TortoiseSVN
2010-08-02 21:29 . 2010-08-02 21:29 -------- d-----w- c:\program files\TortoiseSVN
2010-08-02 21:29 . 2010-08-02 21:29 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-08-02 20:05 . 2010-05-23 16:50 73216 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-08-02 20:05 . 2010-04-18 13:33 172032 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-08-02 20:05 . 2010-04-18 13:33 307200 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-08-02 18:58 . 2010-08-02 18:58 187328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2010-08-02 17:56 . 2010-08-02 17:56 0 ----a-w- c:\documents and settings\Administrator\jagex__preferences3.dat
2010-08-02 17:56 . 2010-08-08 11:42 99 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2010-08-02 17:54 . 2010-08-08 11:42 46 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2010-08-02 17:54 . 2010-08-02 17:54 -------- d-----w- c:\windows\.jagex_cache_32
2010-08-02 12:43 . 2010-08-16 16:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2010-08-02 11:36 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-02 11:17 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-02 11:17 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-02 11:17 . 2010-06-28 20:39 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-08-02 11:17 . 2010-06-28 20:39 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-08-02 11:16 . 2010-06-28 20:38 188168 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-08-02 11:16 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-02 11:16 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-02 11:16 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-02 11:16 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-02 11:16 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-02 11:16 . 2010-01-09 20:22 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-08-02 11:16 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-02 11:15 . 2010-08-02 11:15 -------- d-----w- c:\program files\Alwil Software
2010-08-02 11:15 . 2010-08-02 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-02 10:21 . 2010-08-02 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2010-08-02 10:21 . 2010-08-02 10:21 -------- d-----w- c:\program files\Siber Systems
2010-08-01 20:23 . 2010-08-01 20:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-08-01 20:23 . 2010-08-01 20:23 -------- d-----w- c:\program files\DVDVideoSoft
2010-08-01 20:13 . 2010-08-02 09:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
2010-08-01 20:13 . 2010-08-02 09:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2010-08-01 20:13 . 2010-08-01 20:13 -------- d-----w- c:\program files\Conduit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 22:28 . 2010-04-22 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-26 17:04 . 2008-04-14 07:00 502272 ----a-w- c:\windows\system32\winlogon.exe
2010-08-24 20:21 . 2010-07-04 08:54 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-08-24 11:40 . 2010-07-25 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-22 23:31 . 2010-04-12 09:41 76248 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-22 16:29 . 2010-04-12 12:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-21 12:21 . 2010-05-08 04:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Geaw
2010-08-20 21:40 . 2010-06-26 18:28 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-20 21:40 . 2010-06-26 18:28 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-20 21:40 . 2010-06-26 18:28 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-20 20:44 . 2010-06-26 18:28 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-08-20 20:44 . 2010-06-26 18:28 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-08-20 20:44 . 2010-04-12 09:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 13:15 . 2010-04-13 23:09 -------- d-----w- c:\program files\SpeedFan
2010-08-19 10:56 . 2010-04-12 12:12 -------- d-----w- c:\program files\uTorrent
2010-08-18 20:07 . 2010-04-13 19:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-18 19:52 . 2010-06-27 15:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2010-08-17 15:40 . 2010-05-10 16:03 -------- d-----w- c:\program files\Pegasys Inc
2010-08-16 16:07 . 2010-04-12 22:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 21:17 . 2010-07-05 07:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Idki
2010-08-12 20:29 . 2010-04-27 17:24 -------- d-----w- c:\program files\JDownloader
2010-08-12 20:22 . 2010-07-19 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-08-11 21:31 . 2010-04-14 13:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-08-11 18:04 . 2010-04-12 22:04 -------- d-----w- c:\program files\Common Files\Apple
2010-08-11 18:03 . 2010-04-12 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-08 12:06 . 2010-06-01 16:58 60912 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-06 14:17 . 2010-05-22 18:52 -------- d-----w- c:\program files\Cheat Engine
2010-08-06 11:30 . 2010-08-05 16:03 2554 ----a-w- c:\documents and settings\Administrator\Application Data\SAS7_000.DAT
2010-08-05 15:22 . 2010-04-12 09:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 12:21 . 2010-06-01 22:37 -------- d-----w- c:\program files\Microsoft.NET
2010-08-02 18:57 . 2010-06-01 22:40 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-08-02 18:56 . 2010-06-01 22:37 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-21 15:30 . 2010-07-21 15:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-21 13:32 . 2010-07-21 13:32 -------- d-----w- c:\program files\Gadwin Systems
2010-07-20 17:19 . 2010-07-20 17:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-20 10:43 . 2010-06-06 18:24 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-19 21:02 . 2010-07-19 21:02 -------- d-----w- c:\program files\Adobe Media Player
2010-07-12 20:08 . 2010-06-01 13:37 -------- d-----w- c:\program files\EASEUS
2010-07-11 13:27 . 2010-05-07 15:52 -------- d-----w- c:\program files\PFConfig
2010-07-09 19:00 . 2010-07-09 19:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-08 18:07 . 2010-07-08 18:07 24448 ----a-w- c:\windows\system32\drivers\fnetthjm.sys
2010-07-05 18:32 . 2010-05-08 13:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\MessengerDiscovery 2
2010-07-04 12:45 . 2010-07-04 12:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2010-07-04 12:40 . 2010-07-04 12:18 -------- d-----w- c:\program files\Common Files\Nero
2010-07-04 12:38 . 2010-07-04 12:19 -------- d-----w- c:\program files\Nero
2010-07-04 12:24 . 2010-07-04 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-02 10:14 . 2010-07-02 10:14 -------- d-----w- c:\documents and settings\Pawan\Application Data\ESET
2010-06-27 15:41 . 2010-06-27 15:41 85504 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-06-26 18:28 . 2010-06-26 18:28 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-06-21 09:46 . 2010-06-21 09:46 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-21 09:46 . 2010-06-21 09:46 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-21 09:45 . 2010-06-21 09:45 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-21 09:44 . 2010-04-30 16:46 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-21 09:44 . 2010-04-30 16:46 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-19 11:36 . 2010-06-19 11:36 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-06-19 11:28 . 2010-06-19 11:28 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-06-19 11:26 . 2010-06-19 11:26 1025 ----a-w- c:\windows\system32\clauth2.dll
2010-06-19 11:26 . 2010-06-19 11:26 1025 ----a-w- c:\windows\system32\clauth1.dll
2010-06-19 11:22 . 2010-06-19 11:22 0 ----a-w- C:\license.dat
2010-06-19 11:22 . 2010-06-19 11:22 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-06-19 11:22 . 2010-06-19 11:22 1025 ----a-w- c:\windows\system32\serauth2.dll
2010-06-19 11:22 . 2010-06-19 11:22 1025 ----a-w- c:\windows\system32\serauth1.dll
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-13 15:21 . 2010-04-12 09:34 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-11 17:49 . 2010-04-12 09:32 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15159\AcrobatUpdater.exe
2010-06-02 03:55 . 2010-06-27 15:53 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 03:55 . 2010-06-27 15:53 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 03:55 . 2010-06-27 15:53 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-01 22:41 . 2010-06-01 22:41 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2006-05-03 09:06 . 2010-08-17 16:44 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-08-17 16:44 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-08-17 16:44 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2010-08-26 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2010-08-26 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-25_14.36.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-30 11:04 . 2010-08-30 11:04 16384 c:\windows\Temp\Perflib_Perfdata_b6c.dat
+ 2010-08-30 19:29 . 2010-08-30 19:29 16384 c:\windows\Temp\Perflib_Perfdata_b38.dat
- 2010-06-11 18:35 . 2010-06-11 18:35 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-14 07:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2008-04-14 07:00 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
+ 2010-06-11 18:35 . 2010-08-29 22:28 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-06-11 18:35 . 2010-06-11 18:35 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-06-11 18:35 . 2010-08-29 22:28 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:59 153184 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetMeter"="c:\program files\HooTech\NetMeter\HooNetMeter.exe" [2008-12-05 577536]
"Gadwin PrintScreen Pro"="c:\program files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WUSB54GPv4"="c:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AccuMark Startup Manager.lnk - c:\program files\Common Files\Gerber Technology\acmkmgr.exe [2007-5-24 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-09-04 12:16 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-05-14 13:48 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 14:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 14:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-07-21 16:32 87336 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [02/08/2010 12:16 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [02/08/2010 12:16 188168]
R1 67304221;67304221;c:\windows\system32\drivers\67304221.sys [24/08/2010 11:49 128016]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [02/08/2010 12:17 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/08/2010 12:17 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/08/2010 12:17 165456]
R1 setup_9.0.0.722_23.08.2010_03-48drv;setup_9.0.0.722_23.08.2010_03-48drv;c:\windows\system32\drivers\6730422.sys [24/08/2010 11:49 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/08/2010 12:17 17744]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [02/08/2010 12:16 119200]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [31/12/2008 11:34 60928]
R2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [31/12/2008 11:34 20992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
R2 WUSB54GPv4SVC;WUSB54GPv4SVC;c:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe [12/04/2010 10:57 41025]
S0 67304222;67304222 Boot Guard Driver;c:\windows\system32\DRIVERS\67304222.sys --> c:\windows\system32\DRIVERS\67304222.sys [?]
S0 cerc6;cerc6; [x]
S1 anf0100.sys;anf0100.sys;\??\c:\windows\system32\drivers\anf0100.sys --> c:\windows\system32\drivers\anf0100.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2010 17:38 135664]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [06/06/2010 14:09 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [06/06/2010 14:09 8456]
S3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [08/07/2010 19:07 24448]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 10:25 30969208]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [14/11/2007 20:40 34448]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder

2010-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:38]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: {25DBCD76-5389-49D3-9105-8143B83B7ABD} = 192.168.5.1,192.168.5.2
TCP: {5DCD2949-AB0B-46A4-B485-088C96A91502} = 192.168.5.1,192.168.5.2
TCP: {85C70598-6A88-4C5A-A48D-24B0E46FAF36} = 192.168.5.1,192.168.5.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://blogtv.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 20:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3072)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-30 20:36:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-30 19:36
ComboFix2.txt 2010-08-30 12:16
ComboFix3.txt 2010-08-25 21:04
ComboFix4.txt 2010-08-25 14:40

Pre-Run: 5,990,191,104 bytes free
Post-Run: 5,844,774,912 bytes free

- - End Of File - - 1C1468982C250BC0B866962498C8CB70

The computer is good as new and looks like theres no viruses or nothing, no problems.

One thing about videos, When I play videos on youtube or something my computer gets hot and mozilla firefox takes up about 40 cpus, I don't know what it may be, but it could be that I only have 96 VRAM and 1.2GB RAM