Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

after trying to fix bsod I've now got XPsercurity 2011 virsus


  • This topic is locked This topic is locked

#1
merlejane

merlejane

    Member

  • Member
  • PipPip
  • 10 posts
Hi
I cant start my computer normally only in safe mode I've run Bullguard and adaware and Malwarebytes but nothing had worked. The error I get is Atapi-sys-addressF74CA59D base at F74C0000, Datestamp 41107b4d I hope you can help me. Thsnk you


OTL logfile created on: 30/06/2011 13:55:20 - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Documents and Settings\Merlr Morgan-Oxford\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 36.73% Memory free
7.85 Gb Paging File | 6.72 Gb Available in Paging File | 85.65% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 97.71 Gb Free Space | 20.98% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1016.89 Gb Free Space | 72.78% Space Free | Partition Type: NTFS
Drive F: | 94.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MERLES-PC | User Name: Merlr Morgan-Oxford | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
PRC - [2011/06/20 22:07:55 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/20 13:54:03 | 000,288,088 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
PRC - [2011/06/03 15:08:48 | 001,620,824 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
PRC - [2011/05/23 20:07:37 | 000,320,344 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
PRC - [2011/03/09 22:49:22 | 000,015,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Silverlight\4.0.60310.0\agcp.exe
PRC - [2011/01/27 08:57:52 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\PowerSuite\powersuite.exe
PRC - [2011/01/21 16:06:36 | 000,056,168 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
PRC - [2011/01/21 13:57:10 | 000,323,432 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\driverscanner.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
MOD - [2011/05/23 20:12:14 | 000,036,696 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll
MOD - [2011/01/11 10:59:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/20 22:07:55 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2011/06/20 16:38:15 | 000,019,456 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe -- (nvUpdService)
SRV - [2011/06/20 13:54:03 | 000,288,088 | ---- | M] (BullGuard Ltd.) [On_Demand | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2011/06/20 13:54:00 | 000,337,240 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV - [2011/06/20 13:53:57 | 000,195,928 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2011/06/20 13:53:56 | 000,322,392 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/23 20:12:35 | 000,125,784 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe -- (BgRaSvc)
SRV - [2011/05/23 20:12:35 | 000,067,928 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV - [2011/05/23 20:12:04 | 000,500,056 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV - [2011/05/23 20:10:47 | 000,186,712 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2011/05/23 20:07:37 | 000,320,344 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2011/05/01 15:19:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/14 11:59:26 | 003,043,328 | ---- | M] (nurago GmbH) [Auto | Stopped] -- C:\Program Files\WebViewLSPService\WebViewLSPService.exe -- (WebViewLSPService)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/02/23 13:20:24 | 000,176,128 | ---- | M] () [Auto | Stopped] -- C:\Program Files\WebView\WebView-Updater.exe -- (WebView-Update-Service)
SRV - [2009/02/23 13:20:24 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\WebView\WebView-Reporting.exe -- (WebView-Reporting-Service)
SRV - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/10/21 11:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/09/09 23:36:05 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2008/09/09 23:26:41 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2008/09/09 23:26:41 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2008/09/09 23:26:40 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2008/09/09 23:26:39 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/12 08:44:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2011/05/03 13:50:41 | 000,789,448 | ---- | M] (NovaShield, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV - [2011/05/03 13:50:41 | 000,019,272 | ---- | M] (NovaShield, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV - [2011/05/01 17:13:55 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2011/05/01 17:13:29 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011/05/01 16:58:35 | 000,321,280 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2011/05/01 16:58:19 | 000,013,440 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2011/05/01 16:57:57 | 000,215,168 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2011/05/01 16:57:57 | 000,012,288 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2011/05/01 15:15:50 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2011/05/01 15:15:50 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2011/05/01 15:15:50 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2011/05/01 15:15:50 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2011/05/01 15:15:50 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2011/05/01 15:15:49 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2011/05/01 15:15:49 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2011/05/01 15:15:49 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2011/05/01 15:15:49 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2011/05/01 15:15:49 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2011/05/01 15:15:49 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2011/05/01 15:15:49 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2011/05/01 15:15:49 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2011/05/01 15:15:48 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2011/05/01 15:15:48 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2011/05/01 15:13:42 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2011/05/01 15:13:42 | 000,045,696 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2011/04/12 13:08:54 | 000,064,608 | ---- | M] (BullGuard Ltd.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2011/03/04 09:51:27 | 000,304,712 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2011/01/28 07:17:54 | 000,267,624 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AfwCore.sys -- (afwcore)
DRV - [2011/01/28 07:17:50 | 000,034,280 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Afw.sys -- (afw)
DRV - [2010/12/31 22:24:14 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/12/01 20:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/08/27 05:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/08/27 05:32:08 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2010/08/27 05:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/08/27 05:32:08 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/08/27 05:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/08/02 16:01:47 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/07/21 09:00:00 | 000,020,352 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/12/04 10:59:52 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\Antirootkit\profos.sys -- (Profos)
DRV - [2009/07/21 17:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/21 14:51:07 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/03/21 14:50:59 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/03/21 14:50:59 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/03/21 14:50:49 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/02/17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/24 07:59:14 | 000,054,272 | ---- | M] (DAVICOM Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dm9usb.sys -- (DM9USB)
DRV - [2008/09/22 11:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2008/07/28 18:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/04 14:47:46 | 000,026,368 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\optovcm.sys -- (optovcm)
DRV - [2008/04/04 14:47:46 | 000,018,432 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\optousb.sys -- (optousb)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/20 02:03:00 | 000,227,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0270Dev.sys -- (VF0270Dev)
DRV - [2007/08/15 08:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/05/09 09:36:18 | 000,434,176 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinAVS.sys -- (PinnacleMarvinAVS)
DRV - [2007/04/11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/03/30 01:44:48 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/03/30 01:44:48 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/03/30 01:44:48 | 000,032,352 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2007/03/05 19:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0270Vfx.sys -- (VF0270Vfx)
DRV - [2007/02/05 11:15:26 | 000,018,432 | ---- | M] (NewSoft Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Achernar.sys -- (Achernar)
DRV - [2007/01/29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2007/01/12 16:55:24 | 000,022,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/06/07 16:28:40 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/06/07 16:28:20 | 000,149,028 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/06/07 16:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/06/07 16:23:20 | 000,047,811 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2005/11/22 00:49:40 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/10/22 07:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/22 07:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/22 07:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/22 07:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/08/04 08:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 07:10:12 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files\Elf_1\prxtbElf2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\WebView\ [2010/08/04 07:36:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\[email protected]\ [2011/05/11 17:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/06 11:02:45 | 000,000,000 | ---D | M]

[2009/05/28 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Mozilla\Extensions
[2009/05/28 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Mozilla\Extensions\[email protected]
[2009/12/11 17:42:54 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/06/23 21:51:04 | 000,000,916 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 184.95.59.211 www.google.com
O1 - Hosts: 184.95.59.212 search.yahoo.com
O1 - Hosts: 184.95.59.212 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files\Elf_1\prxtbElf2.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh\iMeshIEHelper.dll ()
O2 - BHO: (WebView) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (nurago GmbH)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\dca-bho.dll (Compete, Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files\Elf_1\prxtbElf2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1 Toolbar) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Program Files\Elf_1\prxtbElf2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BullGuard] c:\program files\bullguard ltd\bullguard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
O4 - HKCU..\Run: [PowerSuite] C:\Program Files\Uniblue\PowerSuite\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10s_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GetRight.lnk = C:\Program Files\GetRight\GetRight.exe (Headlight Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Merlr Morgan-Oxford\Start Menu\Programs\Startup\Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra 'Tools' menuitem : About WebView - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (nurago GmbH)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} http://www.shopandsc.../TNSClicker.CAB (TNSClicker.Clicker)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.n...E_5.3.0.228.cab (Cult3D ActiveX Player)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.5.cab (DLM Control)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1221301042406 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1221301033546 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandsc.../TNSClickrc.CAB (TNSClickerc.Clicker)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/x-icq {db40c160-09a1-11d3-baf2-000000000000} - C:\Program Files\ICQ\IExplorerMime.dll ()
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAg c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - File not found
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\bullguard ltd\bullguard\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\WINDOWS\System32\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/12 16:01:47 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/09/29 21:29:56 | 000,000,047 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0b838393-73e8-11de-b7fc-0019665cd62a}\Shell\AutoRun\command - "" = O:\InstallTomTomHOME.exe
O33 - MountPoints2\{de89c6cf-be2d-11df-bbdb-0019665cd62a}\Shell - "" = AutoRun
O33 - MountPoints2\{de89c6cf-be2d-11df-bbdb-0019665cd62a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de89c6cf-be2d-11df-bbdb-0019665cd62a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://go.divx.com/p...09/transformers
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\StartCD.exe -- [2003/05/27 19:51:02 | 000,245,832 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk /r \??\O:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/30 13:54:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
[2011/06/25 11:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeamViewer
[2011/06/25 11:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TeamViewer 6
[2011/06/25 11:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/06/24 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/24 09:04:59 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/06/22 14:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
[2011/06/20 13:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\LightScribe Diagnostic Utility
[2011/06/10 19:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ebay purchases
[2011/05/01 15:15:45 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2011/05/01 15:15:37 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2011/03/03 21:20:52 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\log4cxx.dll
[2008/06/01 13:40:11 | 107,505,240 | ---- | C] (Acronis) -- C:\Program Files\TrueImage10.0_s_en.exe
[2008/06/01 13:39:55 | 107,505,240 | ---- | C] (Acronis) -- C:\Program Files\TrueImage10.0.4942_s_en.exe
[2008/06/01 13:39:48 | 001,069,935 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\RegCure_Setup_15_RW.exe
[2008/06/01 13:39:41 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2008/06/01 13:39:31 | 023,405,072 | ---- | C] ( ) -- C:\Program Files\AdbeRdr811_en_US.exe
[2002/01/14 18:30:34 | 021,823,560 | ---- | C] (Microsoft) -- C:\Program Files\dotnetfx.exe
[44 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4135 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/30 13:55:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
[2011/06/30 13:48:23 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/30 13:41:56 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Express Burn Disc Burning Software.lnk
[2011/06/30 13:27:59 | 000,512,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/30 13:27:59 | 000,099,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/30 13:08:17 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Microsoft Office Outlook 2007.lnk
[2011/06/30 13:07:58 | 000,608,373 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Unbootable system tutorial - Geeks to Go Forums.mht
[2011/06/30 13:06:58 | 000,123,823 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\How to Set BIOS to Boot from CDROM - www_hiren_info.mht
[2011/06/30 11:06:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/30 10:53:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/30 10:11:49 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 10:11:49 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/06/30 10:11:49 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-343818398-682003330-1004.job
[2011/06/25 11:46:47 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TeamViewer 6.lnk
[2011/06/25 09:11:22 | 000,151,552 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/24 15:00:30 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/24 15:00:30 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/24 14:54:02 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/06/24 14:54:01 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/06/24 14:54:01 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/06/24 14:54:01 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/06/24 14:54:01 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/06/24 14:53:29 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000006-00001102-00000004-00511102}.CDF
[2011/06/24 14:53:29 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000006-00001102-00000004-00511102}.BAK
[2011/06/24 09:38:31 | 000,003,151 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/24 09:28:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/06/24 08:48:54 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-343818398-682003330-1004.job
[2011/06/24 08:38:36 | 010,145,792 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ad-Aware90Install.msi
[2011/06/24 00:33:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/06/23 18:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/06/23 17:21:44 | 002,666,306 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Quick Scan#20110623172143000000000.bglog
[2011/06/23 16:59:10 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Shortcut to Local Disk ©.lnk
[2011/06/22 14:59:40 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/06/22 13:54:15 | 021,022,914 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\vlc-1.1.10-win32.exe
[2011/06/21 22:35:45 | 000,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2011/06/20 14:56:44 | 000,112,548 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Thank You at SewAlong.mht
[2011/06/20 13:47:45 | 000,475,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/20 08:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/18 14:29:20 | 000,029,038 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The_Mentalist_S03E24_Strawberries_and_Cream_Part_2_HDTV_XviD_LOL_VTV_avi-[Fenopy.eu].torrent
[2011/06/18 14:27:47 | 000,018,925 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The.Mentalist.S03E24.Strawberries.and.Cream.HDTV.XviD-2HD.torrent
[2011/06/18 06:50:50 | 000,019,457 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\11062555126C.jpg
[2011/06/18 02:06:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/06/16 03:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/06/06 13:27:29 | 000,059,065 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\THE_WALKING_DEAD_SEASON_1_2010_1080p_BluRay_QEBS_AAC-FASM.6299677.TPB.torrent
[2011/06/06 11:03:06 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2011/06/06 11:01:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/06/02 18:50:41 | 001,444,828 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\corp card.JPG
[2011/06/02 09:36:12 | 000,504,826 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\data pro1.JPG
[2011/06/02 09:35:48 | 001,610,151 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\card app1.JPG
[2011/06/02 09:35:25 | 001,631,720 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\card details1.JPG
[2011/06/02 09:28:34 | 009,487,916 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\card details.tif
[2011/06/02 09:17:30 | 000,337,685 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\data pro.jpg
[2011/06/02 09:16:32 | 000,994,212 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\card app.jpg
[44 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4135 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/30 13:48:23 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/30 13:41:56 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/06/30 13:41:56 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Express Burn Disc Burning Software.lnk
[2011/06/30 13:07:58 | 000,608,373 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Unbootable system tutorial - Geeks to Go Forums.mht
[2011/06/30 13:06:57 | 000,123,823 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\How to Set BIOS to Boot from CDROM - www_hiren_info.mht
[2011/06/25 11:46:47 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TeamViewer 6.lnk
[2011/06/24 09:38:05 | 000,003,151 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/24 09:05:10 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/06/24 09:05:02 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/06/24 09:04:37 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/06/24 09:04:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/06/24 09:04:30 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/06/24 09:04:29 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2011/06/24 08:24:46 | 010,145,792 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ad-Aware90Install.msi
[2011/06/23 17:24:37 | 002,666,306 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Quick Scan#20110623172143000000000.bglog
[2011/06/23 16:59:10 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Shortcut to Local Disk ©.lnk
[2011/06/22 14:59:40 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/06/20 14:56:34 | 000,112,548 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Thank You at SewAlong.mht
[2011/06/18 14:29:18 | 000,029,038 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The_Mentalist_S03E24_Strawberries_and_Cream_Part_2_HDTV_XviD_LOL_VTV_avi-[Fenopy.eu].torrent
[2011/06/18 14:27:41 | 000,018,925 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The.Mentalist.S03E24.Strawberries.and.Cream.HDTV.XviD-2HD.torrent
[2011/06/18 07:26:58 | 000,019,457 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\11062555126C.jpg
[2011/06/10 19:58:48 | 021,022,914 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\vlc-1.1.10-win32.exe
[2011/06/06 13:27:25 | 000,059,065 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\THE_WALKING_DEAD_SEASON_1_2010_1080p_BluRay_QEBS_AAC-FASM.6299677.TPB.torrent
[2011/06/06 11:03:06 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2011/06/02 18:50:41 | 001,444,828 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\corp card.JPG
[2011/06/02 09:36:11 | 000,504,826 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\data pro1.JPG
[2011/06/02 09:35:47 | 001,610,151 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\card app1.JPG
[2011/06/02 09:35:24 | 001,631,720 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\card details1.JPG
[2011/06/02 09:28:34 | 009,487,916 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\card details.tif
[2011/06/02 09:17:30 | 000,337,685 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\data pro.jpg
[2011/06/02 09:16:32 | 000,994,212 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\card app.jpg
[2011/05/01 15:15:47 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2011/05/01 15:15:47 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/05/01 15:15:47 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2011/05/01 15:15:47 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2011/05/01 15:15:47 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/05/01 15:15:46 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2011/05/01 15:15:46 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2011/05/01 15:15:46 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/05/01 15:15:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2011/05/01 15:15:45 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/05/01 15:15:45 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2011/05/01 15:15:45 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2011/05/01 15:15:45 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2011/05/01 15:15:45 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2011/05/01 15:15:45 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/05/01 15:15:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2011/03/15 19:47:16 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\ie_runner_app.exe
[2011/03/15 19:47:12 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\common_functions.dll
[2010/09/22 17:35:56 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\WS_ATLMovie.dll
[2010/08/13 12:07:59 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/08/07 11:36:06 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/06/22 08:12:11 | 000,000,186 | ---- | C] () -- C:\WINDOWS\PHOTOHSE.INI
[2010/06/21 19:19:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\XSP2003.INI
[2010/06/21 19:04:58 | 000,000,131 | ---- | C] () -- C:\WINDOWS\XSPROF.INI
[2010/06/14 11:59:26 | 000,002,696 | ---- | C] () -- C:\WINDOWS\System32\WebViewLSPService.ini
[2010/06/14 11:59:26 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\WebViewLSPServiceOff.ini
[2010/05/06 11:06:26 | 000,000,062 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2010/05/03 07:40:04 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/06 17:02:41 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/04/06 17:02:41 | 001,185,359 | ---- | C] () -- C:\WINDOWS\System32\unins001.exe
[2010/04/06 17:02:41 | 000,046,845 | ---- | C] () -- C:\WINDOWS\System32\unins001.dat
[2010/02/17 22:49:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/01/16 10:14:52 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
[2010/01/16 10:14:51 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2010/01/16 10:14:51 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2010/01/16 10:14:51 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010/01/16 10:14:51 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2010/01/16 10:14:51 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2010/01/16 10:14:50 | 000,003,036 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/01/07 17:25:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\AVSMediaPlayer.m3u
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/02 09:51:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/06 18:12:39 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\setup_ldm.iss
[2009/09/11 12:40:20 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/09 10:04:42 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/05/23 07:20:45 | 000,101,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/02 20:16:28 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/04/02 20:16:28 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/03/21 14:35:32 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/03/18 16:19:51 | 000,000,111 | ---- | C] () -- C:\WINDOWS\SCORE.INI
[2009/02/26 04:11:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/02/16 19:18:06 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2009/02/16 19:16:12 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/02/15 17:58:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/01/11 15:25:07 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2009/01/11 15:25:07 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2009/01/11 15:25:07 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2009/01/02 12:30:30 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008/12/28 17:59:44 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/28 16:51:00 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/28 16:50:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/12/28 16:49:08 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/12 17:57:38 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/12/10 18:53:56 | 000,038,489 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Microsoft Excel 97-2003.ADR
[2008/12/09 19:57:26 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/12/09 19:57:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/12/09 19:57:02 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/12/09 19:56:42 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/12/09 19:56:34 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/12/09 19:56:22 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/12/08 14:37:04 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/08 14:34:42 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/08 13:53:40 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/06 20:00:27 | 001,466,969 | ---- | C] () -- C:\Program Files\88x_2_122_26109_WHQL.zip
[2008/12/06 08:43:56 | 000,029,561 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/06 08:43:35 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/12/06 08:42:57 | 000,000,628 | ---- | C] () -- C:\Program Files\WinTV Radio.lnk
[2008/12/06 08:42:46 | 000,000,650 | ---- | C] () -- C:\Program Files\WinTV2000.lnk
[2008/12/06 08:41:15 | 000,002,032 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/12/05 16:59:41 | 000,256,222 | ---- | C] () -- C:\Program Files\dotnetfx_cleanup_tool.zip
[2008/12/03 18:20:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2008/11/26 20:55:22 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/11/26 19:49:10 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/10/15 08:14:59 | 000,001,732 | ---- | C] () -- C:\Program Files\WinZip.lnk
[2008/10/12 16:10:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\rx_image.Cache
[2008/10/12 16:10:28 | 000,577,592 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\rx_audio.Cache
[2008/09/19 06:40:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/09/15 18:22:08 | 000,000,287 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2008/09/14 18:42:54 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ICQAL.dll
[2008/09/14 18:42:54 | 000,126,704 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/09/14 18:42:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\icqsock.dll
[2008/09/14 18:42:54 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\icquiex.dll
[2008/09/14 18:42:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\ICQMAPI.dll
[2008/09/14 18:42:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\icqcprt.dll
[2008/09/14 18:42:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/09/14 18:42:54 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\icqwcom.dll
[2008/09/14 18:42:54 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\icqwutl.dll
[2008/09/14 18:42:54 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\icqcutl.dll
[2008/09/14 18:42:54 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\ICQWSock16.dll
[2008/09/14 17:26:48 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/14 14:15:56 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/14 12:35:32 | 000,000,206 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2008/09/14 12:12:03 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2008/09/14 12:09:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\NSM4AEnc.dll
[2008/09/14 12:09:07 | 000,671,859 | ---- | C] () -- C:\WINDOWS\System32\NSEncore.dll
[2008/09/14 08:48:33 | 000,000,448 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/14 08:21:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\printhse.ini
[2008/09/14 08:21:29 | 000,000,056 | ---- | C] () -- C:\WINDOWS\country.ini
[2008/09/13 23:22:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2008/09/13 22:02:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\$_hpcst$.hpc
[2008/09/13 21:51:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CompanionApp.INI
[2008/09/13 20:16:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/13 15:15:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2008/09/13 14:37:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\LDLog.INI
[2008/09/13 14:36:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/13 14:28:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/09/13 14:05:10 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/09/13 14:04:47 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/09/13 14:04:45 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/09/13 14:04:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/09/13 14:04:42 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/09/13 13:25:15 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2008/09/13 13:25:14 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2008/09/13 13:17:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/09/13 13:02:56 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/09/13 13:02:52 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/09/13 11:40:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/13 11:39:20 | 000,475,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/13 11:08:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/13 11:04:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/09 23:36:57 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to setup.lnk
[2008/08/28 15:41:37 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2008/07/28 22:20:00 | 000,012,382 | ---- | C] () -- C:\Program Files\Common Files\lahozevi.dl
[2008/07/09 09:05:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2008/06/15 10:27:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/06/01 13:40:52 | 003,351,552 | ---- | C] () -- C:\Program Files\VersionTracker_Pro_Windows_4_0.msi
[2008/06/01 13:39:37 | 000,881,488 | ---- | C] () -- C:\Program Files\Google Updater.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/29 16:42:22 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 16:42:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/03/29 16:42:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 16:42:08 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 16:42:04 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 16:42:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 16:42:02 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2008/03/29 16:42:02 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 16:42:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 16:42:00 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2008/03/29 16:41:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2008/03/29 16:41:54 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 16:41:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/03/29 16:41:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/22 05:16:14 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2007/12/22 05:16:04 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/12/22 05:15:02 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2007/12/22 04:37:44 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/06/28 19:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/27 16:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/08/11 15:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/06/07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/01 14:05:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/11/10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/11/10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/11/10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/04 08:56:42 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 08:56:42 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 08:56:42 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 08:56:42 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 08:56:42 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/03/31 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 13:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2003/03/31 13:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/03/31 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 13:00:00 | 000,512,666 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(3).dll
[2003/03/31 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(2).dll
[2003/03/31 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 13:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_006086_.tmp.dll
[2003/03/31 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 13:00:00 | 000,099,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 13:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_006054_.tmp.dll
[2003/03/31 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll
[2003/03/31 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/03/31 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/23 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/03/21 15:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2009/08/30 13:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund
[2011/06/30 11:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BullGuard
[2011/05/23 16:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\C2E
[2009/05/13 06:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Documents
[2009/01/14 12:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2010/06/22 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DP Software
[2010/08/18 19:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Whiz
[2009/09/26 09:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
[2011/05/01 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2009/02/24 09:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Entriq
[2010/04/24 22:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Karen's Power Tools
[2011/06/25 08:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
[2011/06/30 13:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2009/01/14 12:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2008/09/13 21:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Philips
[2009/06/21 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2009/06/21 22:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio Plus
[2010/08/12 16:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RapidSolution
[2011/03/18 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2009/11/28 09:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sky
[2008/09/14 12:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
[2009/06/21 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Studio 12
[2010/09/22 17:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/07/01 10:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2010/09/22 17:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneClone
[2009/04/01 07:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2010/09/22 17:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\xml_param
[2011/05/01 12:02:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{83FC5D7A-8875-4931-80D6-1E3AC725D336}
[2011/05/01 12:01:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8EE64AC9-4067-4544-96FA-A1719B301ABF}
[2010/07/09 08:37:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
[2009/12/12 09:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/09/15 08:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/06/30 10:40:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/03/21 16:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Acronis
[2009/03/13 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Amazon
[2009/03/19 10:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Anthropics
[2009/08/30 13:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Broderbund
[2011/01/31 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\BullGuard
[2009/09/26 09:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\CBS Interactive
[2009/11/22 15:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/14 12:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\DriverCure
[2011/06/25 22:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\GetRight
[2010/12/17 15:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Graboid Inc
[2010/05/11 12:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Gygan
[2011/06/03 17:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\iMeshMediabarTb
[2008/09/13 14:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\InterTrust
[2010/08/13 12:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Megaupload
[2010/08/12 17:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\NCH Swift Sound
[2010/09/04 08:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Neo-Modus.com
[2011/06/20 14:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\PriceGong
[2009/05/29 08:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\RapidGet
[2011/01/02 10:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Samsung
[2009/01/04 22:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Search Settings
[2011/06/02 20:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\shrink_pic
[2011/01/31 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Software Inspection Library
[2010/05/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\SoundMaven
[2009/05/06 16:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\SuperNZB
[2009/01/11 15:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Systweak
[2011/06/25 11:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeamViewer
[2011/06/30 13:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeraCopy
[2009/02/17 20:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\tmp
[2009/05/28 17:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TomTom
[2011/05/01 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Uniblue
[2011/06/30 10:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\uTorrent
[2008/12/04 08:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\VersionTracker Pro
[2008/09/18 17:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Windows Desktop Search
[2008/09/18 20:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Windows Search
[2011/06/20 08:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/18 02:06:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/06/30 13:48:23 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2011/06/23 18:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/06/24 00:33:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2011/06/30 10:11:49 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011/06/16 03:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010/10/06 17:13:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2010/10/07 17:56:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\WINDOWS:07E5F864923CA059
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\Sissor Sisters - TA-DAH.jwl:Roxio EMC Stream
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:014E691E
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5751F188

< End of report >

Attached Files


Edited by michaelg9, 02 July 2011 - 03:29 PM.

  • 0

Advertisements


#2
merlejane

merlejane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I started a topic on 30th because I have bsod and reading your boards I tried all your fixes for it but in the process I've somehow got the above virsus so now I cant do anything!!!!!! cant open progammes, nothing! if I didnt have my work laptop I'd be completly lost please please plwase help me!
  • 0

#3
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi :)
:unsure: . My name is Michael and I am here to help you fix your computer. :yes:

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

Sorry for the late reply.


There should be a log named Extras.txt on your Desktop, please post that here too :)




Next:



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



Next:



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2011/06/20 16:38:15 | 000,019,456 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe -- (nvUpdService)
    IE - HKCU\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files\Elf_1\prxtbElf2.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
    O1 - Hosts: 184.95.59.211 www.google.com
    O1 - Hosts: 184.95.59.212 search.yahoo.com
    O1 - Hosts: 184.95.59.212 www.bing.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files\Elf_1\prxtbElf2.dll (Conduit Ltd.)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\dca-bho.dll (Compete, Inc.)
    O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
    O3 - HKLM\..\Toolbar: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files\Elf_1\prxtbElf2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1 Toolbar) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Program Files\Elf_1\prxtbElf2.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    [2011/05/01 15:15:45 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
    [44 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [4135 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    @Alternate Data Stream - 96 bytes -> C:\WINDOWS:07E5F864923CA059
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\Sissor Sisters - TA-DAH.jwl:Roxio EMC Stream
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B174FAE
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:014E691E
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5751F188

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#4
merlejane

merlejane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I cant uninstall bullgusrd or adaware it says my unistaller is not running as I'm in safe mode I have exited them but combofix can stillsee them any ideas what I should do?
  • 0

#5
merlejane

merlejane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi
Here is the combo fix report
ComboFix 11-07-02.03 - Merlr Morgan-Oxford 03/07/2011 9:10.4.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1306 [GMT 1:00]
Running from: c:\documents and settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Merlr Morgan-Oxford\Application Data\PriceGong
c:\documents and settings\Merlr Morgan-Oxford\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Merlr Morgan-Oxford\Application Data\PriceGong\Data\mru.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-06-30 14:50 . 2011-06-30 14:50 -------- dc----w- C:\_OTL
2011-06-30 09:49 . 2011-06-30 09:49 -------- d-----w- c:\documents and settings\Administrator.MERLES-PC\Application Data\Software Inspection Library
2011-06-25 10:47 . 2011-06-25 10:47 -------- d-----w- c:\documents and settings\Merlr Morgan-Oxford\Application Data\TeamViewer
2011-06-25 10:46 . 2011-06-25 10:46 -------- d-----w- c:\program files\TeamViewer
2011-06-24 15:08 . 2011-06-30 09:49 -------- d-----w- c:\documents and settings\Administrator.MERLES-PC\Application Data\BullGuard
2011-06-24 08:14 . 2008-04-14 04:41 30208 -c--a-w- c:\windows\system32\SET1DA4.tmp
2011-06-24 08:14 . 2008-04-14 04:41 1689088 -c--a-w- c:\windows\system32\SET1DA0.tmp
2011-06-24 08:14 . 2008-04-14 04:41 16896 -c--a-w- c:\windows\system32\SET1D86.tmp
2011-06-24 08:14 . 2008-04-14 04:40 177152 -c----w- c:\windows\system32\SET1D5B.tmp
2011-06-24 08:14 . 2008-04-14 04:42 13824 -c--a-w- c:\windows\system32\SET1D27.tmp
2011-06-24 08:14 . 2008-04-14 04:42 80896 -c--a-w- c:\windows\system32\SET1D26.tmp
2011-06-24 08:14 . 2008-04-14 04:42 354304 -c----w- c:\windows\system32\SET1D2B.tmp
2011-06-24 08:14 . 2008-04-14 04:42 6656 -c--a-w- c:\windows\system32\SET1D21.tmp
2011-06-24 08:14 . 2008-04-14 04:42 121856 -c--a-w- c:\windows\system32\SET1D20.tmp
2011-06-24 08:14 . 2008-04-14 04:42 108032 -c--a-w- c:\windows\system32\SET1D24.tmp
2011-06-24 08:14 . 2008-04-13 22:09 438784 -c--a-w- c:\windows\system32\SET1D1D.tmp
2011-06-24 08:10 . 2008-04-14 04:41 58368 -c--a-w- c:\windows\system32\SET128F.tmp
2011-06-24 08:09 . 2008-04-14 04:42 171008 -c--a-w- c:\windows\system32\SETEDE.tmp
2011-06-24 08:08 . 2006-12-28 23:31 19569 -c--a-w- c:\windows\003667_.tmp
2011-06-24 08:04 . 2010-02-16 13:19 2181376 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-06-23 07:12 . 2011-06-24 14:12 94208 ----a-w- c:\windows\DUMP6513.tmp
2011-06-22 12:57 . 2011-06-22 12:57 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Temp
2011-06-22 12:57 . 2011-06-22 12:57 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Adobe
2011-06-20 15:38 . 2011-06-20 15:38 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\NVIDIA Corporation
2011-06-20 12:43 . 2011-06-20 12:43 -------- dc----w- c:\windows\system32\wbem\Repository
2011-06-20 12:41 . 2011-06-20 12:41 -------- d-----w- c:\program files\LightScribe Diagnostic Utility
2011-06-20 09:43 . 2011-06-20 09:43 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\IECompatCache
2011-06-20 08:58 . 2011-06-20 08:58 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-08 16:30 . 2011-05-19 14:52 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 07:44 . 2006-06-07 15:29 37160 -c----w- c:\windows\system32\drivers\btport.sys
2011-05-04 03:52 . 2010-05-09 07:20 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-05-04 01:25 . 2008-09-14 12:11 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-05-01 16:16 . 2011-05-01 16:16 67568 -c--a-w- c:\windows\system32\drivers\usbhub20.sys
2011-05-01 16:13 . 2006-06-07 21:06 533152 -c----w- c:\windows\system32\drivers\btaudio.sys
2011-05-01 16:13 . 2006-06-07 15:33 991264 -c----w- c:\windows\system32\drivers\btkrnl.sys
2011-05-01 15:58 . 2008-09-13 14:16 321280 -c----w- c:\windows\system32\drivers\hcw88tse.sys
2011-05-01 15:58 . 2008-09-13 14:16 134144 -c--a-w- c:\windows\system32\drivers\hcw88prx.ax
2011-05-01 15:58 . 2008-09-13 14:16 13440 -c--a-w- c:\windows\system32\drivers\hcw88aud.sys
2011-05-01 15:57 . 2008-12-06 19:01 96256 -c--a-w- c:\windows\system32\hcwcp.ax
2011-05-01 15:57 . 2008-12-06 19:01 139264 -c--a-w- c:\windows\system32\hcwecppp.ax
2011-05-01 15:57 . 2008-09-13 14:15 40960 -c----w- c:\windows\system32\hcwxds.dll
2011-05-01 15:57 . 2008-09-13 14:15 396672 -c----w- c:\windows\system32\drivers\hcw88vid.sys
2011-05-01 15:57 . 2008-09-13 14:17 215168 -c----w- c:\windows\system32\drivers\hcw88bda.sys
2011-05-01 15:57 . 2008-09-13 14:15 9539 -c--a-w- c:\windows\system32\drivers\hcw88r9x.sys
2011-05-01 15:57 . 2008-09-13 14:15 77056 -c----w- c:\windows\system32\drivers\hcw88tun.sys
2011-05-01 15:57 . 2008-09-13 14:15 17920 -c----w- c:\windows\system32\drivers\hcw88bar.sys
2011-05-01 15:57 . 2008-09-13 14:15 12288 -c----w- c:\windows\system32\drivers\hcw88rc5.sys
2011-05-01 14:17 . 2008-09-13 12:55 444952 -c--a-w- c:\windows\system32\wrap_oal.dll
2011-05-01 14:17 . 2001-07-11 10:51 109080 -c--a-w- c:\windows\system32\OpenAL32.dll
2011-05-01 14:15 . 2011-05-01 14:15 92696 -c--a-w- c:\windows\system32\drivers\emupia2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 798744 -c----w- c:\windows\system32\drivers\ha10kx2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 189464 -c----w- c:\windows\system32\drivers\haP17v2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 162840 -c----w- c:\windows\system32\drivers\haP16v2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 157208 -c--a-w- c:\windows\system32\drivers\ctsfm2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 566296 -c----w- c:\windows\system32\drivers\CTSBLFX.sys
2011-05-01 14:15 . 2011-05-01 14:15 555032 -c----w- c:\windows\system32\drivers\CTAUDFX.sys
2011-05-01 14:15 . 2011-05-01 14:15 528408 -c--a-w- c:\windows\system32\drivers\ctaud2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 511000 -c----w- c:\windows\system32\drivers\ctac32k.sys
2011-05-01 14:15 . 2011-05-01 14:15 347080 -c--a-w- c:\windows\system32\drivers\ctdvda2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 18840 -c--a-w- c:\windows\system32\drivers\CTGAME.SYS
2011-05-01 14:15 . 2011-05-01 14:15 14360 -c--a-w- c:\windows\system32\drivers\ctprxy2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 1396120 -c--a-w- c:\windows\system32\drivers\CTMMFILT.SYS
2011-05-01 14:15 . 2011-05-01 14:15 127512 -c--a-w- c:\windows\system32\drivers\ctoss2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 100888 -c----w- c:\windows\system32\drivers\CTERFXFX.sys
2011-05-01 14:15 . 2011-05-01 14:15 99352 -c----w- c:\windows\system32\drivers\COMMONFX.sys
2011-05-01 14:15 . 2011-05-01 14:15 15896 -c--a-w- c:\windows\system32\drivers\pfmodnt.sys
2011-05-01 14:15 . 2011-05-01 14:15 1366424 -c--a-w- c:\windows\system32\drivers\CT0531FL.SYS
2011-05-01 14:15 . 2011-05-01 14:15 121856 -c--a-w- c:\windows\system32\ctsfinst.dll
2011-05-01 14:15 . 2006-08-11 14:57 182272 -c--a-w- c:\windows\system32\ctdvinst.dll
2011-05-01 14:15 . 2006-08-11 14:57 86528 -c--a-w- c:\windows\system32\ctcoinst.dll
2011-05-01 14:15 . 2011-05-01 14:15 51787 -c--a-w- c:\windows\system32\SET51.tmp
2011-05-01 14:15 . 2011-05-01 14:15 386852 -c--a-w- c:\windows\system32\SET54.tmp
2011-05-01 14:15 . 2011-05-01 14:15 9216 -c--a-w- c:\windows\system32\ctpres.dll
2011-05-01 14:15 . 2011-05-01 14:15 9216 -c--a-w- c:\windows\CTPRES.DLL
2011-05-01 14:15 . 2011-05-01 14:15 87712 -c--a-w- c:\windows\system32\ctpxst32.exe
2011-05-01 14:15 . 2011-05-01 14:15 77824 -c--a-w- c:\windows\system32\ctmmactl.dll
2011-05-01 14:15 . 2011-05-01 14:15 69632 -c--a-w- c:\windows\system32\ctosuser.dll
2011-05-01 14:15 . 2011-05-01 14:15 64512 -c----w- c:\windows\system32\piaproxy.dll
2011-05-01 14:15 . 2011-05-01 14:15 6144 -c--a-w- c:\windows\system32\sfman32.dll
2011-05-01 14:15 . 2011-05-01 14:15 5120 -c--a-w- c:\windows\system32\enlocstr.exe
2011-05-01 14:15 . 2011-05-01 14:15 49152 -c----w- c:\windows\system32\ctdproxy.dll
2011-05-01 14:15 . 2011-05-01 14:15 47104 -c--a-w- c:\windows\system32\udapld32.dll
2011-05-01 14:15 . 2011-05-01 14:15 45568 -c--a-w- c:\windows\system32\ctspkhlp.dll
2011-05-01 14:15 . 2011-05-01 14:15 41472 -c--a-w- c:\windows\system32\ctscal.dll
2011-05-01 14:15 . 2011-05-01 14:15 37888 -c--a-w- c:\windows\system32\psconv.exe
2011-05-01 14:15 . 2011-05-01 14:15 33792 -c--a-w- c:\windows\system32\devreg.dll
2011-05-01 14:15 . 2011-05-01 14:15 330752 -c----w- c:\windows\system32\ctdc0001.dll
2011-05-01 14:15 . 2011-05-01 14:15 32768 -c--a-w- c:\windows\system32\ctthxcal.dll
2011-05-01 14:15 . 2011-05-01 14:15 13312 -c--a-w- c:\windows\system32\regplib.exe
2011-05-01 14:15 . 2011-05-01 14:15 131072 -c--a-w- c:\windows\system32\ctdcifce.dll
2011-05-01 14:15 . 2011-05-01 14:15 12800 -c--a-w- c:\windows\system32\ctmmep.dll
2011-05-01 14:15 . 2011-05-01 14:15 125952 -c--a-w- c:\windows\system32\sfms32.dll
2011-05-01 14:15 . 2011-05-01 14:15 11776 -c--a-w- c:\windows\INRES.DLL
2011-05-01 14:15 . 2011-05-01 14:15 10240 -c--a-w- c:\windows\system32\killapps.exe
2011-05-01 14:15 . 2011-05-01 14:15 10240 -c--a-w- c:\windows\system32\ctdcres.dll
2011-05-01 14:15 . 2011-05-01 14:15 10240 -c----w- c:\windows\CTDCRES.DLL
2011-05-01 14:15 . 2008-06-27 17:27 11776 -c--a-w- c:\windows\system32\inres.dll
2011-05-01 14:15 . 2011-05-01 14:15 8704 -c----w- c:\windows\system32\ctagent.dll
2011-05-01 14:15 . 2011-05-01 14:15 809496 -c--a-w- c:\windows\system32\OALInst.exe
2011-05-01 14:15 . 2011-05-01 14:15 77824 -c--a-w- c:\windows\system32\eaxac3.dll
2011-05-01 14:15 . 2011-05-01 14:15 600217 -c--a-w- c:\windows\system32\UDAAIM32.exe
2011-05-01 14:15 . 2011-05-01 14:15 56832 -c--a-w- c:\windows\system32\CTpcmcia.dll
2011-05-01 14:15 . 2011-05-01 14:15 508928 -c--a-w- c:\windows\system32\UDAAPO32.dll
2011-05-01 14:15 . 2011-05-01 14:15 46592 -c--a-w- c:\windows\system32\ctasio.dll
2011-05-01 14:15 . 2011-05-01 14:15 38400 -c--a-w- c:\windows\system32\readreg.exe
2011-05-01 14:15 . 2011-05-01 14:15 227840 -c----w- c:\windows\system32\ctdc0000.dll
2011-05-01 14:15 . 2011-05-01 14:15 19456 -c----w- c:\windows\system32\CtHelper.exe
2011-05-01 14:15 . 2011-05-01 14:15 176128 -c--a-w- c:\windows\system32\ct_oal.dll
2011-05-01 14:15 . 2011-05-01 14:15 11776 -c--a-w- c:\windows\system32\ac3api.dll
2011-05-01 14:15 . 2011-05-01 14:15 43520 -c--a-w- c:\windows\system32\CTBurst.dll
2011-05-01 14:15 . 2011-05-01 14:15 196096 -c--a-w- c:\windows\system32\ctemupia.dll
2011-05-01 14:15 . 2011-05-01 14:15 10752 -c--a-w- c:\windows\system32\a3d.dll
2011-05-01 14:15 . 2008-05-23 16:18 16534496 -c--a-w- c:\windows\system32\AppSetup.exe
2011-05-01 14:15 . 2006-12-05 14:52 48400 -c--a-w- c:\windows\system32\AddCat.exe
2011-05-01 14:13 . 2011-05-01 14:13 56960 -c--a-w- c:\windows\system32\drivers\ousb2hub.sys
2011-05-01 14:13 . 2011-05-01 14:13 45696 -c--a-w- c:\windows\system32\drivers\ousbehci.sys
2008-09-09 22:38 . 2008-06-01 12:40 3351552 -c--a-w- c:\program files\VersionTracker_Pro_Windows_4_0.msi
2008-09-09 22:38 . 2008-06-01 12:40 107505240 -c--a-w- c:\program files\TrueImage10.0_s_en.exe
2008-09-09 22:38 . 2008-06-01 12:39 107505240 -c--a-w- c:\program files\TrueImage10.0.4942_s_en.exe
2008-09-09 22:35 . 2008-06-01 12:39 1069935 -c--a-w- c:\program files\RegCure_Setup_15_RW.exe
2008-09-09 22:30 . 2008-06-01 12:39 15452536 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2008-09-09 22:29 . 2008-06-01 12:39 881488 -c--a-w- c:\program files\Google Updater.exe
2008-09-09 22:05 . 2008-06-01 12:39 23405072 -c--a-w- c:\program files\AdbeRdr811_en_US.exe
2008-03-09 07:25 . 2010-01-16 09:14 236 -c--a-w- c:\program files\Common Files\dx.reg
2002-01-14 17:30 . 2002-01-14 17:30 21823560 -c--a-w- c:\program files\dotnetfx.exe
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( [email protected]_21.12.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-03 08:07 . 2011-07-03 08:07 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2011-07-03 08:07 . 2011-07-03 08:07 16384 c:\windows\Temp\Perflib_Perfdata_634.dat
+ 2003-03-31 12:00 . 2011-07-03 08:12 99306 c:\windows\system32\perfc009.dat
- 2003-03-31 12:00 . 2011-07-02 20:46 99306 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2011-07-03 08:12 512666 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2011-07-02 20:46 512666 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{22e03916-85c5-44b0-8dc9-1830c11238d9}"= "c:\program files\Elf_1\prxtbElf2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e03916-85c5-44b0-8dc9-1830c11238d9}]
2011-01-17 14:54 175912 ------w- c:\program files\Elf_1\prxtbElf2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-25 22:03 3911776 -c----w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2009-05-04 10:54 398768 -c--a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58 91568 -c--a-w- c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]
"{22e03916-85c5-44b0-8dc9-1830c11238d9}"= "c:\program files\Elf_1\prxtbElf2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2011-01-25 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
.
[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{22E03916-85C5-44B0-8DC9-1830C11238D9}"= "c:\program files\Elf_1\prxtbElf2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2011-01-25 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-05 399736]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"Philips Intelligent Agent"="c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-09 68856]
"Consumer Input Update"="c:\program files\Consumer Input\dca-ua.exe" [2011-03-03 175800]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2011-01-27 67448]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2011-01-21 67960]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-20 669936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2011-05-01 19456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
c:\documents and settings\Merlr Morgan-Oxford\Start Menu\Programs\Startup\
Shrink Pic.lnk - c:\program files\Shrink Pic\shrink_pic.exe [2008-9-2 3067979]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2009-11-23 4657424]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-6 805392]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\o:\0autocheck autochk *\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
path=
backup=
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Merlr Morgan-Oxford^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Merlr Morgan-Oxford^Start Menu^Programs^Startup^MagicDisc.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Merlr Morgan-Oxford^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-01-21 02:04 377248 -c--a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-01-21 02:05 960560 -c--a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-04 08:56 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2006-09-06 08:42 143360 -c--a-w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 11:03 868352 -c--a-w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2008-09-09 22:32 1289000 -c----w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-08-22 13:13 2363392 -c----w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-09-09 22:32 1695232 -c----w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]
2008-02-21 16:19 613792 -c----w- c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2001-07-03 00:30 122880 -c--a-w- c:\program files\Creative\SBAudigy\RemoteCenter\Rc\RcMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2008-09-09 22:36 1687552 -c----w- c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-09-09 22:26 163840 -c--a-w- c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2008-09-09 22:29 69632 -c--a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar]
2001-07-26 00:00 118784 -c--a-w- c:\program files\Creative\SBAudigy\Taskbar\CTLTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
2001-06-29 00:00 163840 -c--a-w- c:\program files\Creative\SBAudigy\Taskbar\CTLTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 -c----w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-01-21 01:59 4359600 -c--a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"990:TCP"= 990:TCP:ActiveSync
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [14/09/2008 12:09 18432]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [11/01/2009 15:25 38448]
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [22/09/2010 17:05 20352]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [13/09/2008 15:16 13440]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [01/05/2011 15:13 45696]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
R2 WebView-Reporting-Service;WebView-Reporting-Service;c:\program files\WebView\WebView-Reporting.exe [23/02/2009 13:20 102400]
R2 WebView-Update-Service;WebView-Update-Service;c:\program files\WebView\WebView-Updater.exe [23/02/2009 13:20 176128]
R2 WebViewLSPService;WebViewLSPService;c:\program files\WebViewLSPService\WebViewLSPService.exe [14/06/2010 11:59 3043328]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [01/05/2011 15:15 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [01/05/2011 15:15 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [01/05/2011 15:15 566296]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [13/09/2008 15:17 215168]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [13/09/2008 15:15 12288]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [13/09/2008 15:16 321280]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [13/09/2008 15:15 77056]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [13/09/2008 15:15 396672]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [13/09/2008 15:15 17920]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [01/05/2011 15:13 56960]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [16/02/2009 19:16 31616]
R3 VF0270Dev;Live! Cam Optia;c:\windows\system32\drivers\V0270Dev.sys [16/02/2009 19:12 227488]
R3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\drivers\V0270Vfx.sys [16/02/2009 19:12 7424]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [22/09/2010 17:36 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [22/09/2010 17:38 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [22/09/2010 17:39 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [22/09/2010 17:40 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [22/09/2010 17:41 25704]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [02/01/2011 10:43 30312]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [01/05/2011 15:15 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [01/05/2011 15:19 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [01/05/2011 15:15 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [01/05/2011 15:15 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [01/05/2011 15:15 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [01/05/2011 15:15 566296]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 DM9USB;DM9000 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [03/04/2009 16:51 54272]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\drivers\fetnd6v.sys [22/09/2008 11:20 43520]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/04/2009 20:16 36608]
S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [20/11/2009 19:31 18432]
S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [20/11/2009 19:31 26368]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [21/06/2009 07:49 434176]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [02/01/2011 10:43 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [02/01/2011 10:43 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [02/01/2011 10:43 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [02/01/2011 10:43 98152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 13:11 451872 -c----w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 -c--a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 21:08]
.
2011-06-18 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
.
2011-06-30 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-06-30 12:41]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 05:48]
.
2011-06-23 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25]
.
2011-07-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]
.
2011-07-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-343818398-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-343818398-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
.
2011-06-16 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
.
2010-10-06 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-08-12 16:26]
.
2010-10-07 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-08-12 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\WebViewLSPService.DLL
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{252E42F4-0A33-427C-B197-6409321B09B1}: DhcpNameServer = 192.168.2.1
Filter: application/x-icq - {db40c160-09a1-11d3-baf2-000000000000} - c:\program files\ICQ\IExplorerMime.dll
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
.
.
------- File Associations -------
.
exefile="c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\hvw.exe" -a "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 09:38
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: MAXTOR_STM3500320AS rev.MX15 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8BDD031B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\WININET.dll
.
Completion time: 2011-07-03 09:44:47
ComboFix-quarantined-files.txt 2011-07-03 08:44
ComboFix2.txt 2011-07-02 21:19
.
Pre-Run: 113,922,011,136 bytes free
Post-Run: 113,997,393,920 bytes free
.
Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - B5220D7D7E2A06FA2DBF44BC743C00DA
And this is the OTL file there doesnt seem to be an extra file

OTL logfile created on: 03/07/2011 10:09:14 - Run 2
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Documents and Settings\Merlr Morgan-Oxford\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 57.87% Memory free
7.85 Gb Paging File | 7.10 Gb Available in Paging File | 90.51% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 106.89 Gb Free Space | 22.95% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1019.43 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive O: | 703.12 Mb Total Space | 703.12 Mb Free Space | 100.00% Space Free | Partition Type: CDUDF

Computer Name: MERLES-PC | User Name: Merlr Morgan-Oxford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
PRC - [2011/06/20 22:08:01 | 000,528,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/20 22:07:55 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/01 15:15:44 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2011/04/05 18:28:17 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/03 20:31:28 | 000,175,800 | ---- | M] (Compete, Inc.) -- C:\Program Files\Consumer Input\dca-ua.exe
PRC - [2011/01/27 08:57:52 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\PowerSuite\powersuite.exe
PRC - [2011/01/24 17:16:52 | 004,657,424 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\GetRight\GetRight.exe
PRC - [2011/01/21 16:06:36 | 000,056,168 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
PRC - [2011/01/21 15:43:56 | 000,053,104 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2010/06/14 11:59:26 | 003,043,328 | ---- | M] (nurago GmbH) -- C:\Program Files\WebViewLSPService\WebViewLSPService.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 12:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/02/23 13:20:24 | 000,176,128 | ---- | M] () -- C:\Program Files\WebView\WebView-Updater.exe
PRC - [2009/02/23 13:20:24 | 000,102,400 | ---- | M] () -- C:\Program Files\WebView\WebView-Reporting.exe
PRC - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/10/21 11:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/21 11:26:10 | 001,032,640 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/09/09 23:26:41 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2008/09/09 23:26:41 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2008/09/02 18:04:16 | 003,067,979 | ---- | M] () -- C:\Program Files\Shrink Pic\shrink_pic.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/02/21 17:19:30 | 000,613,792 | ---- | M] (Philips Consumer Electronics) -- C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
MOD - [2011/05/01 15:15:44 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/09/02 16:59:12 | 000,143,441 | ---- | M] () -- C:\Program Files\Shrink Pic\shrinkpici.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/20 22:07:55 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2011/05/01 15:19:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/14 11:59:26 | 003,043,328 | ---- | M] (nurago GmbH) [Auto | Running] -- C:\Program Files\WebViewLSPService\WebViewLSPService.exe -- (WebViewLSPService)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/02/23 13:20:24 | 000,176,128 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Updater.exe -- (WebView-Update-Service)
SRV - [2009/02/23 13:20:24 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Reporting.exe -- (WebView-Reporting-Service)
SRV - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/10/21 11:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/09/09 23:36:05 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2008/09/09 23:26:41 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2008/09/09 23:26:41 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2008/09/09 23:26:40 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2008/09/09 23:26:39 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - [2011/05/12 08:44:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2011/05/01 17:13:55 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2011/05/01 17:13:29 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011/05/01 16:58:35 | 000,321,280 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2011/05/01 16:58:19 | 000,013,440 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2011/05/01 16:57:57 | 000,215,168 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2011/05/01 16:57:57 | 000,012,288 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2011/05/01 15:15:50 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2011/05/01 15:15:50 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2011/05/01 15:15:50 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2011/05/01 15:15:50 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2011/05/01 15:15:50 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2011/05/01 15:15:49 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2011/05/01 15:15:49 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2011/05/01 15:15:49 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2011/05/01 15:15:49 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2011/05/01 15:15:49 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2011/05/01 15:15:49 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2011/05/01 15:15:49 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2011/05/01 15:15:49 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2011/05/01 15:15:48 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2011/05/01 15:15:48 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2011/05/01 15:13:42 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2011/05/01 15:13:42 | 000,045,696 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2010/12/31 22:24:14 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/12/01 20:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/08/27 05:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/08/27 05:32:08 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2010/08/27 05:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/08/27 05:32:08 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/08/27 05:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/08/02 16:01:47 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/07/21 09:00:00 | 000,020,352 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/21 17:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/21 14:51:07 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/03/21 14:50:59 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/03/21 14:50:59 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/03/21 14:50:49 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/02/17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/24 07:59:14 | 000,054,272 | ---- | M] (DAVICOM Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dm9usb.sys -- (DM9USB)
DRV - [2008/09/22 11:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2008/07/28 18:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/04 14:47:46 | 000,026,368 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\optovcm.sys -- (optovcm)
DRV - [2008/04/04 14:47:46 | 000,018,432 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\optousb.sys -- (optousb)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/20 02:03:00 | 000,227,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0270Dev.sys -- (VF0270Dev)
DRV - [2007/08/15 08:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/05/09 09:36:18 | 000,434,176 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinAVS.sys -- (PinnacleMarvinAVS)
DRV - [2007/04/11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/03/30 01:44:48 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/03/30 01:44:48 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/03/30 01:44:48 | 000,032,352 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2007/03/05 19:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0270Vfx.sys -- (VF0270Vfx)
DRV - [2007/02/05 11:15:26 | 000,018,432 | ---- | M] (NewSoft Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Achernar.sys -- (Achernar)
DRV - [2007/01/29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2007/01/12 16:55:24 | 000,022,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/06/07 16:28:40 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/06/07 16:28:20 | 000,149,028 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/06/07 16:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/06/07 16:23:20 | 000,047,811 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2005/11/22 00:49:40 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/10/22 07:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/22 07:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/22 07:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/22 07:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/08/04 08:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 07:10:12 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\WebView\ [2010/08/04 07:36:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/06 11:02:45 | 000,000,000 | ---D | M]

[2009/05/28 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Mozilla\Extensions
[2009/05/28 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Mozilla\Extensions\[email protected]
[2009/12/11 17:42:54 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/07/03 10:04:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh\iMeshIEHelper.dll ()
O2 - BHO: (WebView) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (nurago GmbH)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
O4 - HKCU..\Run: [PowerSuite] C:\Program Files\Uniblue\PowerSuite\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GetRight.lnk = C:\Program Files\GetRight\GetRight.exe (Headlight Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Merlr Morgan-Oxford\Start Menu\Programs\Startup\Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : About WebView - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (nurago GmbH)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} http://www.shopandsc.../TNSClicker.CAB (TNSClicker.Clicker)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.n...E_5.3.0.228.cab (Cult3D ActiveX Player)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.5.cab (DLM Control)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1221301042406 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1221301033546 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandsc.../TNSClickrc.CAB (TNSClickerc.Clicker)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/x-icq {db40c160-09a1-11d3-baf2-000000000000} - C:\Program Files\ICQ\IExplorerMime.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/12 16:01:47 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\O:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\hvw.exe" -a "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\hvw.exe" -a "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/03 10:04:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/03 08:46:09 | 004,130,135 | R--- | C] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
[2011/07/03 08:26:19 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\mbam-setup-1.51.0.1200new.exe
[2011/07/02 20:49:04 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\dds.scr
[2011/06/30 16:17:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/30 16:10:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/30 16:10:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/30 16:10:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/30 16:10:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/30 16:02:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/30 16:00:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/30 15:50:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/30 13:54:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
[2011/06/25 11:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeamViewer
[2011/06/25 11:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TeamViewer 6
[2011/06/25 11:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/06/24 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/24 09:04:59 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/06/22 14:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
[2011/06/20 13:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\LightScribe Diagnostic Utility
[2011/06/10 19:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ebay purchases
[2011/05/01 15:15:37 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2011/03/03 21:20:52 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\log4cxx.dll
[2008/06/01 13:40:11 | 107,505,240 | ---- | C] (Acronis) -- C:\Program Files\TrueImage10.0_s_en.exe
[2008/06/01 13:39:55 | 107,505,240 | ---- | C] (Acronis) -- C:\Program Files\TrueImage10.0.4942_s_en.exe
[2008/06/01 13:39:48 | 001,069,935 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\RegCure_Setup_15_RW.exe
[2008/06/01 13:39:41 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2008/06/01 13:39:31 | 023,405,072 | ---- | C] ( ) -- C:\Program Files\AdbeRdr811_en_US.exe
[2002/01/14 18:30:34 | 021,823,560 | ---- | C] (Microsoft) -- C:\Program Files\dotnetfx.exe

========== Files - Modified Within 30 Days ==========

[2011/07/03 10:10:55 | 000,512,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/03 10:10:55 | 000,099,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/03 10:06:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/03 10:06:26 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/03 10:06:26 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/07/03 10:06:26 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-343818398-682003330-1004.job
[2011/07/03 10:06:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/03 10:05:05 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:05:05 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:05:05 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:05:05 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:05:05 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:04:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/03 10:04:18 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-343818398-682003330-1004.job
[2011/07/03 09:58:00 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Microsoft Office Outlook 2007.lnk
[2011/07/03 09:53:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/03 08:46:09 | 004,130,135 | R--- | M] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
[2011/07/03 08:26:19 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\mbam-setup-1.51.0.1200new.exe
[2011/07/03 08:20:36 | 000,092,296 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\BullGuardDownloader.exe
[2011/07/03 00:33:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/07/02 21:01:24 | 000,010,756 | -HS- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\1nb850ycrl48wf78og
[2011/07/02 21:01:24 | 000,010,756 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1nb850ycrl48wf78og
[2011/07/02 20:49:33 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\dds.scr
[2011/07/02 20:03:02 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\winlogin.com.exe
[2011/07/02 20:00:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\we8td2oqe.exe
[2011/07/02 19:59:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\qdfbu77hm1.exe
[2011/07/01 09:19:27 | 000,151,552 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/01 07:50:43 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000006-00001102-00000004-00511102}.CDF
[2011/07/01 07:50:43 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000006-00001102-00000004-00511102}.BAK
[2011/06/30 21:10:11 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/30 16:17:37 | 000,000,513 | RHS- | M] () -- C:\boot.ini
[2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
[2011/06/30 13:41:56 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Express Burn Disc Burning Software.lnk
[2011/06/30 13:07:58 | 000,608,373 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Unbootable system tutorial - Geeks to Go Forums.mht
[2011/06/30 13:06:58 | 000,123,823 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\How to Set BIOS to Boot from CDROM - www_hiren_info.mht
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 11:46:47 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TeamViewer 6.lnk
[2011/06/24 15:00:30 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/24 15:00:30 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/24 09:38:31 | 000,003,151 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/24 09:28:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/06/24 08:38:36 | 010,145,792 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ad-Aware90Install.msi
[2011/06/23 18:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/06/23 17:21:44 | 002,666,306 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Quick Scan#20110623172143000000000.bglog
[2011/06/23 16:59:10 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Shortcut to Local Disk ©.lnk
[2011/06/22 14:59:40 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/06/22 13:54:15 | 021,022,914 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\vlc-1.1.10-win32.exe
[2011/06/21 22:35:45 | 000,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2011/06/20 14:56:44 | 000,112,548 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Thank You at SewAlong.mht
[2011/06/20 13:47:45 | 000,475,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/20 08:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/18 14:29:20 | 000,029,038 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The_Mentalist_S03E24_Strawberries_and_Cream_Part_2_HDTV_XviD_LOL_VTV_avi-[Fenopy.eu].torrent
[2011/06/18 14:27:47 | 000,018,925 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The.Mentalist.S03E24.Strawberries.and.Cream.HDTV.XviD-2HD.torrent
[2011/06/18 06:50:50 | 000,019,457 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\11062555126C.jpg
[2011/06/18 02:06:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/06/16 03:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/06/06 13:27:29 | 000,059,065 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\THE_WALKING_DEAD_SEASON_1_2010_1080p_BluRay_QEBS_AAC-FASM.6299677.TPB.torrent
[2011/06/06 11:03:06 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2011/06/06 11:01:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2011/07/03 08:20:36 | 000,092,296 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\BullGuardDownloader.exe
[2011/07/02 20:03:02 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\winlogin.com.exe
[2011/07/02 20:00:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\we8td2oqe.exe
[2011/07/02 19:59:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\qdfbu77hm1.exe
[2011/07/01 09:08:40 | 000,010,756 | -HS- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\1nb850ycrl48wf78og
[2011/07/01 08:11:21 | 000,010,756 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1nb850ycrl48wf78og
[2011/06/30 16:17:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/30 16:10:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/30 16:10:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/30 16:10:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/30 16:10:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/30 16:10:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/30 13:48:23 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/30 13:41:56 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/06/30 13:41:56 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Express Burn Disc Burning Software.lnk
[2011/06/30 13:07:58 | 000,608,373 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Unbootable system tutorial - Geeks to Go Forums.mht
[2011/06/30 13:06:57 | 000,123,823 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\How to Set BIOS to Boot from CDROM - www_hiren_info.mht
[2011/06/25 11:46:47 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TeamViewer 6.lnk
[2011/06/24 09:38:05 | 000,003,151 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/24 09:05:10 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/06/24 09:05:02 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/06/24 09:04:37 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/06/24 09:04:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/06/24 09:04:30 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/06/24 09:04:29 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2011/06/24 08:24:46 | 010,145,792 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ad-Aware90Install.msi
[2011/06/23 17:24:37 | 002,666,306 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Quick Scan#20110623172143000000000.bglog
[2011/06/23 16:59:10 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Shortcut to Local Disk ©.lnk
[2011/06/22 14:59:40 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/06/20 14:56:34 | 000,112,548 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Thank You at SewAlong.mht
[2011/06/18 14:29:18 | 000,029,038 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The_Mentalist_S03E24_Strawberries_and_Cream_Part_2_HDTV_XviD_LOL_VTV_avi-[Fenopy.eu].torrent
[2011/06/18 14:27:41 | 000,018,925 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The.Mentalist.S03E24.Strawberries.and.Cream.HDTV.XviD-2HD.torrent
[2011/06/18 07:26:58 | 000,019,457 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\11062555126C.jpg
[2011/06/10 19:58:48 | 021,022,914 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\vlc-1.1.10-win32.exe
[2011/06/06 13:27:25 | 000,059,065 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\THE_WALKING_DEAD_SEASON_1_2010_1080p_BluRay_QEBS_AAC-FASM.6299677.TPB.torrent
[2011/06/06 11:03:06 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2011/05/01 15:15:47 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2011/05/01 15:15:47 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/05/01 15:15:47 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2011/05/01 15:15:47 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2011/05/01 15:15:47 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/05/01 15:15:46 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2011/05/01 15:15:46 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2011/05/01 15:15:46 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/05/01 15:15:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2011/05/01 15:15:45 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/05/01 15:15:45 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2011/05/01 15:15:45 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2011/05/01 15:15:45 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2011/05/01 15:15:45 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2011/05/01 15:15:45 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/05/01 15:15:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/09/22 17:35:56 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\WS_ATLMovie.dll
[2010/08/13 12:07:59 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/08/07 11:36:06 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/06/22 08:12:11 | 000,000,186 | ---- | C] () -- C:\WINDOWS\PHOTOHSE.INI
[2010/06/21 19:19:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\XSP2003.INI
[2010/06/21 19:04:58 | 000,000,131 | ---- | C] () -- C:\WINDOWS\XSPROF.INI
[2010/06/14 11:59:26 | 000,002,696 | ---- | C] () -- C:\WINDOWS\System32\WebViewLSPService.ini
[2010/06/14 11:59:26 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\WebViewLSPServiceOff.ini
[2010/05/06 11:06:26 | 000,000,062 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2010/05/03 07:40:04 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/06 17:02:41 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/04/06 17:02:41 | 001,185,359 | ---- | C] () -- C:\WINDOWS\System32\unins001.exe
[2010/04/06 17:02:41 | 000,046,845 | ---- | C] () -- C:\WINDOWS\System32\unins001.dat
[2010/02/17 22:49:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/01/16 10:14:52 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
[2010/01/16 10:14:51 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2010/01/16 10:14:51 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2010/01/16 10:14:51 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010/01/16 10:14:51 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2010/01/16 10:14:51 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2010/01/16 10:14:50 | 000,003,036 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/01/07 17:25:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\AVSMediaPlayer.m3u
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/02 09:51:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/06 18:12:39 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\setup_ldm.iss
[2009/09/11 12:40:20 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/09 10:04:42 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/05/23 07:20:45 | 000,101,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/02 20:16:28 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/04/02 20:16:28 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/03/21 14:35:32 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/03/18 16:19:51 | 000,000,111 | ---- | C] () -- C:\WINDOWS\SCORE.INI
[2009/02/26 04:11:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/02/16 19:18:06 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2009/02/16 19:16:12 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/02/15 17:58:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/01/11 15:25:07 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2009/01/11 15:25:07 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2009/01/11 15:25:07 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2009/01/02 12:30:30 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008/12/28 17:59:44 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/28 16:51:00 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/28 16:50:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/12/28 16:49:08 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/12 17:57:38 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/12/10 18:53:56 | 000,038,489 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Microsoft Excel 97-2003.ADR
[2008/12/09 19:57:26 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/12/09 19:57:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/12/09 19:57:02 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/12/09 19:56:42 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/12/09 19:56:34 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/12/09 19:56:22 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/12/08 14:37:04 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/08 14:34:42 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/08 13:53:40 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/06 20:00:27 | 001,466,969 | ---- | C] () -- C:\Program Files\88x_2_122_26109_WHQL.zip
[2008/12/06 08:43:56 | 000,029,561 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/06 08:43:35 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/12/06 08:42:57 | 000,000,628 | ---- | C] () -- C:\Program Files\WinTV Radio.lnk
[2008/12/06 08:42:46 | 000,000,650 | ---- | C] () -- C:\Program Files\WinTV2000.lnk
[2008/12/06 08:41:15 | 000,002,032 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/12/05 16:59:41 | 000,256,222 | ---- | C] () -- C:\Program Files\dotnetfx_cleanup_tool.zip
[2008/12/03 18:20:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2008/11/26 20:55:22 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/11/26 19:49:10 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/10/15 08:14:59 | 000,001,732 | ---- | C] () -- C:\Program Files\WinZip.lnk
[2008/10/12 16:10:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\rx_image.Cache
[2008/10/12 16:10:28 | 000,577,592 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\rx_audio.Cache
[2008/09/19 06:40:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/09/15 18:22:08 | 000,000,287 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2008/09/14 18:42:54 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ICQAL.dll
[2008/09/14 18:42:54 | 000,126,704 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/09/14 18:42:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\icqsock.dll
[2008/09/14 18:42:54 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\icquiex.dll
[2008/09/14 18:42:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\ICQMAPI.dll
[2008/09/14 18:42:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\icqcprt.dll
[2008/09/14 18:42:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/09/14 18:42:54 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\icqwcom.dll
[2008/09/14 18:42:54 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\icqwutl.dll
[2008/09/14 18:42:54 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\icqcutl.dll
[2008/09/14 18:42:54 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\ICQWSock16.dll
[2008/09/14 17:26:48 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/14 14:15:56 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/14 12:35:32 | 000,000,206 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2008/09/14 12:12:03 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2008/09/14 12:09:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\NSM4AEnc.dll
[2008/09/14 12:09:07 | 000,671,859 | ---- | C] () -- C:\WINDOWS\System32\NSEncore.dll
[2008/09/14 08:48:33 | 000,000,448 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/14 08:21:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\printhse.ini
[2008/09/14 08:21:29 | 000,000,056 | ---- | C] () -- C:\WINDOWS\country.ini
[2008/09/13 23:22:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2008/09/13 22:02:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\$_hpcst$.hpc
[2008/09/13 21:51:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CompanionApp.INI
[2008/09/13 20:16:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/13 15:15:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2008/09/13 14:37:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\LDLog.INI
[2008/09/13 14:36:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/13 14:28:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/09/13 14:05:10 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/09/13 14:04:47 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/09/13 14:04:45 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/09/13 14:04:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/09/13 14:04:42 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/09/13 13:25:15 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2008/09/13 13:25:14 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2008/09/13 13:17:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/09/13 13:02:56 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/09/13 13:02:52 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/09/13 11:40:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/13 11:39:20 | 000,475,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/13 11:08:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/13 11:04:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/09 23:36:57 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to setup.lnk
[2008/08/28 15:41:37 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2008/07/09 09:05:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2008/06/15 10:27:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/06/01 13:40:52 | 003,351,552 | ---- | C] () -- C:\Program Files\VersionTracker_Pro_Windows_4_0.msi
[2008/06/01 13:39:37 | 000,881,488 | ---- | C] () -- C:\Program Files\Google Updater.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/29 16:42:22 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 16:42:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/03/29 16:42:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 16:42:08 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 16:42:04 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 16:42:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 16:42:02 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2008/03/29 16:42:02 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 16:42:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 16:42:00 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2008/03/29 16:41:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2008/03/29 16:41:54 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 16:41:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/03/29 16:41:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/22 05:16:14 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2007/12/22 05:16:04 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/12/22 05:15:02 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2007/12/22 04:37:44 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/06/28 19:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/27 16:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/08/11 15:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/06/07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/01 14:05:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/11/10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/11/10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/11/10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/03/31 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 13:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2003/03/31 13:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/03/31 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 13:00:00 | 000,512,666 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(3).dll
[2003/03/31 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(2).dll
[2003/03/31 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 13:00:00 | 000,099,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll
[2003/03/31 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/03/31 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/23 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/03/21 15:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2009/08/30 13:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund
[2011/07/03 08:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BullGuard
[2011/05/23 16:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\C2E
[2009/05/13 06:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Documents
[2009/01/14 12:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2010/06/22 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DP Software
[2010/08/18 19:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Whiz
[2009/09/26 09:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
[2011/05/01 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2009/02/24 09:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Entriq
[2010/04/24 22:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Karen's Power Tools
[2011/07/03 10:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
[2011/06/30 13:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2009/01/14 12:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2008/09/13 21:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Philips
[2009/06/21 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2009/06/21 22:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio Plus
[2010/08/12 16:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RapidSolution
[2011/03/18 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2009/11/28 09:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sky
[2008/09/14 12:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
[2009/06/21 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Studio 12
[2010/09/22 17:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/07/01 10:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2010/09/22 17:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneClone
[2009/04/01 07:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2010/09/22 17:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\xml_param
[2011/05/01 12:02:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{83FC5D7A-8875-4931-80D6-1E3AC725D336}
[2011/05/01 12:01:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8EE64AC9-4067-4544-96FA-A1719B301ABF}
[2010/07/09 08:37:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
[2009/12/12 09:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/09/15 08:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/06/30 10:40:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/03/21 16:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Acronis
[2009/03/13 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Amazon
[2009/03/19 10:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Anthropics
[2009/08/30 13:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Broderbund
[2011/01/31 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\BullGuard
[2009/09/26 09:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\CBS Interactive
[2009/11/22 15:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/14 12:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\DriverCure
[2011/07/03 10:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\GetRight
[2010/12/17 15:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Graboid Inc
[2010/05/11 12:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Gygan
[2011/06/03 17:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\iMeshMediabarTb
[2008/09/13 14:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\InterTrust
[2010/08/13 12:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Megaupload
[2010/08/12 17:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\NCH Swift Sound
[2010/09/04 08:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Neo-Modus.com
[2009/05/29 08:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\RapidGet
[2011/01/02 10:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Samsung
[2009/01/04 22:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Search Settings
[2011/06/02 20:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\shrink_pic
[2011/01/31 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Software Inspection Library
[2010/05/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\SoundMaven
[2009/05/06 16:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\SuperNZB
[2009/01/11 15:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Systweak
[2011/06/25 11:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeamViewer
[2011/07/01 09:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeraCopy
[2009/02/17 20:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\tmp
[2009/05/28 17:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TomTom
[2011/05/01 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Uniblue
[2011/07/03 10:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\uTorrent
[2008/12/04 08:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\VersionTracker Pro
[2008/09/18 17:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Windows Desktop Search
[2008/09/18 20:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Windows Search
[2011/06/20 08:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/18 02:06:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/06/30 21:10:11 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2011/06/23 18:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/07/03 00:33:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2011/07/03 10:06:26 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011/06/16 03:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010/10/06 17:13:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2010/10/07 17:56:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



< End of report >

Thank you for your help
  • 0

#6
merlejane

merlejane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi
Here is the combo fix report
ComboFix 11-07-02.03 - Merlr Morgan-Oxford 03/07/2011 9:10.4.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1306 [GMT 1:00]
Running from: c:\documents and settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Merlr Morgan-Oxford\Application Data\PriceGong
c:\documents and settings\Merlr Morgan-Oxford\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Merlr Morgan-Oxford\Application Data\PriceGong\Data\mru.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-06-30 14:50 . 2011-06-30 14:50 -------- dc----w- C:\_OTL
2011-06-30 09:49 . 2011-06-30 09:49 -------- d-----w- c:\documents and settings\Administrator.MERLES-PC\Application Data\Software Inspection Library
2011-06-25 10:47 . 2011-06-25 10:47 -------- d-----w- c:\documents and settings\Merlr Morgan-Oxford\Application Data\TeamViewer
2011-06-25 10:46 . 2011-06-25 10:46 -------- d-----w- c:\program files\TeamViewer
2011-06-24 15:08 . 2011-06-30 09:49 -------- d-----w- c:\documents and settings\Administrator.MERLES-PC\Application Data\BullGuard
2011-06-24 08:14 . 2008-04-14 04:41 30208 -c--a-w- c:\windows\system32\SET1DA4.tmp
2011-06-24 08:14 . 2008-04-14 04:41 1689088 -c--a-w- c:\windows\system32\SET1DA0.tmp
2011-06-24 08:14 . 2008-04-14 04:41 16896 -c--a-w- c:\windows\system32\SET1D86.tmp
2011-06-24 08:14 . 2008-04-14 04:40 177152 -c----w- c:\windows\system32\SET1D5B.tmp
2011-06-24 08:14 . 2008-04-14 04:42 13824 -c--a-w- c:\windows\system32\SET1D27.tmp
2011-06-24 08:14 . 2008-04-14 04:42 80896 -c--a-w- c:\windows\system32\SET1D26.tmp
2011-06-24 08:14 . 2008-04-14 04:42 354304 -c----w- c:\windows\system32\SET1D2B.tmp
2011-06-24 08:14 . 2008-04-14 04:42 6656 -c--a-w- c:\windows\system32\SET1D21.tmp
2011-06-24 08:14 . 2008-04-14 04:42 121856 -c--a-w- c:\windows\system32\SET1D20.tmp
2011-06-24 08:14 . 2008-04-14 04:42 108032 -c--a-w- c:\windows\system32\SET1D24.tmp
2011-06-24 08:14 . 2008-04-13 22:09 438784 -c--a-w- c:\windows\system32\SET1D1D.tmp
2011-06-24 08:10 . 2008-04-14 04:41 58368 -c--a-w- c:\windows\system32\SET128F.tmp
2011-06-24 08:09 . 2008-04-14 04:42 171008 -c--a-w- c:\windows\system32\SETEDE.tmp
2011-06-24 08:08 . 2006-12-28 23:31 19569 -c--a-w- c:\windows\003667_.tmp
2011-06-24 08:04 . 2010-02-16 13:19 2181376 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-06-23 07:12 . 2011-06-24 14:12 94208 ----a-w- c:\windows\DUMP6513.tmp
2011-06-22 12:57 . 2011-06-22 12:57 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Temp
2011-06-22 12:57 . 2011-06-22 12:57 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Adobe
2011-06-20 15:38 . 2011-06-20 15:38 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\NVIDIA Corporation
2011-06-20 12:43 . 2011-06-20 12:43 -------- dc----w- c:\windows\system32\wbem\Repository
2011-06-20 12:41 . 2011-06-20 12:41 -------- d-----w- c:\program files\LightScribe Diagnostic Utility
2011-06-20 09:43 . 2011-06-20 09:43 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\IECompatCache
2011-06-20 08:58 . 2011-06-20 08:58 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-08 16:30 . 2011-05-19 14:52 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 07:44 . 2006-06-07 15:29 37160 -c----w- c:\windows\system32\drivers\btport.sys
2011-05-04 03:52 . 2010-05-09 07:20 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-05-04 01:25 . 2008-09-14 12:11 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-05-01 16:16 . 2011-05-01 16:16 67568 -c--a-w- c:\windows\system32\drivers\usbhub20.sys
2011-05-01 16:13 . 2006-06-07 21:06 533152 -c----w- c:\windows\system32\drivers\btaudio.sys
2011-05-01 16:13 . 2006-06-07 15:33 991264 -c----w- c:\windows\system32\drivers\btkrnl.sys
2011-05-01 15:58 . 2008-09-13 14:16 321280 -c----w- c:\windows\system32\drivers\hcw88tse.sys
2011-05-01 15:58 . 2008-09-13 14:16 134144 -c--a-w- c:\windows\system32\drivers\hcw88prx.ax
2011-05-01 15:58 . 2008-09-13 14:16 13440 -c--a-w- c:\windows\system32\drivers\hcw88aud.sys
2011-05-01 15:57 . 2008-12-06 19:01 96256 -c--a-w- c:\windows\system32\hcwcp.ax
2011-05-01 15:57 . 2008-12-06 19:01 139264 -c--a-w- c:\windows\system32\hcwecppp.ax
2011-05-01 15:57 . 2008-09-13 14:15 40960 -c----w- c:\windows\system32\hcwxds.dll
2011-05-01 15:57 . 2008-09-13 14:15 396672 -c----w- c:\windows\system32\drivers\hcw88vid.sys
2011-05-01 15:57 . 2008-09-13 14:17 215168 -c----w- c:\windows\system32\drivers\hcw88bda.sys
2011-05-01 15:57 . 2008-09-13 14:15 9539 -c--a-w- c:\windows\system32\drivers\hcw88r9x.sys
2011-05-01 15:57 . 2008-09-13 14:15 77056 -c----w- c:\windows\system32\drivers\hcw88tun.sys
2011-05-01 15:57 . 2008-09-13 14:15 17920 -c----w- c:\windows\system32\drivers\hcw88bar.sys
2011-05-01 15:57 . 2008-09-13 14:15 12288 -c----w- c:\windows\system32\drivers\hcw88rc5.sys
2011-05-01 14:17 . 2008-09-13 12:55 444952 -c--a-w- c:\windows\system32\wrap_oal.dll
2011-05-01 14:17 . 2001-07-11 10:51 109080 -c--a-w- c:\windows\system32\OpenAL32.dll
2011-05-01 14:15 . 2011-05-01 14:15 92696 -c--a-w- c:\windows\system32\drivers\emupia2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 798744 -c----w- c:\windows\system32\drivers\ha10kx2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 189464 -c----w- c:\windows\system32\drivers\haP17v2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 162840 -c----w- c:\windows\system32\drivers\haP16v2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 157208 -c--a-w- c:\windows\system32\drivers\ctsfm2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 566296 -c----w- c:\windows\system32\drivers\CTSBLFX.sys
2011-05-01 14:15 . 2011-05-01 14:15 555032 -c----w- c:\windows\system32\drivers\CTAUDFX.sys
2011-05-01 14:15 . 2011-05-01 14:15 528408 -c--a-w- c:\windows\system32\drivers\ctaud2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 511000 -c----w- c:\windows\system32\drivers\ctac32k.sys
2011-05-01 14:15 . 2011-05-01 14:15 347080 -c--a-w- c:\windows\system32\drivers\ctdvda2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 18840 -c--a-w- c:\windows\system32\drivers\CTGAME.SYS
2011-05-01 14:15 . 2011-05-01 14:15 14360 -c--a-w- c:\windows\system32\drivers\ctprxy2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 1396120 -c--a-w- c:\windows\system32\drivers\CTMMFILT.SYS
2011-05-01 14:15 . 2011-05-01 14:15 127512 -c--a-w- c:\windows\system32\drivers\ctoss2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 100888 -c----w- c:\windows\system32\drivers\CTERFXFX.sys
2011-05-01 14:15 . 2011-05-01 14:15 99352 -c----w- c:\windows\system32\drivers\COMMONFX.sys
2011-05-01 14:15 . 2011-05-01 14:15 15896 -c--a-w- c:\windows\system32\drivers\pfmodnt.sys
2011-05-01 14:15 . 2011-05-01 14:15 1366424 -c--a-w- c:\windows\system32\drivers\CT0531FL.SYS
2011-05-01 14:15 . 2011-05-01 14:15 121856 -c--a-w- c:\windows\system32\ctsfinst.dll
2011-05-01 14:15 . 2006-08-11 14:57 182272 -c--a-w- c:\windows\system32\ctdvinst.dll
2011-05-01 14:15 . 2006-08-11 14:57 86528 -c--a-w- c:\windows\system32\ctcoinst.dll
2011-05-01 14:15 . 2011-05-01 14:15 51787 -c--a-w- c:\windows\system32\SET51.tmp
2011-05-01 14:15 . 2011-05-01 14:15 386852 -c--a-w- c:\windows\system32\SET54.tmp
2011-05-01 14:15 . 2011-05-01 14:15 9216 -c--a-w- c:\windows\system32\ctpres.dll
2011-05-01 14:15 . 2011-05-01 14:15 9216 -c--a-w- c:\windows\CTPRES.DLL
2011-05-01 14:15 . 2011-05-01 14:15 87712 -c--a-w- c:\windows\system32\ctpxst32.exe
2011-05-01 14:15 . 2011-05-01 14:15 77824 -c--a-w- c:\windows\system32\ctmmactl.dll
2011-05-01 14:15 . 2011-05-01 14:15 69632 -c--a-w- c:\windows\system32\ctosuser.dll
2011-05-01 14:15 . 2011-05-01 14:15 64512 -c----w- c:\windows\system32\piaproxy.dll
2011-05-01 14:15 . 2011-05-01 14:15 6144 -c--a-w- c:\windows\system32\sfman32.dll
2011-05-01 14:15 . 2011-05-01 14:15 5120 -c--a-w- c:\windows\system32\enlocstr.exe
2011-05-01 14:15 . 2011-05-01 14:15 49152 -c----w- c:\windows\system32\ctdproxy.dll
2011-05-01 14:15 . 2011-05-01 14:15 47104 -c--a-w- c:\windows\system32\udapld32.dll
2011-05-01 14:15 . 2011-05-01 14:15 45568 -c--a-w- c:\windows\system32\ctspkhlp.dll
2011-05-01 14:15 . 2011-05-01 14:15 41472 -c--a-w- c:\windows\system32\ctscal.dll
2011-05-01 14:15 . 2011-05-01 14:15 37888 -c--a-w- c:\windows\system32\psconv.exe
2011-05-01 14:15 . 2011-05-01 14:15 33792 -c--a-w- c:\windows\system32\devreg.dll
2011-05-01 14:15 . 2011-05-01 14:15 330752 -c----w- c:\windows\system32\ctdc0001.dll
2011-05-01 14:15 . 2011-05-01 14:15 32768 -c--a-w- c:\windows\system32\ctthxcal.dll
2011-05-01 14:15 . 2011-05-01 14:15 13312 -c--a-w- c:\windows\system32\regplib.exe
2011-05-01 14:15 . 2011-05-01 14:15 131072 -c--a-w- c:\windows\system32\ctdcifce.dll
2011-05-01 14:15 . 2011-05-01 14:15 12800 -c--a-w- c:\windows\system32\ctmmep.dll
2011-05-01 14:15 . 2011-05-01 14:15 125952 -c--a-w- c:\windows\system32\sfms32.dll
2011-05-01 14:15 . 2011-05-01 14:15 11776 -c--a-w- c:\windows\INRES.DLL
2011-05-01 14:15 . 2011-05-01 14:15 10240 -c--a-w- c:\windows\system32\killapps.exe
2011-05-01 14:15 . 2011-05-01 14:15 10240 -c--a-w- c:\windows\system32\ctdcres.dll
2011-05-01 14:15 . 2011-05-01 14:15 10240 -c----w- c:\windows\CTDCRES.DLL
2011-05-01 14:15 . 2008-06-27 17:27 11776 -c--a-w- c:\windows\system32\inres.dll
2011-05-01 14:15 . 2011-05-01 14:15 8704 -c----w- c:\windows\system32\ctagent.dll
2011-05-01 14:15 . 2011-05-01 14:15 809496 -c--a-w- c:\windows\system32\OALInst.exe
2011-05-01 14:15 . 2011-05-01 14:15 77824 -c--a-w- c:\windows\system32\eaxac3.dll
2011-05-01 14:15 . 2011-05-01 14:15 600217 -c--a-w- c:\windows\system32\UDAAIM32.exe
2011-05-01 14:15 . 2011-05-01 14:15 56832 -c--a-w- c:\windows\system32\CTpcmcia.dll
2011-05-01 14:15 . 2011-05-01 14:15 508928 -c--a-w- c:\windows\system32\UDAAPO32.dll
2011-05-01 14:15 . 2011-05-01 14:15 46592 -c--a-w- c:\windows\system32\ctasio.dll
2011-05-01 14:15 . 2011-05-01 14:15 38400 -c--a-w- c:\windows\system32\readreg.exe
2011-05-01 14:15 . 2011-05-01 14:15 227840 -c----w- c:\windows\system32\ctdc0000.dll
2011-05-01 14:15 . 2011-05-01 14:15 19456 -c----w- c:\windows\system32\CtHelper.exe
2011-05-01 14:15 . 2011-05-01 14:15 176128 -c--a-w- c:\windows\system32\ct_oal.dll
2011-05-01 14:15 . 2011-05-01 14:15 11776 -c--a-w- c:\windows\system32\ac3api.dll
2011-05-01 14:15 . 2011-05-01 14:15 43520 -c--a-w- c:\windows\system32\CTBurst.dll
2011-05-01 14:15 . 2011-05-01 14:15 196096 -c--a-w- c:\windows\system32\ctemupia.dll
2011-05-01 14:15 . 2011-05-01 14:15 10752 -c--a-w- c:\windows\system32\a3d.dll
2011-05-01 14:15 . 2008-05-23 16:18 16534496 -c--a-w- c:\windows\system32\AppSetup.exe
2011-05-01 14:15 . 2006-12-05 14:52 48400 -c--a-w- c:\windows\system32\AddCat.exe
2011-05-01 14:13 . 2011-05-01 14:13 56960 -c--a-w- c:\windows\system32\drivers\ousb2hub.sys
2011-05-01 14:13 . 2011-05-01 14:13 45696 -c--a-w- c:\windows\system32\drivers\ousbehci.sys
2008-09-09 22:38 . 2008-06-01 12:40 3351552 -c--a-w- c:\program files\VersionTracker_Pro_Windows_4_0.msi
2008-09-09 22:38 . 2008-06-01 12:40 107505240 -c--a-w- c:\program files\TrueImage10.0_s_en.exe
2008-09-09 22:38 . 2008-06-01 12:39 107505240 -c--a-w- c:\program files\TrueImage10.0.4942_s_en.exe
2008-09-09 22:35 . 2008-06-01 12:39 1069935 -c--a-w- c:\program files\RegCure_Setup_15_RW.exe
2008-09-09 22:30 . 2008-06-01 12:39 15452536 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2008-09-09 22:29 . 2008-06-01 12:39 881488 -c--a-w- c:\program files\Google Updater.exe
2008-09-09 22:05 . 2008-06-01 12:39 23405072 -c--a-w- c:\program files\AdbeRdr811_en_US.exe
2008-03-09 07:25 . 2010-01-16 09:14 236 -c--a-w- c:\program files\Common Files\dx.reg
2002-01-14 17:30 . 2002-01-14 17:30 21823560 -c--a-w- c:\program files\dotnetfx.exe
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( [email protected]_21.12.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-03 08:07 . 2011-07-03 08:07 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2011-07-03 08:07 . 2011-07-03 08:07 16384 c:\windows\Temp\Perflib_Perfdata_634.dat
+ 2003-03-31 12:00 . 2011-07-03 08:12 99306 c:\windows\system32\perfc009.dat
- 2003-03-31 12:00 . 2011-07-02 20:46 99306 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2011-07-03 08:12 512666 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2011-07-02 20:46 512666 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{22e03916-85c5-44b0-8dc9-1830c11238d9}"= "c:\program files\Elf_1\prxtbElf2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e03916-85c5-44b0-8dc9-1830c11238d9}]
2011-01-17 14:54 175912 ------w- c:\program files\Elf_1\prxtbElf2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-25 22:03 3911776 -c----w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2009-05-04 10:54 398768 -c--a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58 91568 -c--a-w- c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]
"{22e03916-85c5-44b0-8dc9-1830c11238d9}"= "c:\program files\Elf_1\prxtbElf2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2011-01-25 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
.
[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{22E03916-85C5-44B0-8DC9-1830C11238D9}"= "c:\program files\Elf_1\prxtbElf2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2011-01-25 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-05 399736]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"Philips Intelligent Agent"="c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-09 68856]
"Consumer Input Update"="c:\program files\Consumer Input\dca-ua.exe" [2011-03-03 175800]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2011-01-27 67448]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2011-01-21 67960]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-20 669936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2011-05-01 19456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
c:\documents and settings\Merlr Morgan-Oxford\Start Menu\Programs\Startup\
Shrink Pic.lnk - c:\program files\Shrink Pic\shrink_pic.exe [2008-9-2 3067979]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2009-11-23 4657424]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-6 805392]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\o:\0autocheck autochk *\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
path=
backup=
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Merlr Morgan-Oxford^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Merlr Morgan-Oxford^Start Menu^Programs^Startup^MagicDisc.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Merlr Morgan-Oxford^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-01-21 02:04 377248 -c--a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-01-21 02:05 960560 -c--a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-04 08:56 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2006-09-06 08:42 143360 -c--a-w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 11:03 868352 -c--a-w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2008-09-09 22:32 1289000 -c----w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-08-22 13:13 2363392 -c----w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-09-09 22:32 1695232 -c----w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]
2008-02-21 16:19 613792 -c----w- c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2001-07-03 00:30 122880 -c--a-w- c:\program files\Creative\SBAudigy\RemoteCenter\Rc\RcMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2008-09-09 22:36 1687552 -c----w- c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-09-09 22:26 163840 -c--a-w- c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2008-09-09 22:29 69632 -c--a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar]
2001-07-26 00:00 118784 -c--a-w- c:\program files\Creative\SBAudigy\Taskbar\CTLTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
2001-06-29 00:00 163840 -c--a-w- c:\program files\Creative\SBAudigy\Taskbar\CTLTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 -c----w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-01-21 01:59 4359600 -c--a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"990:TCP"= 990:TCP:ActiveSync
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [14/09/2008 12:09 18432]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [11/01/2009 15:25 38448]
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [22/09/2010 17:05 20352]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [13/09/2008 15:16 13440]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [01/05/2011 15:13 45696]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
R2 WebView-Reporting-Service;WebView-Reporting-Service;c:\program files\WebView\WebView-Reporting.exe [23/02/2009 13:20 102400]
R2 WebView-Update-Service;WebView-Update-Service;c:\program files\WebView\WebView-Updater.exe [23/02/2009 13:20 176128]
R2 WebViewLSPService;WebViewLSPService;c:\program files\WebViewLSPService\WebViewLSPService.exe [14/06/2010 11:59 3043328]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [01/05/2011 15:15 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [01/05/2011 15:15 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [01/05/2011 15:15 566296]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [13/09/2008 15:17 215168]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [13/09/2008 15:15 12288]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [13/09/2008 15:16 321280]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [13/09/2008 15:15 77056]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [13/09/2008 15:15 396672]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [13/09/2008 15:15 17920]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [01/05/2011 15:13 56960]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [16/02/2009 19:16 31616]
R3 VF0270Dev;Live! Cam Optia;c:\windows\system32\drivers\V0270Dev.sys [16/02/2009 19:12 227488]
R3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\drivers\V0270Vfx.sys [16/02/2009 19:12 7424]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [22/09/2010 17:36 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [22/09/2010 17:38 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [22/09/2010 17:39 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [22/09/2010 17:40 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [22/09/2010 17:41 25704]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [02/01/2011 10:43 30312]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [01/05/2011 15:15 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [01/05/2011 15:19 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [01/05/2011 15:15 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [01/05/2011 15:15 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [01/05/2011 15:15 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [01/05/2011 15:15 566296]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 DM9USB;DM9000 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [03/04/2009 16:51 54272]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\drivers\fetnd6v.sys [22/09/2008 11:20 43520]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/04/2009 20:16 36608]
S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [20/11/2009 19:31 18432]
S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [20/11/2009 19:31 26368]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [21/06/2009 07:49 434176]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [02/01/2011 10:43 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [02/01/2011 10:43 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [02/01/2011 10:43 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [02/01/2011 10:43 98152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 13:11 451872 -c----w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 -c--a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 21:08]
.
2011-06-18 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
.
2011-06-30 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-06-30 12:41]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 05:48]
.
2011-06-23 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25]
.
2011-07-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]
.
2011-07-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-343818398-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-343818398-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
.
2011-06-16 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
.
2010-10-06 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-08-12 16:26]
.
2010-10-07 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-08-12 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\WebViewLSPService.DLL
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{252E42F4-0A33-427C-B197-6409321B09B1}: DhcpNameServer = 192.168.2.1
Filter: application/x-icq - {db40c160-09a1-11d3-baf2-000000000000} - c:\program files\ICQ\IExplorerMime.dll
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
.
.
------- File Associations -------
.
exefile="c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\hvw.exe" -a "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 09:38
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: MAXTOR_STM3500320AS rev.MX15 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8BDD031B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\WININET.dll
.
Completion time: 2011-07-03 09:44:47
ComboFix-quarantined-files.txt 2011-07-03 08:44
ComboFix2.txt 2011-07-02 21:19
.
Pre-Run: 113,922,011,136 bytes free
Post-Run: 113,997,393,920 bytes free
.
Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - B5220D7D7E2A06FA2DBF44BC743C00DA
And this is the OTL file there doesnt seem to be an extra file

OTL logfile created on: 03/07/2011 10:09:14 - Run 2
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Documents and Settings\Merlr Morgan-Oxford\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 57.87% Memory free
7.85 Gb Paging File | 7.10 Gb Available in Paging File | 90.51% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 106.89 Gb Free Space | 22.95% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1019.43 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive O: | 703.12 Mb Total Space | 703.12 Mb Free Space | 100.00% Space Free | Partition Type: CDUDF

Computer Name: MERLES-PC | User Name: Merlr Morgan-Oxford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
PRC - [2011/06/20 22:08:01 | 000,528,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/20 22:07:55 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/01 15:15:44 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2011/04/05 18:28:17 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/03 20:31:28 | 000,175,800 | ---- | M] (Compete, Inc.) -- C:\Program Files\Consumer Input\dca-ua.exe
PRC - [2011/01/27 08:57:52 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\PowerSuite\powersuite.exe
PRC - [2011/01/24 17:16:52 | 004,657,424 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\GetRight\GetRight.exe
PRC - [2011/01/21 16:06:36 | 000,056,168 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
PRC - [2011/01/21 15:43:56 | 000,053,104 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2010/06/14 11:59:26 | 003,043,328 | ---- | M] (nurago GmbH) -- C:\Program Files\WebViewLSPService\WebViewLSPService.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 12:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/02/23 13:20:24 | 000,176,128 | ---- | M] () -- C:\Program Files\WebView\WebView-Updater.exe
PRC - [2009/02/23 13:20:24 | 000,102,400 | ---- | M] () -- C:\Program Files\WebView\WebView-Reporting.exe
PRC - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/10/21 11:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/21 11:26:10 | 001,032,640 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/09/09 23:26:41 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2008/09/09 23:26:41 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2008/09/02 18:04:16 | 003,067,979 | ---- | M] () -- C:\Program Files\Shrink Pic\shrink_pic.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/02/21 17:19:30 | 000,613,792 | ---- | M] (Philips Consumer Electronics) -- C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
MOD - [2011/05/01 15:15:44 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/09/02 16:59:12 | 000,143,441 | ---- | M] () -- C:\Program Files\Shrink Pic\shrinkpici.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/20 22:07:55 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2011/05/01 15:19:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/14 11:59:26 | 003,043,328 | ---- | M] (nurago GmbH) [Auto | Running] -- C:\Program Files\WebViewLSPService\WebViewLSPService.exe -- (WebViewLSPService)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/02/23 13:20:24 | 000,176,128 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Updater.exe -- (WebView-Update-Service)
SRV - [2009/02/23 13:20:24 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Reporting.exe -- (WebView-Reporting-Service)
SRV - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/10/21 11:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/09/09 23:36:05 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2008/09/09 23:26:41 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2008/09/09 23:26:41 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2008/09/09 23:26:40 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2008/09/09 23:26:39 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - [2011/05/12 08:44:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2011/05/01 17:13:55 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2011/05/01 17:13:29 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011/05/01 16:58:35 | 000,321,280 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2011/05/01 16:58:19 | 000,013,440 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2011/05/01 16:57:57 | 000,215,168 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2011/05/01 16:57:57 | 000,012,288 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2011/05/01 15:15:50 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2011/05/01 15:15:50 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2011/05/01 15:15:50 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2011/05/01 15:15:50 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2011/05/01 15:15:50 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2011/05/01 15:15:49 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2011/05/01 15:15:49 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2011/05/01 15:15:49 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2011/05/01 15:15:49 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2011/05/01 15:15:49 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2011/05/01 15:15:49 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2011/05/01 15:15:49 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2011/05/01 15:15:49 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2011/05/01 15:15:48 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2011/05/01 15:15:48 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2011/05/01 15:13:42 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2011/05/01 15:13:42 | 000,045,696 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2010/12/31 22:24:14 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/12/01 20:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/08/27 05:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/08/27 05:32:08 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2010/08/27 05:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/08/27 05:32:08 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/08/27 05:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/08/02 16:01:47 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/07/21 09:00:00 | 000,020,352 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/21 17:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/21 14:51:07 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/03/21 14:50:59 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/03/21 14:50:59 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/03/21 14:50:49 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/02/17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/24 07:59:14 | 000,054,272 | ---- | M] (DAVICOM Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dm9usb.sys -- (DM9USB)
DRV - [2008/09/22 11:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2008/07/28 18:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/04 14:47:46 | 000,026,368 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\optovcm.sys -- (optovcm)
DRV - [2008/04/04 14:47:46 | 000,018,432 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\optousb.sys -- (optousb)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/20 02:03:00 | 000,227,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0270Dev.sys -- (VF0270Dev)
DRV - [2007/08/15 08:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/05/09 09:36:18 | 000,434,176 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinAVS.sys -- (PinnacleMarvinAVS)
DRV - [2007/04/11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/03/30 01:44:48 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/03/30 01:44:48 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/03/30 01:44:48 | 000,032,352 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2007/03/05 19:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0270Vfx.sys -- (VF0270Vfx)
DRV - [2007/02/05 11:15:26 | 000,018,432 | ---- | M] (NewSoft Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Achernar.sys -- (Achernar)
DRV - [2007/01/29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2007/01/12 16:55:24 | 000,022,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/06/07 16:28:40 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/06/07 16:28:20 | 000,149,028 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/06/07 16:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/06/07 16:23:20 | 000,047,811 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2005/11/22 00:49:40 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/10/22 07:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/22 07:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/22 07:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/22 07:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/08/04 08:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 07:10:12 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]tom.com:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\WebView\ [2010/08/04 07:36:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/06 11:02:45 | 000,000,000 | ---D | M]

[2009/05/28 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Mozilla\Extensions
[2009/05/28 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Mozilla\Extensions\[email protected]
[2009/12/11 17:42:54 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/07/03 10:04:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh\iMeshIEHelper.dll ()
O2 - BHO: (WebView) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (nurago GmbH)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
O4 - HKCU..\Run: [PowerSuite] C:\Program Files\Uniblue\PowerSuite\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GetRight.lnk = C:\Program Files\GetRight\GetRight.exe (Headlight Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Merlr Morgan-Oxford\Start Menu\Programs\Startup\Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : About WebView - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (nurago GmbH)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} http://www.shopandsc.../TNSClicker.CAB (TNSClicker.Clicker)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.n...E_5.3.0.228.cab (Cult3D ActiveX Player)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.5.cab (DLM Control)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1221301042406 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1221301033546 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandsc.../TNSClickrc.CAB (TNSClickerc.Clicker)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/x-icq {db40c160-09a1-11d3-baf2-000000000000} - C:\Program Files\ICQ\IExplorerMime.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/12 16:01:47 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\O:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\hvw.exe" -a "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\hvw.exe" -a "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/03 10:04:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/03 08:46:09 | 004,130,135 | R--- | C] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
[2011/07/03 08:26:19 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\mbam-setup-1.51.0.1200new.exe
[2011/07/02 20:49:04 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\dds.scr
[2011/06/30 16:17:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/30 16:10:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/30 16:10:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/30 16:10:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/30 16:10:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/30 16:02:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/30 16:00:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/30 15:50:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/30 13:54:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
[2011/06/25 11:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeamViewer
[2011/06/25 11:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TeamViewer 6
[2011/06/25 11:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/06/24 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/24 09:04:59 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/06/22 14:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
[2011/06/20 13:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\LightScribe Diagnostic Utility
[2011/06/10 19:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ebay purchases
[2011/05/01 15:15:37 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2011/03/03 21:20:52 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\log4cxx.dll
[2008/06/01 13:40:11 | 107,505,240 | ---- | C] (Acronis) -- C:\Program Files\TrueImage10.0_s_en.exe
[2008/06/01 13:39:55 | 107,505,240 | ---- | C] (Acronis) -- C:\Program Files\TrueImage10.0.4942_s_en.exe
[2008/06/01 13:39:48 | 001,069,935 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\RegCure_Setup_15_RW.exe
[2008/06/01 13:39:41 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2008/06/01 13:39:31 | 023,405,072 | ---- | C] ( ) -- C:\Program Files\AdbeRdr811_en_US.exe
[2002/01/14 18:30:34 | 021,823,560 | ---- | C] (Microsoft) -- C:\Program Files\dotnetfx.exe

========== Files - Modified Within 30 Days ==========

[2011/07/03 10:10:55 | 000,512,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/03 10:10:55 | 000,099,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/03 10:06:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/03 10:06:26 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/03 10:06:26 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/07/03 10:06:26 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-343818398-682003330-1004.job
[2011/07/03 10:06:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/03 10:05:05 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:05:05 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:05:05 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:05:05 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:05:05 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:04:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/03 10:04:18 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-343818398-682003330-1004.job
[2011/07/03 09:58:00 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Microsoft Office Outlook 2007.lnk
[2011/07/03 09:53:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/03 08:46:09 | 004,130,135 | R--- | M] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
[2011/07/03 08:26:19 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\mbam-setup-1.51.0.1200new.exe
[2011/07/03 08:20:36 | 000,092,296 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\BullGuardDownloader.exe
[2011/07/03 00:33:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/07/02 21:01:24 | 000,010,756 | -HS- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\1nb850ycrl48wf78og
[2011/07/02 21:01:24 | 000,010,756 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1nb850ycrl48wf78og
[2011/07/02 20:49:33 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\dds.scr
[2011/07/02 20:03:02 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\winlogin.com.exe
[2011/07/02 20:00:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\we8td2oqe.exe
[2011/07/02 19:59:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\qdfbu77hm1.exe
[2011/07/01 09:19:27 | 000,151,552 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/01 07:50:43 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000006-00001102-00000004-00511102}.CDF
[2011/07/01 07:50:43 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000006-00001102-00000004-00511102}.BAK
[2011/06/30 21:10:11 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/30 16:17:37 | 000,000,513 | RHS- | M] () -- C:\boot.ini
[2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
[2011/06/30 13:41:56 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Express Burn Disc Burning Software.lnk
[2011/06/30 13:07:58 | 000,608,373 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Unbootable system tutorial - Geeks to Go Forums.mht
[2011/06/30 13:06:58 | 000,123,823 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\How to Set BIOS to Boot from CDROM - www_hiren_info.mht
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 11:46:47 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TeamViewer 6.lnk
[2011/06/24 15:00:30 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/24 15:00:30 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/24 09:38:31 | 000,003,151 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/24 09:28:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/06/24 08:38:36 | 010,145,792 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ad-Aware90Install.msi
[2011/06/23 18:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/06/23 17:21:44 | 002,666,306 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Quick Scan#20110623172143000000000.bglog
[2011/06/23 16:59:10 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Shortcut to Local Disk ©.lnk
[2011/06/22 14:59:40 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/06/22 13:54:15 | 021,022,914 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\vlc-1.1.10-win32.exe
[2011/06/21 22:35:45 | 000,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2011/06/20 14:56:44 | 000,112,548 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Thank You at SewAlong.mht
[2011/06/20 13:47:45 | 000,475,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/20 08:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/18 14:29:20 | 000,029,038 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The_Mentalist_S03E24_Strawberries_and_Cream_Part_2_HDTV_XviD_LOL_VTV_avi-[Fenopy.eu].torrent
[2011/06/18 14:27:47 | 000,018,925 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The.Mentalist.S03E24.Strawberries.and.Cream.HDTV.XviD-2HD.torrent
[2011/06/18 06:50:50 | 000,019,457 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\11062555126C.jpg
[2011/06/18 02:06:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/06/16 03:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/06/06 13:27:29 | 000,059,065 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\THE_WALKING_DEAD_SEASON_1_2010_1080p_BluRay_QEBS_AAC-FASM.6299677.TPB.torrent
[2011/06/06 11:03:06 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2011/06/06 11:01:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2011/07/03 08:20:36 | 000,092,296 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\BullGuardDownloader.exe
[2011/07/02 20:03:02 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\winlogin.com.exe
[2011/07/02 20:00:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\we8td2oqe.exe
[2011/07/02 19:59:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\qdfbu77hm1.exe
[2011/07/01 09:08:40 | 000,010,756 | -HS- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\1nb850ycrl48wf78og
[2011/07/01 08:11:21 | 000,010,756 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1nb850ycrl48wf78og
[2011/06/30 16:17:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/30 16:10:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/30 16:10:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/30 16:10:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/30 16:10:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/30 16:10:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/30 13:48:23 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/30 13:41:56 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/06/30 13:41:56 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Express Burn Disc Burning Software.lnk
[2011/06/30 13:07:58 | 000,608,373 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Unbootable system tutorial - Geeks to Go Forums.mht
[2011/06/30 13:06:57 | 000,123,823 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\How to Set BIOS to Boot from CDROM - www_hiren_info.mht
[2011/06/25 11:46:47 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TeamViewer 6.lnk
[2011/06/24 09:38:05 | 000,003,151 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/24 09:05:10 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/06/24 09:05:02 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/06/24 09:04:37 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/06/24 09:04:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/06/24 09:04:30 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/06/24 09:04:29 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2011/06/24 08:24:46 | 010,145,792 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ad-Aware90Install.msi
[2011/06/23 17:24:37 | 002,666,306 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Quick Scan#20110623172143000000000.bglog
[2011/06/23 16:59:10 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Shortcut to Local Disk ©.lnk
[2011/06/22 14:59:40 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/06/20 14:56:34 | 000,112,548 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Thank You at SewAlong.mht
[2011/06/18 14:29:18 | 000,029,038 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The_Mentalist_S03E24_Strawberries_and_Cream_Part_2_HDTV_XviD_LOL_VTV_avi-[Fenopy.eu].torrent
[2011/06/18 14:27:41 | 000,018,925 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The.Mentalist.S03E24.Strawberries.and.Cream.HDTV.XviD-2HD.torrent
[2011/06/18 07:26:58 | 000,019,457 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\11062555126C.jpg
[2011/06/10 19:58:48 | 021,022,914 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\vlc-1.1.10-win32.exe
[2011/06/06 13:27:25 | 000,059,065 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\THE_WALKING_DEAD_SEASON_1_2010_1080p_BluRay_QEBS_AAC-FASM.6299677.TPB.torrent
[2011/06/06 11:03:06 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2011/05/01 15:15:47 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2011/05/01 15:15:47 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/05/01 15:15:47 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2011/05/01 15:15:47 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2011/05/01 15:15:47 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/05/01 15:15:46 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2011/05/01 15:15:46 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2011/05/01 15:15:46 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/05/01 15:15:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2011/05/01 15:15:45 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/05/01 15:15:45 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2011/05/01 15:15:45 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2011/05/01 15:15:45 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2011/05/01 15:15:45 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2011/05/01 15:15:45 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/05/01 15:15:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/09/22 17:35:56 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\WS_ATLMovie.dll
[2010/08/13 12:07:59 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/08/07 11:36:06 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/06/22 08:12:11 | 000,000,186 | ---- | C] () -- C:\WINDOWS\PHOTOHSE.INI
[2010/06/21 19:19:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\XSP2003.INI
[2010/06/21 19:04:58 | 000,000,131 | ---- | C] () -- C:\WINDOWS\XSPROF.INI
[2010/06/14 11:59:26 | 000,002,696 | ---- | C] () -- C:\WINDOWS\System32\WebViewLSPService.ini
[2010/06/14 11:59:26 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\WebViewLSPServiceOff.ini
[2010/05/06 11:06:26 | 000,000,062 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2010/05/03 07:40:04 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/06 17:02:41 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/04/06 17:02:41 | 001,185,359 | ---- | C] () -- C:\WINDOWS\System32\unins001.exe
[2010/04/06 17:02:41 | 000,046,845 | ---- | C] () -- C:\WINDOWS\System32\unins001.dat
[2010/02/17 22:49:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/01/16 10:14:52 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
[2010/01/16 10:14:51 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2010/01/16 10:14:51 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2010/01/16 10:14:51 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010/01/16 10:14:51 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2010/01/16 10:14:51 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2010/01/16 10:14:50 | 000,003,036 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/01/07 17:25:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\AVSMediaPlayer.m3u
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/02 09:51:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/06 18:12:39 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\setup_ldm.iss
[2009/09/11 12:40:20 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/09 10:04:42 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/05/23 07:20:45 | 000,101,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/02 20:16:28 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/04/02 20:16:28 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/03/21 14:35:32 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/03/18 16:19:51 | 000,000,111 | ---- | C] () -- C:\WINDOWS\SCORE.INI
[2009/02/26 04:11:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/02/16 19:18:06 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2009/02/16 19:16:12 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/02/15 17:58:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/01/11 15:25:07 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2009/01/11 15:25:07 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2009/01/11 15:25:07 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2009/01/02 12:30:30 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008/12/28 17:59:44 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/28 16:51:00 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/28 16:50:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/12/28 16:49:08 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/12 17:57:38 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/12/10 18:53:56 | 000,038,489 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Microsoft Excel 97-2003.ADR
[2008/12/09 19:57:26 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/12/09 19:57:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/12/09 19:57:02 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/12/09 19:56:42 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/12/09 19:56:34 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/12/09 19:56:22 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/12/08 14:37:04 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/08 14:34:42 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/08 13:53:40 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/06 20:00:27 | 001,466,969 | ---- | C] () -- C:\Program Files\88x_2_122_26109_WHQL.zip
[2008/12/06 08:43:56 | 000,029,561 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/06 08:43:35 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/12/06 08:42:57 | 000,000,628 | ---- | C] () -- C:\Program Files\WinTV Radio.lnk
[2008/12/06 08:42:46 | 000,000,650 | ---- | C] () -- C:\Program Files\WinTV2000.lnk
[2008/12/06 08:41:15 | 000,002,032 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/12/05 16:59:41 | 000,256,222 | ---- | C] () -- C:\Program Files\dotnetfx_cleanup_tool.zip
[2008/12/03 18:20:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2008/11/26 20:55:22 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/11/26 19:49:10 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/10/15 08:14:59 | 000,001,732 | ---- | C] () -- C:\Program Files\WinZip.lnk
[2008/10/12 16:10:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\rx_image.Cache
[2008/10/12 16:10:28 | 000,577,592 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\rx_audio.Cache
[2008/09/19 06:40:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/09/15 18:22:08 | 000,000,287 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2008/09/14 18:42:54 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ICQAL.dll
[2008/09/14 18:42:54 | 000,126,704 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/09/14 18:42:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\icqsock.dll
[2008/09/14 18:42:54 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\icquiex.dll
[2008/09/14 18:42:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\ICQMAPI.dll
[2008/09/14 18:42:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\icqcprt.dll
[2008/09/14 18:42:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/09/14 18:42:54 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\icqwcom.dll
[2008/09/14 18:42:54 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\icqwutl.dll
[2008/09/14 18:42:54 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\icqcutl.dll
[2008/09/14 18:42:54 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\ICQWSock16.dll
[2008/09/14 17:26:48 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/14 14:15:56 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/14 12:35:32 | 000,000,206 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2008/09/14 12:12:03 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2008/09/14 12:09:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\NSM4AEnc.dll
[2008/09/14 12:09:07 | 000,671,859 | ---- | C] () -- C:\WINDOWS\System32\NSEncore.dll
[2008/09/14 08:48:33 | 000,000,448 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/14 08:21:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\printhse.ini
[2008/09/14 08:21:29 | 000,000,056 | ---- | C] () -- C:\WINDOWS\country.ini
[2008/09/13 23:22:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2008/09/13 22:02:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\$_hpcst$.hpc
[2008/09/13 21:51:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CompanionApp.INI
[2008/09/13 20:16:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/13 15:15:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2008/09/13 14:37:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\LDLog.INI
[2008/09/13 14:36:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/13 14:28:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/09/13 14:05:10 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/09/13 14:04:47 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/09/13 14:04:45 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/09/13 14:04:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/09/13 14:04:42 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/09/13 13:25:15 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2008/09/13 13:25:14 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2008/09/13 13:17:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/09/13 13:02:56 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/09/13 13:02:52 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/09/13 11:40:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/13 11:39:20 | 000,475,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/13 11:08:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/13 11:04:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/09 23:36:57 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to setup.lnk
[2008/08/28 15:41:37 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2008/07/09 09:05:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2008/06/15 10:27:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/06/01 13:40:52 | 003,351,552 | ---- | C] () -- C:\Program Files\VersionTracker_Pro_Windows_4_0.msi
[2008/06/01 13:39:37 | 000,881,488 | ---- | C] () -- C:\Program Files\Google Updater.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/29 16:42:22 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 16:42:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/03/29 16:42:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 16:42:08 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 16:42:04 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 16:42:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 16:42:02 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2008/03/29 16:42:02 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 16:42:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 16:42:00 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2008/03/29 16:41:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2008/03/29 16:41:54 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 16:41:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/03/29 16:41:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/22 05:16:14 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2007/12/22 05:16:04 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/12/22 05:15:02 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2007/12/22 04:37:44 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/06/28 19:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/27 16:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/08/11 15:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/06/07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/01 14:05:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/11/10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/11/10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/11/10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/03/31 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 13:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2003/03/31 13:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/03/31 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 13:00:00 | 000,512,666 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(3).dll
[2003/03/31 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(2).dll
[2003/03/31 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 13:00:00 | 000,099,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll
[2003/03/31 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/03/31 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/23 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/03/21 15:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2009/08/30 13:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund
[2011/07/03 08:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BullGuard
[2011/05/23 16:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\C2E
[2009/05/13 06:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Documents
[2009/01/14 12:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2010/06/22 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DP Software
[2010/08/18 19:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Whiz
[2009/09/26 09:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
[2011/05/01 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2009/02/24 09:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Entriq
[2010/04/24 22:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Karen's Power Tools
[2011/07/03 10:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
[2011/06/30 13:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2009/01/14 12:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2008/09/13 21:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Philips
[2009/06/21 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2009/06/21 22:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio Plus
[2010/08/12 16:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RapidSolution
[2011/03/18 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2009/11/28 09:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sky
[2008/09/14 12:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
[2009/06/21 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Studio 12
[2010/09/22 17:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/07/01 10:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2010/09/22 17:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneClone
[2009/04/01 07:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2010/09/22 17:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\xml_param
[2011/05/01 12:02:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{83FC5D7A-8875-4931-80D6-1E3AC725D336}
[2011/05/01 12:01:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8EE64AC9-4067-4544-96FA-A1719B301ABF}
[2010/07/09 08:37:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
[2009/12/12 09:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/09/15 08:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/06/30 10:40:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/03/21 16:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Acronis
[2009/03/13 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Amazon
[2009/03/19 10:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Anthropics
[2009/08/30 13:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Broderbund
[2011/01/31 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\BullGuard
[2009/09/26 09:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\CBS Interactive
[2009/11/22 15:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/14 12:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\DriverCure
[2011/07/03 10:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\GetRight
[2010/12/17 15:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Graboid Inc
[2010/05/11 12:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Gygan
[2011/06/03 17:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\iMeshMediabarTb
[2008/09/13 14:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\InterTrust
[2010/08/13 12:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Megaupload
[2010/08/12 17:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\NCH Swift Sound
[2010/09/04 08:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Neo-Modus.com
[2009/05/29 08:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\RapidGet
[2011/01/02 10:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Samsung
[2009/01/04 22:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Search Settings
[2011/06/02 20:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\shrink_pic
[2011/01/31 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Software Inspection Library
[2010/05/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\SoundMaven
[2009/05/06 16:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\SuperNZB
[2009/01/11 15:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Systweak
[2011/06/25 11:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeamViewer
[2011/07/01 09:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeraCopy
[2009/02/17 20:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\tmp
[2009/05/28 17:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TomTom
[2011/05/01 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Uniblue
[2011/07/03 10:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\uTorrent
[2008/12/04 08:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\VersionTracker Pro
[2008/09/18 17:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Windows Desktop Search
[2008/09/18 20:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Windows Search
[2011/06/20 08:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/18 02:06:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/06/30 21:10:11 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2011/06/23 18:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/07/03 00:33:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2011/07/03 10:06:26 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011/06/16 03:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010/10/06 17:13:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2010/10/07 17:56:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



< End of report >

Thank you for your help
  • 0

#7
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
    O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\hvw.exe" -a "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\hvw.exe" -a "%1" %*
    [2011/07/02 20:03:02 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\winlogin.com.exe
    [2011/07/02 20:00:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\we8td2oqe.exe
    [2011/07/02 19:59:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\qdfbu77hm1.exe
    [2011/07/02 20:03:02 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\winlogin.com.exe
    [2011/07/02 20:00:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\we8td2oqe.exe
    [2011/07/02 19:59:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\qdfbu77hm1.exe
    [2011/07/01 09:08:40 | 000,010,756 | -HS- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\1nb850ycrl48wf78og
    [2011/07/01 08:11:21 | 000,010,756 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1nb850ycrl48wf78og
    [2009/02/17 20:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\tmp

    :Services

    :Reg

    :Files
    C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\hvw.exe

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under Extra Registry select Use SafeList
  • Click the Run Scan button. Post the two logs, OTL.txt and Extras.txt, it produces in your next reply.


Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :)
If you can't zip it, just upload it as is at MediaFire
  • 0

#8
merlejane

merlejane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
hi

here are the logs your requested and thank you again for all your help
OTL logfile created on: 03/07/2011 10:09:14 - Run 2
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Documents and Settings\Merlr Morgan-Oxford\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 57.87% Memory free
7.85 Gb Paging File | 7.10 Gb Available in Paging File | 90.51% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 106.89 Gb Free Space | 22.95% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1019.43 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive O: | 703.12 Mb Total Space | 703.12 Mb Free Space | 100.00% Space Free | Partition Type: CDUDF

Computer Name: MERLES-PC | User Name: Merlr Morgan-Oxford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
PRC - [2011/06/20 22:08:01 | 000,528,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/20 22:07:55 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/01 15:15:44 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2011/04/05 18:28:17 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/03 20:31:28 | 000,175,800 | ---- | M] (Compete, Inc.) -- C:\Program Files\Consumer Input\dca-ua.exe
PRC - [2011/01/27 08:57:52 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\PowerSuite\powersuite.exe
PRC - [2011/01/24 17:16:52 | 004,657,424 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\GetRight\GetRight.exe
PRC - [2011/01/21 16:06:36 | 000,056,168 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
PRC - [2011/01/21 15:43:56 | 000,053,104 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2010/06/14 11:59:26 | 003,043,328 | ---- | M] (nurago GmbH) -- C:\Program Files\WebViewLSPService\WebViewLSPService.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 12:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/02/23 13:20:24 | 000,176,128 | ---- | M] () -- C:\Program Files\WebView\WebView-Updater.exe
PRC - [2009/02/23 13:20:24 | 000,102,400 | ---- | M] () -- C:\Program Files\WebView\WebView-Reporting.exe
PRC - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/10/21 11:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/21 11:26:10 | 001,032,640 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/09/09 23:26:41 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2008/09/09 23:26:41 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2008/09/02 18:04:16 | 003,067,979 | ---- | M] () -- C:\Program Files\Shrink Pic\shrink_pic.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/02/21 17:19:30 | 000,613,792 | ---- | M] (Philips Consumer Electronics) -- C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
MOD - [2011/05/01 15:15:44 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/09/02 16:59:12 | 000,143,441 | ---- | M] () -- C:\Program Files\Shrink Pic\shrinkpici.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/20 22:07:55 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2011/05/01 15:19:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/14 11:59:26 | 003,043,328 | ---- | M] (nurago GmbH) [Auto | Running] -- C:\Program Files\WebViewLSPService\WebViewLSPService.exe -- (WebViewLSPService)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/02/23 13:20:24 | 000,176,128 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Updater.exe -- (WebView-Update-Service)
SRV - [2009/02/23 13:20:24 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Reporting.exe -- (WebView-Reporting-Service)
SRV - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/10/21 11:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/09/09 23:36:05 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2008/09/09 23:26:41 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2008/09/09 23:26:41 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2008/09/09 23:26:40 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2008/09/09 23:26:39 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - [2011/05/12 08:44:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2011/05/01 17:13:55 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2011/05/01 17:13:29 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011/05/01 16:58:35 | 000,321,280 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2011/05/01 16:58:19 | 000,013,440 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2011/05/01 16:57:57 | 000,215,168 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2011/05/01 16:57:57 | 000,012,288 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2011/05/01 15:15:50 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2011/05/01 15:15:50 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2011/05/01 15:15:50 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2011/05/01 15:15:50 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2011/05/01 15:15:50 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2011/05/01 15:15:49 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2011/05/01 15:15:49 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2011/05/01 15:15:49 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2011/05/01 15:15:49 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2011/05/01 15:15:49 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2011/05/01 15:15:49 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2011/05/01 15:15:49 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2011/05/01 15:15:49 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2011/05/01 15:15:48 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2011/05/01 15:15:48 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2011/05/01 15:13:42 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2011/05/01 15:13:42 | 000,045,696 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2010/12/31 22:24:14 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/12/01 20:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/08/27 05:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/08/27 05:32:08 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2010/08/27 05:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/08/27 05:32:08 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/08/27 05:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/08/02 16:01:47 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/07/21 09:00:00 | 000,020,352 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/21 17:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/21 14:51:07 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/03/21 14:50:59 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/03/21 14:50:59 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/03/21 14:50:49 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/02/17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/24 07:59:14 | 000,054,272 | ---- | M] (DAVICOM Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dm9usb.sys -- (DM9USB)
DRV - [2008/09/22 11:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2008/07/28 18:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/04 14:47:46 | 000,026,368 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\optovcm.sys -- (optovcm)
DRV - [2008/04/04 14:47:46 | 000,018,432 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\optousb.sys -- (optousb)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/20 02:03:00 | 000,227,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0270Dev.sys -- (VF0270Dev)
DRV - [2007/08/15 08:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/05/09 09:36:18 | 000,434,176 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinAVS.sys -- (PinnacleMarvinAVS)
DRV - [2007/04/11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/03/30 01:44:48 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/03/30 01:44:48 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/03/30 01:44:48 | 000,032,352 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2007/03/05 19:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0270Vfx.sys -- (VF0270Vfx)
DRV - [2007/02/05 11:15:26 | 000,018,432 | ---- | M] (NewSoft Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Achernar.sys -- (Achernar)
DRV - [2007/01/29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2007/01/12 16:55:24 | 000,022,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/06/07 16:28:40 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/06/07 16:28:20 | 000,149,028 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/06/07 16:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/06/07 16:23:20 | 000,047,811 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2005/11/22 00:49:40 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/10/22 07:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/22 07:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/22 07:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/22 07:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/08/04 08:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 07:10:12 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\WebView\ [2010/08/04 07:36:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/06 11:02:45 | 000,000,000 | ---D | M]

[2009/05/28 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Mozilla\Extensions
[2009/05/28 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Mozilla\Extensions\[email protected]
[2009/12/11 17:42:54 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/07/03 10:04:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh\iMeshIEHelper.dll ()
O2 - BHO: (WebView) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (nurago GmbH)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
O4 - HKCU..\Run: [PowerSuite] C:\Program Files\Uniblue\PowerSuite\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GetRight.lnk = C:\Program Files\GetRight\GetRight.exe (Headlight Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Merlr Morgan-Oxford\Start Menu\Programs\Startup\Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : About WebView - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (nurago GmbH)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} http://www.shopandsc.../TNSClicker.CAB (TNSClicker.Clicker)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.n...E_5.3.0.228.cab (Cult3D ActiveX Player)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.5.cab (DLM Control)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1221301042406 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1221301033546 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandsc.../TNSClickrc.CAB (TNSClickerc.Clicker)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/x-icq {db40c160-09a1-11d3-baf2-000000000000} - C:\Program Files\ICQ\IExplorerMime.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/12 16:01:47 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\O:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\hvw.exe" -a "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\hvw.exe" -a "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/03 10:04:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/03 08:46:09 | 004,130,135 | R--- | C] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
[2011/07/03 08:26:19 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\mbam-setup-1.51.0.1200new.exe
[2011/07/02 20:49:04 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\dds.scr
[2011/06/30 16:17:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/30 16:10:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/30 16:10:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/30 16:10:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/30 16:10:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/30 16:02:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/30 16:00:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/30 15:50:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/30 13:54:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
[2011/06/25 11:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeamViewer
[2011/06/25 11:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TeamViewer 6
[2011/06/25 11:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/06/24 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/24 09:04:59 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/06/22 14:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
[2011/06/20 13:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\LightScribe Diagnostic Utility
[2011/06/10 19:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ebay purchases
[2011/05/01 15:15:37 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2011/03/03 21:20:52 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\log4cxx.dll
[2008/06/01 13:40:11 | 107,505,240 | ---- | C] (Acronis) -- C:\Program Files\TrueImage10.0_s_en.exe
[2008/06/01 13:39:55 | 107,505,240 | ---- | C] (Acronis) -- C:\Program Files\TrueImage10.0.4942_s_en.exe
[2008/06/01 13:39:48 | 001,069,935 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\RegCure_Setup_15_RW.exe
[2008/06/01 13:39:41 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2008/06/01 13:39:31 | 023,405,072 | ---- | C] ( ) -- C:\Program Files\AdbeRdr811_en_US.exe
[2002/01/14 18:30:34 | 021,823,560 | ---- | C] (Microsoft) -- C:\Program Files\dotnetfx.exe

========== Files - Modified Within 30 Days ==========

[2011/07/03 10:10:55 | 000,512,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/03 10:10:55 | 000,099,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/03 10:06:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/03 10:06:26 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/03 10:06:26 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/07/03 10:06:26 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-343818398-682003330-1004.job
[2011/07/03 10:06:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/03 10:05:05 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:05:05 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:05:05 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:05:05 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:05:05 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 10:04:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/03 10:04:18 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-343818398-682003330-1004.job
[2011/07/03 09:58:00 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Microsoft Office Outlook 2007.lnk
[2011/07/03 09:53:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/03 08:46:09 | 004,130,135 | R--- | M] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
[2011/07/03 08:26:19 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\mbam-setup-1.51.0.1200new.exe
[2011/07/03 08:20:36 | 000,092,296 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\BullGuardDownloader.exe
[2011/07/03 00:33:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/07/02 21:01:24 | 000,010,756 | -HS- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\1nb850ycrl48wf78og
[2011/07/02 21:01:24 | 000,010,756 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1nb850ycrl48wf78og
[2011/07/02 20:49:33 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\dds.scr
[2011/07/02 20:03:02 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\winlogin.com.exe
[2011/07/02 20:00:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\we8td2oqe.exe
[2011/07/02 19:59:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\qdfbu77hm1.exe
[2011/07/01 09:19:27 | 000,151,552 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/01 07:50:43 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000006-00001102-00000004-00511102}.CDF
[2011/07/01 07:50:43 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000006-00001102-00000004-00511102}.BAK
[2011/06/30 21:10:11 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/30 16:17:37 | 000,000,513 | RHS- | M] () -- C:\boot.ini
[2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
[2011/06/30 13:41:56 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Express Burn Disc Burning Software.lnk
[2011/06/30 13:07:58 | 000,608,373 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Unbootable system tutorial - Geeks to Go Forums.mht
[2011/06/30 13:06:58 | 000,123,823 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\How to Set BIOS to Boot from CDROM - www_hiren_info.mht
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 11:46:47 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TeamViewer 6.lnk
[2011/06/24 15:00:30 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/24 15:00:30 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/24 09:38:31 | 000,003,151 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/24 09:28:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/06/24 08:38:36 | 010,145,792 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ad-Aware90Install.msi
[2011/06/23 18:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/06/23 17:21:44 | 002,666,306 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Quick Scan#20110623172143000000000.bglog
[2011/06/23 16:59:10 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Shortcut to Local Disk ©.lnk
[2011/06/22 14:59:40 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/06/22 13:54:15 | 021,022,914 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\vlc-1.1.10-win32.exe
[2011/06/21 22:35:45 | 000,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2011/06/20 14:56:44 | 000,112,548 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Thank You at SewAlong.mht
[2011/06/20 13:47:45 | 000,475,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/20 08:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/18 14:29:20 | 000,029,038 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The_Mentalist_S03E24_Strawberries_and_Cream_Part_2_HDTV_XviD_LOL_VTV_avi-[Fenopy.eu].torrent
[2011/06/18 14:27:47 | 000,018,925 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The.Mentalist.S03E24.Strawberries.and.Cream.HDTV.XviD-2HD.torrent
[2011/06/18 06:50:50 | 000,019,457 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\11062555126C.jpg
[2011/06/18 02:06:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/06/16 03:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/06/06 13:27:29 | 000,059,065 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\THE_WALKING_DEAD_SEASON_1_2010_1080p_BluRay_QEBS_AAC-FASM.6299677.TPB.torrent
[2011/06/06 11:03:06 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2011/06/06 11:01:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2011/07/03 08:20:36 | 000,092,296 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\BullGuardDownloader.exe
[2011/07/02 20:03:02 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\winlogin.com.exe
[2011/07/02 20:00:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\we8td2oqe.exe
[2011/07/02 19:59:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\qdfbu77hm1.exe
[2011/07/01 09:08:40 | 000,010,756 | -HS- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\1nb850ycrl48wf78og
[2011/07/01 08:11:21 | 000,010,756 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1nb850ycrl48wf78og
[2011/06/30 16:17:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/30 16:10:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/30 16:10:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/30 16:10:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/30 16:10:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/30 16:10:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/30 13:48:23 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/30 13:41:56 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/06/30 13:41:56 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Express Burn Disc Burning Software.lnk
[2011/06/30 13:07:58 | 000,608,373 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Unbootable system tutorial - Geeks to Go Forums.mht
[2011/06/30 13:06:57 | 000,123,823 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\How to Set BIOS to Boot from CDROM - www_hiren_info.mht
[2011/06/25 11:46:47 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TeamViewer 6.lnk
[2011/06/24 09:38:05 | 000,003,151 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/24 09:05:10 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/06/24 09:05:02 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/06/24 09:04:37 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/06/24 09:04:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/06/24 09:04:30 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/06/24 09:04:29 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2011/06/24 08:24:46 | 010,145,792 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ad-Aware90Install.msi
[2011/06/23 17:24:37 | 002,666,306 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Quick Scan#20110623172143000000000.bglog
[2011/06/23 16:59:10 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Shortcut to Local Disk ©.lnk
[2011/06/22 14:59:40 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/06/20 14:56:34 | 000,112,548 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Thank You at SewAlong.mht
[2011/06/18 14:29:18 | 000,029,038 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The_Mentalist_S03E24_Strawberries_and_Cream_Part_2_HDTV_XviD_LOL_VTV_avi-[Fenopy.eu].torrent
[2011/06/18 14:27:41 | 000,018,925 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The.Mentalist.S03E24.Strawberries.and.Cream.HDTV.XviD-2HD.torrent
[2011/06/18 07:26:58 | 000,019,457 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\11062555126C.jpg
[2011/06/10 19:58:48 | 021,022,914 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\vlc-1.1.10-win32.exe
[2011/06/06 13:27:25 | 000,059,065 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\THE_WALKING_DEAD_SEASON_1_2010_1080p_BluRay_QEBS_AAC-FASM.6299677.TPB.torrent
[2011/06/06 11:03:06 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2011/05/01 15:15:47 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2011/05/01 15:15:47 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/05/01 15:15:47 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2011/05/01 15:15:47 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2011/05/01 15:15:47 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/05/01 15:15:46 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2011/05/01 15:15:46 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2011/05/01 15:15:46 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/05/01 15:15:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2011/05/01 15:15:45 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/05/01 15:15:45 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2011/05/01 15:15:45 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2011/05/01 15:15:45 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2011/05/01 15:15:45 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2011/05/01 15:15:45 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/05/01 15:15:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/09/22 17:35:56 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\WS_ATLMovie.dll
[2010/08/13 12:07:59 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/08/07 11:36:06 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/06/22 08:12:11 | 000,000,186 | ---- | C] () -- C:\WINDOWS\PHOTOHSE.INI
[2010/06/21 19:19:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\XSP2003.INI
[2010/06/21 19:04:58 | 000,000,131 | ---- | C] () -- C:\WINDOWS\XSPROF.INI
[2010/06/14 11:59:26 | 000,002,696 | ---- | C] () -- C:\WINDOWS\System32\WebViewLSPService.ini
[2010/06/14 11:59:26 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\WebViewLSPServiceOff.ini
[2010/05/06 11:06:26 | 000,000,062 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2010/05/03 07:40:04 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/06 17:02:41 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/04/06 17:02:41 | 001,185,359 | ---- | C] () -- C:\WINDOWS\System32\unins001.exe
[2010/04/06 17:02:41 | 000,046,845 | ---- | C] () -- C:\WINDOWS\System32\unins001.dat
[2010/02/17 22:49:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/01/16 10:14:52 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
[2010/01/16 10:14:51 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2010/01/16 10:14:51 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2010/01/16 10:14:51 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010/01/16 10:14:51 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2010/01/16 10:14:51 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2010/01/16 10:14:50 | 000,003,036 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/01/07 17:25:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\AVSMediaPlayer.m3u
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/02 09:51:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/06 18:12:39 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\setup_ldm.iss
[2009/09/11 12:40:20 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/09 10:04:42 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/05/23 07:20:45 | 000,101,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/02 20:16:28 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/04/02 20:16:28 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/03/21 14:35:32 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/03/18 16:19:51 | 000,000,111 | ---- | C] () -- C:\WINDOWS\SCORE.INI
[2009/02/26 04:11:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/02/16 19:18:06 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2009/02/16 19:16:12 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/02/15 17:58:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/01/11 15:25:07 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2009/01/11 15:25:07 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2009/01/11 15:25:07 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2009/01/02 12:30:30 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008/12/28 17:59:44 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/28 16:51:00 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/28 16:50:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/12/28 16:49:08 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/12 17:57:38 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/12/10 18:53:56 | 000,038,489 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Microsoft Excel 97-2003.ADR
[2008/12/09 19:57:26 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/12/09 19:57:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/12/09 19:57:02 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/12/09 19:56:42 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/12/09 19:56:34 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/12/09 19:56:22 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/12/08 14:37:04 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/08 14:34:42 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/08 13:53:40 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/06 20:00:27 | 001,466,969 | ---- | C] () -- C:\Program Files\88x_2_122_26109_WHQL.zip
[2008/12/06 08:43:56 | 000,029,561 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/06 08:43:35 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/12/06 08:42:57 | 000,000,628 | ---- | C] () -- C:\Program Files\WinTV Radio.lnk
[2008/12/06 08:42:46 | 000,000,650 | ---- | C] () -- C:\Program Files\WinTV2000.lnk
[2008/12/06 08:41:15 | 000,002,032 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/12/05 16:59:41 | 000,256,222 | ---- | C] () -- C:\Program Files\dotnetfx_cleanup_tool.zip
[2008/12/03 18:20:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2008/11/26 20:55:22 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/11/26 19:49:10 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/10/15 08:14:59 | 000,001,732 | ---- | C] () -- C:\Program Files\WinZip.lnk
[2008/10/12 16:10:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\rx_image.Cache
[2008/10/12 16:10:28 | 000,577,592 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\rx_audio.Cache
[2008/09/19 06:40:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/09/15 18:22:08 | 000,000,287 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2008/09/14 18:42:54 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ICQAL.dll
[2008/09/14 18:42:54 | 000,126,704 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/09/14 18:42:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\icqsock.dll
[2008/09/14 18:42:54 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\icquiex.dll
[2008/09/14 18:42:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\ICQMAPI.dll
[2008/09/14 18:42:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\icqcprt.dll
[2008/09/14 18:42:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/09/14 18:42:54 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\icqwcom.dll
[2008/09/14 18:42:54 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\icqwutl.dll
[2008/09/14 18:42:54 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\icqcutl.dll
[2008/09/14 18:42:54 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\ICQWSock16.dll
[2008/09/14 17:26:48 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/14 14:15:56 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/14 12:35:32 | 000,000,206 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2008/09/14 12:12:03 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2008/09/14 12:09:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\NSM4AEnc.dll
[2008/09/14 12:09:07 | 000,671,859 | ---- | C] () -- C:\WINDOWS\System32\NSEncore.dll
[2008/09/14 08:48:33 | 000,000,448 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/14 08:21:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\printhse.ini
[2008/09/14 08:21:29 | 000,000,056 | ---- | C] () -- C:\WINDOWS\country.ini
[2008/09/13 23:22:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2008/09/13 22:02:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\$_hpcst$.hpc
[2008/09/13 21:51:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CompanionApp.INI
[2008/09/13 20:16:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/13 15:15:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2008/09/13 14:37:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\LDLog.INI
[2008/09/13 14:36:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/13 14:28:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/09/13 14:05:10 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/09/13 14:04:47 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/09/13 14:04:45 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/09/13 14:04:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/09/13 14:04:42 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/09/13 13:25:15 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2008/09/13 13:25:14 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2008/09/13 13:17:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/09/13 13:02:56 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/09/13 13:02:52 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/09/13 11:40:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/13 11:39:20 | 000,475,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/13 11:08:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/13 11:04:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/09 23:36:57 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to setup.lnk
[2008/08/28 15:41:37 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2008/07/09 09:05:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2008/06/15 10:27:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/06/01 13:40:52 | 003,351,552 | ---- | C] () -- C:\Program Files\VersionTracker_Pro_Windows_4_0.msi
[2008/06/01 13:39:37 | 000,881,488 | ---- | C] () -- C:\Program Files\Google Updater.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/29 16:42:22 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 16:42:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/03/29 16:42:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 16:42:08 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 16:42:04 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 16:42:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 16:42:02 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2008/03/29 16:42:02 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 16:42:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 16:42:00 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2008/03/29 16:41:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2008/03/29 16:41:54 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 16:41:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/03/29 16:41:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/22 05:16:14 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2007/12/22 05:16:04 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/12/22 05:15:02 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2007/12/22 04:37:44 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/06/28 19:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/27 16:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/08/11 15:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/06/07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/01 14:05:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/11/10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/11/10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/11/10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/03/31 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 13:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2003/03/31 13:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/03/31 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 13:00:00 | 000,512,666 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(3).dll
[2003/03/31 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(2).dll
[2003/03/31 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 13:00:00 | 000,099,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll
[2003/03/31 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/03/31 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/23 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/03/21 15:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2009/08/30 13:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund
[2011/07/03 08:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BullGuard
[2011/05/23 16:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\C2E
[2009/05/13 06:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Documents
[2009/01/14 12:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2010/06/22 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DP Software
[2010/08/18 19:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Whiz
[2009/09/26 09:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
[2011/05/01 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2009/02/24 09:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Entriq
[2010/04/24 22:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Karen's Power Tools
[2011/07/03 10:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
[2011/06/30 13:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2009/01/14 12:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2008/09/13 21:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Philips
[2009/06/21 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2009/06/21 22:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio Plus
[2010/08/12 16:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RapidSolution
[2011/03/18 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2009/11/28 09:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sky
[2008/09/14 12:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
[2009/06/21 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Studio 12
[2010/09/22 17:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/07/01 10:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2010/09/22 17:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneClone
[2009/04/01 07:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2010/09/22 17:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\xml_param
[2011/05/01 12:02:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{83FC5D7A-8875-4931-80D6-1E3AC725D336}
[2011/05/01 12:01:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8EE64AC9-4067-4544-96FA-A1719B301ABF}
[2010/07/09 08:37:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
[2009/12/12 09:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/09/15 08:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/06/30 10:40:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/03/21 16:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Acronis
[2009/03/13 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Amazon
[2009/03/19 10:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Anthropics
[2009/08/30 13:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Broderbund
[2011/01/31 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\BullGuard
[2009/09/26 09:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\CBS Interactive
[2009/11/22 15:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/14 12:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\DriverCure
[2011/07/03 10:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\GetRight
[2010/12/17 15:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Graboid Inc
[2010/05/11 12:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Gygan
[2011/06/03 17:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\iMeshMediabarTb
[2008/09/13 14:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\InterTrust
[2010/08/13 12:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Megaupload
[2010/08/12 17:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\NCH Swift Sound
[2010/09/04 08:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Neo-Modus.com
[2009/05/29 08:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\RapidGet
[2011/01/02 10:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Samsung
[2009/01/04 22:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Search Settings
[2011/06/02 20:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\shrink_pic
[2011/01/31 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Software Inspection Library
[2010/05/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\SoundMaven
[2009/05/06 16:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\SuperNZB
[2009/01/11 15:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Systweak
[2011/06/25 11:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeamViewer
[2011/07/01 09:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeraCopy
[2009/02/17 20:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\tmp
[2009/05/28 17:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TomTom
[2011/05/01 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Uniblue
[2011/07/03 10:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\uTorrent
[2008/12/04 08:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\VersionTracker Pro
[2008/09/18 17:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Windows Desktop Search
[2008/09/18 20:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Windows Search
[2011/06/20 08:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/18 02:06:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/06/30 21:10:11 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2011/06/23 18:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/07/03 00:33:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2011/07/03 10:06:26 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011/06/16 03:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010/10/06 17:13:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2010/10/07 17:56:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 03/07/2011 16:13:33 - Run 3
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Documents and Settings\Merlr Morgan-Oxford\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 51.22% Memory free
7.85 Gb Paging File | 6.98 Gb Available in Paging File | 88.99% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 106.96 Gb Free Space | 22.96% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1019.43 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive O: | 703.12 Mb Total Space | 703.12 Mb Free Space | 100.00% Space Free | Partition Type: CDUDF

Computer Name: MERLES-PC | User Name: Merlr Morgan-Oxford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [RapidShareManagerMail] -- C:\Program Files\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"990:TCP" = 990:TCP:*:Enabled:ActiveSync
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" = C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:Philips Intelligent Agent -- (Philips Consumer Electronics)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{102745C4-5956-4B71-8D4A-8581A0497607}" = AV Album Art Fixer for MCE and WMP
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{17D6BCE2-757A-4A68-A5CD-032E557E1978}" = LightScribe Diagnostic Utility
"{17DBFAE6-7259-4046-8FEF-C0C817A04069}" = DECdry Free Grids for Word 2003
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video/Audio Device Driver
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CDB2DCD-1153-4ED4-9D0A-606231CEFE9A}" = LightScribe Template Designs - Art Pack 1
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{49CE65E4-9EE2-4F29-8768-58DD1E45D09C}" = HP Photo and Imaging 2.1 - Scanjet 36X0 Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{5399ACAF-7B15-43D5-9233-4E797B184FD2}" = AVIVO
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{569C24E9-1D28-4738-99EF-6BEC75DC5F6A}" = Creative ZEN Vision W
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F0545E7-3F0F-4730-AF70-26E61DBDF263}" = WebView
"{5F9662B9-ED3F-4F02-9DEE-EFA1F95F629F}" = Paragon Drive Backup 8.5 Special Edition
"{634F6989-4BB5-4EF2-AF6F-C15700F81494}}_is1" = Advanced System Optimizer
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64A32253-A906-4AEB-B6A7-A90512B68D87}" = VersionTracker Pro Windows
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6BBBF697-2642-4C52-99F6-7EFAB32EEC49}" = PlexTools Professional LE V3.13
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{816F3830-67AE-4C8C-B7F5-E9E6E3FA6650}_is1" = Berg Player 8,0 & FlashPack 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85548764-32DC-43ED-BAA5-5386FDB2500A}" = LightScribe Template Designs - Urban Pack 1
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}" = Readiris Pro 8
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}" = Presto! VideoWorks 6
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C01EAD00-7A41-4045-9FB7-07813BA1EDAE}" = Samsung PC Studio 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C41DABFE-49B1-4B24-9DF0-6DF70B485737}" = Mega Manager
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF736FF-8133-42F3-8E18-BDFE293B87FF}" = LightScribe Template Designs - Holiday Pack 1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9197623-93E7-4664-9476-24834FA74FD7}" = LightScribe Public Windows SDK
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DE72186D-A4A5-4504-839C-B14FC3432DA1}" = LightScribe Template Designs - Fantasy Pack 1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EEFD47F3-3122-4A9C-8FFA-199F624378C6}" = Presto! Digital Converter 1.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F7D689BA-E7DE-4727-9F8D-936B6C30A53A}" = Rapidshare Auto Downloader 3.6.2
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"0BCA6D24013166B380927D270B90FF6D447A4AAA" = Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports (06/02/2008 2.0.5.5)
"3ivx MPEG-4 5.0.2 Plus Decoder" = 3ivx MPEG-4 5.0.2 Plus Decoder (remove only)
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"ACT!" = ACT!
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Video FX Engine" = Advanced Video FX Engine
"Aimersoft DRM Media Converter_is1" = Aimersoft DRM Media Converter(Build 1.4.6.0)
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.4
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"AudioConSole" = Creative Audio Console
"AudioCS" = Creative Audio Console
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS Audio Editor_is1" = AVS Audio Editor version 4.2
"AVS Disc Creator_is1" = AVS Disc Creator version 3.5
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.1
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.20
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS TV Recorder_is1" = AVS TV Recorder 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.165
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS Video to Flash_is1" = AVS Video to Flash
"AVS VideotoGO_is1" = AVS Video to GO
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU DV to DVD_is1" = AVS DV to DVD 1.2
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVS4YOU Video ReMaker_is1" = AVS Video ReMaker 2.4
"AVSCoverEditor_AVS4YOU_is1" = AVS Cover Editor 1.3.1.96 (AVS4YOU)
"BullGuard" = BullGuard 6.0
"CloneDVD2" = CloneDVD2
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"conduitEngine" = Conduit Engine
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam Optia User's Guide English" = Creative Live! Cam Optia User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative PlayCenter 2.0" = Creative PlayCenter
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0270" = Creative Live! Cam Optia Driver (1.03.01.0000)
"Cross Stitch Explorer_is1" = Cross Stitch Explorer version 1.0
"Cross Stitch Professional Platinum_is1" = Cross Stitch Professional Platinum Videos
"DBWScript" = DBWScript 2.5
"DC++" = DC++ 0.7091
"Demand Five Player_is1" = Demand Five Player
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"DivX Setup.divx.com" = DivX Setup
"Duplicate File Cleaner_is1" = Duplicate File Cleaner v2.5
"Duplicate Finder_is1" = Duplicate Finder
"DVD X Player Professional 3.0_is1" = DVD X Player Professional V3.0
"Easy Video Capture_is1" = Easy Video Capture 1.30
"EAX Goldmine" = EAX Goldmine
"Elf_1 Toolbar" = Elf 1 Toolbar
"Entriq MediaSphere_is1" = Uninstall Entriq MediaSphere
"ExpressBurn" = Express Burn Disc Burning Software
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"FreeZip" = FreeZip
"GetRight_is1" = GetRight
"Graboid Video" = Graboid Video 2.01
"HaaliMkx" = Haali Media Splitter
"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp deskjet 840c series" = hp deskjet 840c series (Remove only)
"hp deskjet 840c series_Driver" = hp deskjet 840c series
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"iMesh" = iMesh
"imeshmediabartb" = MediaBar
"Karen's Directory Printer" = Karen's Directory Printer
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Matroska Pack" = Matroska Pack
"Media Player - Codec Pack" = Media Player Codec Pack 3.3.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moleskinsoft Clone Remover 3.3_is1" = Moleskinsoft Clone Remover 3.3
"MovieXplayer" = MovieXplayer
"MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Online Manuals for WinTV (English)" = Online Manuals for WinTV (English)
"Oozic Reactor" = Oozic Reactor
"Outlook Express Backup Restore_is1" = Outlook Express Backup Restore
"OUTLOOKR" = Microsoft Office Outlook 2007
"PerfectHome (Desktop Edition)_is1" = PerfectHome (Desktop Edition)
"PFPortChecker" = PFPortChecker 1.0.28
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"Portrait Professional 8 Trial_is1" = Portrait Professional 8.1 Trial
"Prism" = Prism Video Converter
"QueTek File Scavenger 3.2 (en)" = File Scavenger 3.2 (en)
"RapidShare Manager" = RapidShare Manager
"RealAlt_is1" = Real Alternative 1.9.0
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"RegCure" = RegCure 1.5.0.0
"RM Files Converter_is1" = RM Files Converter 2.2
"Score Software" = Score Software
"Shrink Pic" = Shrink Pic (remove)
"Sound Blaster Audigy" = Sound Blaster Audigy
"SoundFont Showcase" = SoundFont Showcase
"SoundMaven_is1" = SoundMaven 0.8 beta
"ST6UNST #1" = Tec-Tracker
"stax-Pinnacle_is1" = SureThing Express Labeler
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SuperNZB_is1" = SuperNZB v3.2.1
"Sure Cuts A Lot_is1" = Sure Cuts A Lot 1.016
"Switch" = Switch Sound File Converter
"SysInfo" = Creative System Information
"TeamViewer 6" = TeamViewer 6
"TeraCopy_is1" = TeraCopy 2.12
":spam: DVD to DPG Converter_is1" = :spam: DVD to DPG Converter
"TomTom HOME" = TomTom HOME 2.7.3.1894
"ToolBox" = NCH Toolbox
"TuneClone_is1" = TuneClone 1.40
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.7
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"Consumer Input Software" = Consumer Input Software (remove only)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/07/2011 05:29:23 | Computer Name = MERLES-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX.TXT> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 03/07/2011 05:29:23 | Computer Name = MERLES-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX.TXT> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 03/07/2011 05:30:12 | Computer Name = MERLES-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 03/07/2011 05:31:48 | Computer Name = MERLES-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\QOOBOX\BACKENV> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 03/07/2011 06:55:49 | Computer Name = MERLES-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 03/07/2011 08:06:46 | Computer Name = MERLES-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 03/07/2011 11:05:06 | Computer Name = MERLES-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.

Error - 03/07/2011 11:05:06 | Computer Name = MERLES-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 03/07/2011 11:05:09 | Computer Name = MERLES-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.

Error - 03/07/2011 11:05:09 | Computer Name = MERLES-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

[ OSession Events ]
Error - 03/06/2010 08:42:44 | Computer Name = MERLES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/03/2011 17:47:58 | Computer Name = MERLES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 30131
seconds with 420 seconds of active time. This session ended with a crash.

Error - 11/05/2011 03:45:57 | Computer Name = MERLES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 340207
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 27/05/2011 17:07:55 | Computer Name = MERLES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 452623
seconds with 5160 seconds of active time. This session ended with a crash.

Error - 13/06/2011 06:35:58 | Computer Name = MERLES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 409335
seconds with 2940 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03/07/2011 11:07:43 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WebViewLSPService
with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error - 03/07/2011 11:07:58 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 03/07/2011 11:07:58 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 03/07/2011 11:08:31 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WebViewLSPService
with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error - 03/07/2011 11:08:32 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WebViewLSPService
with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error - 03/07/2011 11:08:43 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WebViewLSPService
with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error - 03/07/2011 11:09:18 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 03/07/2011 11:11:35 | Computer Name = MERLES-PC | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 03/07/2011 11:11:44 | Computer Name = MERLES-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 03/07/2011 11:11:46 | Computer Name = MERLES-PC | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 340 (0x154).


< End of report >
aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-03 16:59:35
-----------------------------
16:59:35.250 OS Version: Windows 5.1.2600 Service Pack 2
16:59:35.250 Number of processors: 4 586 0xF0B
16:59:35.250 ComputerName: MERLES-PC UserName:
17:00:17.062 Initialize success
17:00:47.843 AVAST engine download error: 0
17:01:34.796 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:01:34.796 Disk 0 Vendor: WDC_WD15EARS-00Z5B1 80.00A80 Size: 1430799MB BusType: 3
17:01:34.796 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
17:01:34.796 Disk 1 Vendor: MAXTOR_STM3500320AS MX15 Size: 476940MB BusType: 3
17:01:34.796 Device \Driver\atapi -> DriverStartIo 8bdb131b
17:01:36.796 Disk 1 MBR read successfully
17:01:36.796 Disk 1 MBR scan
17:01:36.796 Disk 1 [email protected] code has been found
17:01:36.796 Disk 1 Windows XP default MBR code found via API
17:01:36.796 Disk 1 MBR hidden
17:01:36.796 Disk 1 MBR [TDL4] **ROOTKIT**
17:01:36.796 Disk 1 trace - called modules:
17:01:36.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8bdb14d0]<<
17:01:36.796 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8be238e0]
17:01:36.796 3 CLASSPNP.SYS[f766805b] -> nt!IofCallDriver -> \Device\00000092[0x8bda39e8]
17:01:36.796 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8bdf9d98]
17:01:36.796 \Driver\atapi[0x8be19978] -> IRP_MJ_CREATE -> 0x8bdb14d0
17:01:36.796 Scan finished successfully
17:02:17.687 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\MBR.dat"
17:02:17.687 The log file has been saved successfully to "C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   561bytes   24 downloads

  • 0

#9
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix button

Posted Image


Save the log as before and post in your next reply




Next:

Please re-run ComboFix and post the log here


Also open OTL, press the Quick Scan button and post the log here too

Next:


Uninstall the following programs:

Uniblue RegistryBooster
Conduit Engine
Elf 1 Toolbar
MediaBar
RegCure 1.5.0.0



When you finish, please tell me how's your computer working and if there are any other problems
  • 0

#10
merlejane

merlejane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
hi
I had a bit of trouble with aswMBR on the fix bit it frozen everything so after waiting an hour to see if it unfrozen I restarted and all was well I reran it and I include the logs. there is just one more thing that bothers me Adaware is behaveing oddly it keeps saying I should restart my computer to finalize install of adaware live EVERY time I restart my computer it says that, which is odd don't you think? I've tried to delete it but I can't?

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-03 20:16:17
-----------------------------
20:16:17.937 OS Version: Windows 5.1.2600 Service Pack 2
20:16:17.937 Number of processors: 4 586 0xF0B
20:16:17.937 ComputerName: MERLES-PC UserName:
20:16:30.375 Initialize success
20:22:02.171 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:22:02.171 Disk 0 Vendor: WDC_WD15EARS-00Z5B1 80.00A80 Size: 1430799MB BusType: 3
20:22:02.187 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
20:22:02.187 Disk 1 Vendor: MAXTOR_STM3500320AS MX15 Size: 476940MB BusType: 3
20:22:04.250 Disk 1 MBR read successfully
20:22:04.250 Disk 1 MBR scan
20:22:04.250 Disk 1 Windows XP default MBR code
20:22:06.281 Disk 1 scanning sectors +976752000
20:22:06.328 Disk 1 scanning C:\WINDOWS\system32\drivers
20:22:43.265 Service scanning
20:22:44.859 Disk 1 trace - called modules:
20:22:44.890 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
20:22:44.890 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8be32ab8]
20:22:44.890 3 CLASSPNP.SYS[f766805b] -> nt!IofCallDriver -> \Device\00000092[0x8be379e8]
20:22:44.890 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8bd9e940]
20:22:44.890 Scan finished successfully
20:23:29.875 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\MBR.dat"
20:23:29.875 The log file has been saved successfully to "C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\aswMBR2.txt"


ComboFix 11-07-02.03 - Merlr Morgan-Oxford 03/07/2011 20:28:15.5.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1252 [GMT 1:00]
Running from: c:\documents and settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Updated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *Disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 12:01 . 2003-09-12 15:08 11914 -c--a-w- c:\windows\system32\drivers\wg3n.sys
2011-07-03 12:01 . 2003-09-12 15:08 55888 -c--a-w- c:\windows\system32\drivers\Teefer.sys
2011-07-03 12:01 . 2003-09-12 15:08 18515 -c--a-w- c:\windows\system32\drivers\wpsdrvnt.sys
2011-06-30 14:50 . 2011-06-30 14:50 -------- dc----w- C:\_OTL
2011-06-30 09:49 . 2011-06-30 09:49 -------- d-----w- c:\documents and settings\Administrator.MERLES-PC\Application Data\Software Inspection Library
2011-06-25 10:47 . 2011-06-25 10:47 -------- d-----w- c:\documents and settings\Merlr Morgan-Oxford\Application Data\TeamViewer
2011-06-25 10:46 . 2011-06-25 10:46 -------- d-----w- c:\program files\TeamViewer
2011-06-24 15:08 . 2011-06-30 09:49 -------- d-----w- c:\documents and settings\Administrator.MERLES-PC\Application Data\BullGuard
2011-06-24 08:05 . 2004-08-04 07:56 4255 ----a-w- c:\windows\system32\drivers\adv01nt5.dll
2011-06-24 08:04 . 2010-02-16 13:19 2181376 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-06-22 12:57 . 2011-06-22 12:57 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Temp
2011-06-22 12:57 . 2011-06-22 12:57 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Adobe
2011-06-20 15:38 . 2011-06-20 15:38 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\NVIDIA Corporation
2011-06-20 12:43 . 2011-06-20 12:43 -------- dc----w- c:\windows\system32\wbem\Repository
2011-06-20 12:41 . 2011-06-20 12:41 -------- d-----w- c:\program files\LightScribe Diagnostic Utility
2011-06-20 09:43 . 2011-06-20 09:43 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\IECompatCache
2011-06-20 08:58 . 2011-06-20 08:58 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-08 16:30 . 2011-05-19 14:52 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 07:44 . 2006-06-07 15:29 37160 -c----w- c:\windows\system32\drivers\btport.sys
2011-05-04 03:52 . 2010-05-09 07:20 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-05-04 01:25 . 2008-09-14 12:11 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-05-01 16:16 . 2011-05-01 16:16 67568 -c--a-w- c:\windows\system32\drivers\usbhub20.sys
2011-05-01 16:13 . 2006-06-07 21:06 533152 -c----w- c:\windows\system32\drivers\btaudio.sys
2011-05-01 16:13 . 2006-06-07 15:33 991264 -c----w- c:\windows\system32\drivers\btkrnl.sys
2011-05-01 15:58 . 2008-09-13 14:16 321280 -c----w- c:\windows\system32\drivers\hcw88tse.sys
2011-05-01 15:58 . 2008-09-13 14:16 134144 -c--a-w- c:\windows\system32\drivers\hcw88prx.ax
2011-05-01 15:58 . 2008-09-13 14:16 13440 -c--a-w- c:\windows\system32\drivers\hcw88aud.sys
2011-05-01 15:57 . 2008-12-06 19:01 96256 -c--a-w- c:\windows\system32\hcwcp.ax
2011-05-01 15:57 . 2008-12-06 19:01 139264 -c--a-w- c:\windows\system32\hcwecppp.ax
2011-05-01 15:57 . 2008-09-13 14:15 40960 -c----w- c:\windows\system32\hcwxds.dll
2011-05-01 15:57 . 2008-09-13 14:15 396672 -c----w- c:\windows\system32\drivers\hcw88vid.sys
2011-05-01 15:57 . 2008-09-13 14:17 215168 -c----w- c:\windows\system32\drivers\hcw88bda.sys
2011-05-01 15:57 . 2008-09-13 14:15 9539 -c--a-w- c:\windows\system32\drivers\hcw88r9x.sys
2011-05-01 15:57 . 2008-09-13 14:15 77056 -c----w- c:\windows\system32\drivers\hcw88tun.sys
2011-05-01 15:57 . 2008-09-13 14:15 17920 -c----w- c:\windows\system32\drivers\hcw88bar.sys
2011-05-01 15:57 . 2008-09-13 14:15 12288 -c----w- c:\windows\system32\drivers\hcw88rc5.sys
2011-05-01 14:17 . 2008-09-13 12:55 444952 -c--a-w- c:\windows\system32\wrap_oal.dll
2011-05-01 14:17 . 2001-07-11 10:51 109080 -c--a-w- c:\windows\system32\OpenAL32.dll
2011-05-01 14:15 . 2011-05-01 14:15 92696 -c--a-w- c:\windows\system32\drivers\emupia2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 798744 -c----w- c:\windows\system32\drivers\ha10kx2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 189464 -c----w- c:\windows\system32\drivers\haP17v2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 162840 -c----w- c:\windows\system32\drivers\haP16v2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 157208 -c--a-w- c:\windows\system32\drivers\ctsfm2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 566296 -c----w- c:\windows\system32\drivers\CTSBLFX.sys
2011-05-01 14:15 . 2011-05-01 14:15 555032 -c----w- c:\windows\system32\drivers\CTAUDFX.sys
2011-05-01 14:15 . 2011-05-01 14:15 528408 -c--a-w- c:\windows\system32\drivers\ctaud2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 511000 -c----w- c:\windows\system32\drivers\ctac32k.sys
2011-05-01 14:15 . 2011-05-01 14:15 347080 -c--a-w- c:\windows\system32\drivers\ctdvda2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 18840 -c--a-w- c:\windows\system32\drivers\CTGAME.SYS
2011-05-01 14:15 . 2011-05-01 14:15 14360 -c--a-w- c:\windows\system32\drivers\ctprxy2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 1396120 -c--a-w- c:\windows\system32\drivers\CTMMFILT.SYS
2011-05-01 14:15 . 2011-05-01 14:15 127512 -c--a-w- c:\windows\system32\drivers\ctoss2k.sys
2011-05-01 14:15 . 2011-05-01 14:15 100888 -c----w- c:\windows\system32\drivers\CTERFXFX.sys
2011-05-01 14:15 . 2011-05-01 14:15 99352 -c----w- c:\windows\system32\drivers\COMMONFX.sys
2011-05-01 14:15 . 2011-05-01 14:15 15896 -c--a-w- c:\windows\system32\drivers\pfmodnt.sys
2011-05-01 14:15 . 2011-05-01 14:15 1366424 -c--a-w- c:\windows\system32\drivers\CT0531FL.SYS
2011-05-01 14:15 . 2011-05-01 14:15 121856 -c--a-w- c:\windows\system32\ctsfinst.dll
2011-05-01 14:15 . 2006-08-11 14:57 182272 -c--a-w- c:\windows\system32\ctdvinst.dll
2011-05-01 14:15 . 2006-08-11 14:57 86528 -c--a-w- c:\windows\system32\ctcoinst.dll
2011-05-01 14:15 . 2011-05-01 14:15 9216 -c--a-w- c:\windows\system32\ctpres.dll
2011-05-01 14:15 . 2011-05-01 14:15 9216 -c--a-w- c:\windows\CTPRES.DLL
2011-05-01 14:15 . 2011-05-01 14:15 87712 -c--a-w- c:\windows\system32\ctpxst32.exe
2011-05-01 14:15 . 2011-05-01 14:15 77824 -c--a-w- c:\windows\system32\ctmmactl.dll
2011-05-01 14:15 . 2011-05-01 14:15 69632 -c--a-w- c:\windows\system32\ctosuser.dll
2011-05-01 14:15 . 2011-05-01 14:15 64512 -c----w- c:\windows\system32\piaproxy.dll
2011-05-01 14:15 . 2011-05-01 14:15 6144 -c--a-w- c:\windows\system32\sfman32.dll
2011-05-01 14:15 . 2011-05-01 14:15 5120 -c--a-w- c:\windows\system32\enlocstr.exe
2011-05-01 14:15 . 2011-05-01 14:15 49152 -c----w- c:\windows\system32\ctdproxy.dll
2011-05-01 14:15 . 2011-05-01 14:15 47104 -c--a-w- c:\windows\system32\udapld32.dll
2011-05-01 14:15 . 2011-05-01 14:15 45568 -c--a-w- c:\windows\system32\ctspkhlp.dll
2011-05-01 14:15 . 2011-05-01 14:15 41472 -c--a-w- c:\windows\system32\ctscal.dll
2011-05-01 14:15 . 2011-05-01 14:15 37888 -c--a-w- c:\windows\system32\psconv.exe
2011-05-01 14:15 . 2011-05-01 14:15 33792 -c--a-w- c:\windows\system32\devreg.dll
2011-05-01 14:15 . 2011-05-01 14:15 330752 -c----w- c:\windows\system32\ctdc0001.dll
2011-05-01 14:15 . 2011-05-01 14:15 32768 -c--a-w- c:\windows\system32\ctthxcal.dll
2011-05-01 14:15 . 2011-05-01 14:15 13312 -c--a-w- c:\windows\system32\regplib.exe
2011-05-01 14:15 . 2011-05-01 14:15 131072 -c--a-w- c:\windows\system32\ctdcifce.dll
2011-05-01 14:15 . 2011-05-01 14:15 12800 -c--a-w- c:\windows\system32\ctmmep.dll
2011-05-01 14:15 . 2011-05-01 14:15 125952 -c--a-w- c:\windows\system32\sfms32.dll
2011-05-01 14:15 . 2011-05-01 14:15 11776 -c--a-w- c:\windows\INRES.DLL
2011-05-01 14:15 . 2011-05-01 14:15 10240 -c--a-w- c:\windows\system32\ctdcres.dll
2011-05-01 14:15 . 2011-05-01 14:15 10240 -c----w- c:\windows\CTDCRES.DLL
2011-05-01 14:15 . 2008-06-27 17:27 11776 -c--a-w- c:\windows\system32\inres.dll
2011-05-01 14:15 . 2011-05-01 14:15 8704 -c----w- c:\windows\system32\ctagent.dll
2011-05-01 14:15 . 2011-05-01 14:15 809496 -c--a-w- c:\windows\system32\OALInst.exe
2011-05-01 14:15 . 2011-05-01 14:15 77824 -c--a-w- c:\windows\system32\eaxac3.dll
2011-05-01 14:15 . 2011-05-01 14:15 600217 -c--a-w- c:\windows\system32\UDAAIM32.exe
2011-05-01 14:15 . 2011-05-01 14:15 56832 -c--a-w- c:\windows\system32\CTpcmcia.dll
2011-05-01 14:15 . 2011-05-01 14:15 508928 -c--a-w- c:\windows\system32\UDAAPO32.dll
2011-05-01 14:15 . 2011-05-01 14:15 46592 -c--a-w- c:\windows\system32\ctasio.dll
2011-05-01 14:15 . 2011-05-01 14:15 38400 -c--a-w- c:\windows\system32\readreg.exe
2011-05-01 14:15 . 2011-05-01 14:15 227840 -c----w- c:\windows\system32\ctdc0000.dll
2011-05-01 14:15 . 2011-05-01 14:15 19456 -c----w- c:\windows\system32\CtHelper.exe
2011-05-01 14:15 . 2011-05-01 14:15 176128 -c--a-w- c:\windows\system32\ct_oal.dll
2011-05-01 14:15 . 2011-05-01 14:15 11776 -c--a-w- c:\windows\system32\ac3api.dll
2011-05-01 14:15 . 2011-05-01 14:15 43520 -c--a-w- c:\windows\system32\CTBurst.dll
2011-05-01 14:15 . 2011-05-01 14:15 196096 -c--a-w- c:\windows\system32\ctemupia.dll
2011-05-01 14:15 . 2011-05-01 14:15 10752 -c--a-w- c:\windows\system32\a3d.dll
2011-05-01 14:15 . 2008-05-23 16:18 16534496 -c--a-w- c:\windows\system32\AppSetup.exe
2011-05-01 14:15 . 2006-12-05 14:52 48400 -c--a-w- c:\windows\system32\AddCat.exe
2011-05-01 14:13 . 2011-05-01 14:13 56960 -c--a-w- c:\windows\system32\drivers\ousb2hub.sys
2011-05-01 14:13 . 2011-05-01 14:13 45696 -c--a-w- c:\windows\system32\drivers\ousbehci.sys
2008-09-09 22:38 . 2008-06-01 12:40 3351552 -c--a-w- c:\program files\VersionTracker_Pro_Windows_4_0.msi
2008-09-09 22:38 . 2008-06-01 12:40 107505240 -c--a-w- c:\program files\TrueImage10.0_s_en.exe
2008-09-09 22:38 . 2008-06-01 12:39 107505240 -c--a-w- c:\program files\TrueImage10.0.4942_s_en.exe
2008-09-09 22:35 . 2008-06-01 12:39 1069935 -c--a-w- c:\program files\RegCure_Setup_15_RW.exe
2008-09-09 22:30 . 2008-06-01 12:39 15452536 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2008-09-09 22:29 . 2008-06-01 12:39 881488 -c--a-w- c:\program files\Google Updater.exe
2008-09-09 22:05 . 2008-06-01 12:39 23405072 -c--a-w- c:\program files\AdbeRdr811_en_US.exe
2008-03-09 07:25 . 2010-01-16 09:14 236 -c--a-w- c:\program files\Common Files\dx.reg
2002-01-14 17:30 . 2002-01-14 17:30 21823560 -c--a-w- c:\program files\dotnetfx.exe
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( [email protected]_21.12.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-03 19:54 . 2011-07-03 19:54 16384 c:\windows\Temp\Perflib_Perfdata_e6c.dat
+ 2011-07-03 19:55 . 2011-07-03 19:55 16384 c:\windows\Temp\Perflib_Perfdata_324.dat
+ 2011-07-03 19:53 . 2011-07-03 19:53 16384 c:\windows\Temp\Perflib_Perfdata_2e8.dat
+ 2003-03-31 12:00 . 2011-07-03 19:20 99306 c:\windows\system32\perfc009.dat
- 2003-03-31 12:00 . 2011-07-02 20:46 99306 c:\windows\system32\perfc009.dat
+ 2005-08-03 11:58 . 2005-08-03 11:58 53248 c:\windows\system32\lccl.dll
+ 2005-08-31 06:58 . 2005-08-31 06:58 53248 c:\windows\system32\client_cc.dll
- 2003-03-31 12:00 . 2011-07-02 20:46 512666 c:\windows\system32\perfh009.dat
+ 2003-03-31 12:00 . 2011-07-03 19:20 512666 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2009-05-04 10:54 398768 -c--a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58 91568 -c--a-w- c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]
.
[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-05 399736]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"Philips Intelligent Agent"="c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-09 68856]
"Consumer Input Update"="c:\program files\Consumer Input\dca-ua.exe" [2011-03-03 175800]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2011-01-27 67448]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2011-01-21 67960]
"BullGuard"="c:\program files\BullGuard Software\BullGuard\bullguard.exe" [2005-09-19 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2011-05-01 19456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
c:\documents and settings\Merlr Morgan-Oxford\Start Menu\Programs\Startup\
Shrink Pic.lnk - c:\program files\Shrink Pic\shrink_pic.exe [2008-9-2 3067979]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2009-11-23 4657424]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-6 805392]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\o:\0autocheck autochk *\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
path=
backup=
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Merlr Morgan-Oxford^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Merlr Morgan-Oxford^Start Menu^Programs^Startup^MagicDisc.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Merlr Morgan-Oxford^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-01-21 02:04 377248 -c--a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-01-21 02:05 960560 -c--a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-04 08:56 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2006-09-06 08:42 143360 -c--a-w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 11:03 868352 -c--a-w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2008-09-09 22:32 1289000 -c----w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-08-22 13:13 2363392 -c----w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-09-09 22:32 1695232 -c----w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]
2008-02-21 16:19 613792 -c----w- c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2001-07-03 00:30 122880 -c--a-w- c:\program files\Creative\SBAudigy\RemoteCenter\Rc\RcMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2008-09-09 22:36 1687552 -c----w- c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-09-09 22:26 163840 -c--a-w- c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2008-09-09 22:29 69632 -c--a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar]
2001-07-26 00:00 118784 -c--a-w- c:\program files\Creative\SBAudigy\Taskbar\CTLTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
2001-06-29 00:00 163840 -c--a-w- c:\program files\Creative\SBAudigy\Taskbar\CTLTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 -c----w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-01-21 01:59 4359600 -c--a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"990:TCP"= 990:TCP:ActiveSync
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [14/09/2008 12:09 18432]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [11/01/2009 15:25 38448]
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [22/09/2010 17:05 20352]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [13/09/2008 15:16 13440]
R2 BsFileSpy;BullGuard File Monitoring Service;c:\windows\System32\svchost.exe -k bg5 [31/03/2003 13:00 14336]
R2 BsFirewall;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k bg5 [31/03/2003 13:00 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k bg5 [31/03/2003 13:00 14336]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [01/05/2011 15:13 45696]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
R2 WebView-Reporting-Service;WebView-Reporting-Service;c:\program files\WebView\WebView-Reporting.exe [23/02/2009 13:20 102400]
R2 WebView-Update-Service;WebView-Update-Service;c:\program files\WebView\WebView-Updater.exe [23/02/2009 13:20 176128]
R2 WebViewLSPService;WebViewLSPService;c:\program files\WebViewLSPService\WebViewLSPService.exe [14/06/2010 11:59 3043328]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [01/05/2011 15:15 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [01/05/2011 15:15 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [01/05/2011 15:15 566296]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [13/09/2008 15:17 215168]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [13/09/2008 15:15 12288]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [13/09/2008 15:16 321280]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [13/09/2008 15:15 77056]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [13/09/2008 15:15 396672]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [13/09/2008 15:15 17920]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [01/05/2011 15:13 56960]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [16/02/2009 19:16 31616]
R3 VF0270Dev;Live! Cam Optia;c:\windows\system32\drivers\V0270Dev.sys [16/02/2009 19:12 227488]
R3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\drivers\V0270Vfx.sys [16/02/2009 19:12 7424]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [22/09/2010 17:36 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [22/09/2010 17:38 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [22/09/2010 17:39 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [22/09/2010 17:40 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [22/09/2010 17:41 25704]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [02/01/2011 10:43 30312]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [01/05/2011 15:15 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [01/05/2011 15:19 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [01/05/2011 15:15 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [01/05/2011 15:15 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [01/05/2011 15:15 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [01/05/2011 15:15 566296]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 DM9USB;DM9000 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [03/04/2009 16:51 54272]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\drivers\fetnd6v.sys [22/09/2008 11:20 43520]
S3 FileSpy5;BullGuard File Monitor;c:\program files\BullGuard Software\BullGuard\filespy5.sys [11/09/2008 17:59 19536]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/04/2009 20:16 36608]
S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [20/11/2009 19:31 18432]
S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [20/11/2009 19:31 26368]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [21/06/2009 07:49 434176]
S3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Software\BullGuard\reconn.sys [11/09/2008 17:59 12240]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [02/01/2011 10:43 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [02/01/2011 10:43 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [02/01/2011 10:43 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [02/01/2011 10:43 98152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bg5 REG_MULTI_SZ BGMainSvc BsFileSpy BsMailProxy BsFirewall
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 13:11 451872 -c----w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 -c--a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 21:08]
.
2011-06-18 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
.
2011-06-30 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-06-30 12:41]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 05:48]
.
2011-07-03 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25]
.
2011-07-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]
.
2011-07-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-343818398-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-343818398-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
.
2011-06-16 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
.
2010-10-06 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-08-12 16:26]
.
2010-10-07 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-08-12 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\WebViewLSPService.DLL
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{252E42F4-0A33-427C-B197-6409321B09B1}: DhcpNameServer = 192.168.2.1
Filter: application/x-icq - {db40c160-09a1-11d3-baf2-000000000000} - c:\program files\ICQ\IExplorerMime.dll
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 20:55
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5168)
c:\windows\system32\WININET.dll
c:\program files\Shrink Pic\shrinkpici.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\dfshim.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\BullGuard Software\BullGuard\BullGuardUpdate.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Uniblue\PowerSuite\powersuite.exe
c:\program files\Uniblue\SpeedUpMyPC\sump.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Uniblue\RegistryBooster\registrybooster.exe
c:\program files\Java\jre6\bin\javaws.exe
c:\program files\Java\jre6\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2011-07-03 21:02:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-03 20:02
ComboFix2.txt 2011-07-03 08:44
ComboFix3.txt 2011-07-02 21:19
.
Pre-Run: 114,708,750,336 bytes free
Post-Run: 114,755,506,176 bytes free
.
Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 2D27669BDD1A79154599D48A07808719
OTL logfile created on: 03/07/2011 21:09:53 - Run 4
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Documents and Settings\Merlr Morgan-Oxford\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.48% Memory free
7.85 Gb Paging File | 7.19 Gb Available in Paging File | 91.62% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 106.91 Gb Free Space | 22.95% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1019.43 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive O: | 703.12 Mb Total Space | 703.12 Mb Free Space | 100.00% Space Free | Partition Type: CDUDF

Computer Name: MERLES-PC | User Name: Merlr Morgan-Oxford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
PRC - [2011/06/20 22:08:01 | 000,528,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/20 22:07:55 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/05 18:28:17 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/03 20:31:28 | 000,175,800 | ---- | M] (Compete, Inc.) -- C:\Program Files\Consumer Input\dca-ua.exe
PRC - [2011/01/27 08:57:52 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\PowerSuite\powersuite.exe
PRC - [2011/01/24 17:16:52 | 004,657,424 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\GetRight\GetRight.exe
PRC - [2011/01/21 16:06:36 | 000,056,168 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
PRC - [2011/01/21 15:43:56 | 000,053,104 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2010/06/14 11:59:26 | 003,043,328 | ---- | M] (nurago GmbH) -- C:\Program Files\WebViewLSPService\WebViewLSPService.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 12:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/02/23 13:20:24 | 000,176,128 | ---- | M] () -- C:\Program Files\WebView\WebView-Updater.exe
PRC - [2009/02/23 13:20:24 | 000,102,400 | ---- | M] () -- C:\Program Files\WebView\WebView-Reporting.exe
PRC - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/10/21 11:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/21 11:26:10 | 001,032,640 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/09/11 17:59:43 | 000,561,152 | ---- | M] (BullGuard Software) -- C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
PRC - [2008/09/09 23:29:53 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2008/09/09 23:26:41 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2008/09/09 23:26:41 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2008/09/02 18:04:16 | 003,067,979 | ---- | M] () -- C:\Program Files\Shrink Pic\shrink_pic.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/09/02 16:59:12 | 000,143,441 | ---- | M] () -- C:\Program Files\Shrink Pic\shrinkpici.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/20 22:07:55 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2011/05/01 15:19:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/14 11:59:26 | 003,043,328 | ---- | M] (nurago GmbH) [Auto | Running] -- C:\Program Files\WebViewLSPService\WebViewLSPService.exe -- (WebViewLSPService)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/02/23 13:20:24 | 000,176,128 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Updater.exe -- (WebView-Update-Service)
SRV - [2009/02/23 13:20:24 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Reporting.exe -- (WebView-Reporting-Service)
SRV - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/10/21 11:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/09/11 18:00:08 | 000,058,960 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Software\BullGuard\BsMailProxy.dll -- (BsMailProxy)
SRV - [2008/09/11 17:59:47 | 000,038,480 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Software\BullGuard\BsFileSpy.dll -- (BsFileSpy)
SRV - [2008/09/11 17:59:43 | 000,561,152 | ---- | M] (BullGuard Software) [Auto | Running] -- C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe -- (BGLiveSvc)
SRV - [2008/09/11 17:58:42 | 000,045,056 | ---- | M] (BullGuard, Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Software\BullGuard\BsMain.dll -- (BGMainSvc)
SRV - [2008/09/09 23:36:05 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2008/09/09 23:26:41 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2008/09/09 23:26:41 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2008/09/09 23:26:40 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2008/09/09 23:26:39 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2005/09/19 12:53:31 | 000,098,304 | ---- | M] (BullGuard Software) [Auto | Running] -- C:\Program Files\BullGuard Software\BullGuard\BsFirewall.dll -- (BsFirewall)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/12 08:44:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2011/05/01 17:13:55 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2011/05/01 17:13:29 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011/05/01 16:58:35 | 000,321,280 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2011/05/01 16:58:19 | 000,013,440 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2011/05/01 16:57:57 | 000,215,168 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2011/05/01 16:57:57 | 000,012,288 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2011/05/01 15:15:50 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2011/05/01 15:15:50 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2011/05/01 15:15:50 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2011/05/01 15:15:50 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2011/05/01 15:15:50 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2011/05/01 15:15:49 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2011/05/01 15:15:49 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2011/05/01 15:15:49 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2011/05/01 15:15:49 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2011/05/01 15:15:49 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2011/05/01 15:15:49 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2011/05/01 15:15:49 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2011/05/01 15:15:49 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2011/05/01 15:15:48 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2011/05/01 15:15:48 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2011/05/01 15:13:42 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2011/05/01 15:13:42 | 000,045,696 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2010/12/31 22:24:14 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/12/01 20:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/08/27 05:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/08/27 05:32:08 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2010/08/27 05:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/08/27 05:32:08 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/08/27 05:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/08/02 16:01:47 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/07/21 09:00:00 | 000,020,352 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/21 17:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/21 14:51:07 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/03/21 14:50:59 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/03/21 14:50:59 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/03/21 14:50:49 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/02/17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/24 07:59:14 | 000,054,272 | ---- | M] (DAVICOM Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dm9usb.sys -- (DM9USB)
DRV - [2008/09/22 11:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2008/09/11 17:59:52 | 000,012,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Software\BullGuard\reconn.sys -- (Reconn)
DRV - [2008/09/11 17:59:48 | 000,019,536 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Software\BullGuard\filespy5.sys -- (FileSpy5)
DRV - [2008/07/28 18:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/04 14:47:46 | 000,026,368 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\optovcm.sys -- (optovcm)
DRV - [2008/04/04 14:47:46 | 000,018,432 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\optousb.sys -- (optousb)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/20 02:03:00 | 000,227,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0270Dev.sys -- (VF0270Dev)
DRV - [2007/08/15 08:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/05/09 09:36:18 | 000,434,176 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinAVS.sys -- (PinnacleMarvinAVS)
DRV - [2007/04/11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/03/30 01:44:48 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/03/30 01:44:48 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/03/30 01:44:48 | 000,032,352 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2007/03/05 19:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0270Vfx.sys -- (VF0270Vfx)
DRV - [2007/02/05 11:15:26 | 000,018,432 | ---- | M] (NewSoft Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Achernar.sys -- (Achernar)
DRV - [2007/01/29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2007/01/12 16:55:24 | 000,022,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/06/07 16:28:40 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/06/07 16:28:20 | 000,149,028 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/06/07 16:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/06/07 16:23:20 | 000,047,811 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2005/11/22 00:49:40 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/10/22 07:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/22 07:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/22 07:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/22 07:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/08/04 08:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 07:10:12 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/09/12 16:08:06 | 000,011,914 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2003/09/12 16:08:02 | 000,018,515 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2003/09/12 16:08:00 | 000,055,888 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\WebView\ [2010/08/04 07:36:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/06 11:02:45 | 000,000,000 | ---D | M]

[2009/05/28 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Mozilla\Extensions
[2009/05/28 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Mozilla\Extensions\[email protected]
[2009/12/11 17:42:54 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/07/03 20:53:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh\iMeshIEHelper.dll ()
O2 - BHO: (WebView) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (nurago GmbH)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\bullguard.exe (BullGuard Software)
O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
O4 - HKCU..\Run: [PowerSuite] C:\Program Files\Uniblue\PowerSuite\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GetRight.lnk = C:\Program Files\GetRight\GetRight.exe (Headlight Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Merlr Morgan-Oxford\Start Menu\Programs\Startup\Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : About WebView - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (nurago GmbH)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} http://www.shopandsc.../TNSClicker.CAB (TNSClicker.Clicker)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.n...E_5.3.0.228.cab (Cult3D ActiveX Player)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.5.cab (DLM Control)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1221301042406 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1221301033546 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandsc.../TNSClickrc.CAB (TNSClickerc.Clicker)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/x-icq {db40c160-09a1-11d3-baf2-000000000000} - C:\Program Files\ICQ\IExplorerMime.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/12 16:01:47 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\O:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/03 16:57:56 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\aswMBR.exe
[2011/07/03 13:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\BullGuard
[2011/07/03 13:01:35 | 000,011,914 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg3n.sys
[2011/07/03 13:01:34 | 000,055,888 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\Teefer.sys
[2011/07/03 13:01:33 | 000,018,515 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[2011/07/03 08:46:09 | 004,130,135 | R--- | C] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
[2011/07/03 08:26:19 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\mbam-setup-1.51.0.1200new.exe
[2011/07/02 20:49:04 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\dds.scr
[2011/06/30 16:17:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/30 16:10:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/30 16:10:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/30 16:10:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/30 16:10:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/30 16:02:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/30 16:00:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/30 15:50:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/30 13:54:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
[2011/06/25 11:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeamViewer
[2011/06/25 11:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TeamViewer 6
[2011/06/25 11:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/06/24 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/24 09:04:59 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/06/22 14:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
[2011/06/20 13:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\LightScribe Diagnostic Utility
[2011/06/10 19:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ebay purchases
[2011/05/01 15:15:37 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2011/03/03 21:20:52 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\log4cxx.dll
[2008/06/01 13:40:11 | 107,505,240 | ---- | C] (Acronis) -- C:\Program Files\TrueImage10.0_s_en.exe
[2008/06/01 13:39:55 | 107,505,240 | ---- | C] (Acronis) -- C:\Program Files\TrueImage10.0.4942_s_en.exe
[2008/06/01 13:39:48 | 001,069,935 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\RegCure_Setup_15_RW.exe
[2008/06/01 13:39:41 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2008/06/01 13:39:31 | 023,405,072 | ---- | C] ( ) -- C:\Program Files\AdbeRdr811_en_US.exe
[2002/01/14 18:30:34 | 021,823,560 | ---- | C] (Microsoft) -- C:\Program Files\dotnetfx.exe

========== Files - Modified Within 30 Days ==========

[2011/07/03 20:58:10 | 000,512,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/03 20:58:10 | 000,099,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/03 20:54:11 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000006-00001102-00000004-00511102}.CDF
[2011/07/03 20:54:11 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000006-00001102-00000004-00511102}.BAK
[2011/07/03 20:53:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/03 20:53:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/03 20:53:28 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/03 20:53:28 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/07/03 20:53:28 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-343818398-682003330-1004.job
[2011/07/03 20:53:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/03 20:52:05 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 20:52:05 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 20:52:05 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 20:52:05 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 20:52:05 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/03 20:23:29 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\MBR.dat
[2011/07/03 18:42:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/03 18:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/07/03 17:05:34 | 000,000,561 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\MBR.zip
[2011/07/03 16:57:54 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\aswMBR.exe
[2011/07/03 16:35:33 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-343818398-682003330-1004.job
[2011/07/03 16:05:02 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Microsoft Office Outlook 2007.lnk
[2011/07/03 13:01:39 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BullGuard.lnk
[2011/07/03 12:19:44 | 000,092,296 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\BullGuardDownloader.exe
[2011/07/03 08:46:09 | 004,130,135 | R--- | M] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
[2011/07/03 08:26:19 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\mbam-setup-1.51.0.1200new.exe
[2011/07/03 00:33:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/07/02 20:49:33 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\dds.scr
[2011/07/01 09:19:27 | 000,151,552 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 21:10:11 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/30 16:17:37 | 000,000,513 | RHS- | M] () -- C:\boot.ini
[2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
[2011/06/30 13:41:56 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Express Burn Disc Burning Software.lnk
[2011/06/30 13:07:58 | 000,608,373 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Unbootable system tutorial - Geeks to Go Forums.mht
[2011/06/30 13:06:58 | 000,123,823 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\How to Set BIOS to Boot from CDROM - www_hiren_info.mht
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 11:46:47 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TeamViewer 6.lnk
[2011/06/24 15:00:30 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/24 15:00:30 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/24 09:38:31 | 000,003,151 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/24 09:28:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/06/24 08:38:36 | 010,145,792 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ad-Aware90Install.msi
[2011/06/23 17:21:44 | 002,666,306 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Quick Scan#20110623172143000000000.bglog
[2011/06/23 16:59:10 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Shortcut to Local Disk ©.lnk
[2011/06/22 14:59:40 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/06/22 13:54:15 | 021,022,914 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\vlc-1.1.10-win32.exe
[2011/06/21 22:35:45 | 000,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2011/06/20 14:56:44 | 000,112,548 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Thank You at SewAlong.mht
[2011/06/20 13:47:45 | 000,475,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/20 08:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/18 14:29:20 | 000,029,038 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The_Mentalist_S03E24_Strawberries_and_Cream_Part_2_HDTV_XviD_LOL_VTV_avi-[Fenopy.eu].torrent
[2011/06/18 14:27:47 | 000,018,925 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The.Mentalist.S03E24.Strawberries.and.Cream.HDTV.XviD-2HD.torrent
[2011/06/18 06:50:50 | 000,019,457 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\11062555126C.jpg
[2011/06/18 02:06:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/06/16 03:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/06/06 13:27:29 | 000,059,065 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\THE_WALKING_DEAD_SEASON_1_2010_1080p_BluRay_QEBS_AAC-FASM.6299677.TPB.torrent
[2011/06/06 11:03:06 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2011/06/06 11:01:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2011/07/03 17:05:34 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\MBR.zip
[2011/07/03 17:02:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\MBR.dat
[2011/07/03 13:01:39 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BullGuard.lnk
[2011/07/03 08:20:36 | 000,092,296 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\BullGuardDownloader.exe
[2011/06/30 16:17:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/30 16:10:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/30 16:10:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/30 16:10:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/30 16:10:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/30 16:10:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/30 13:48:23 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/30 13:41:56 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/06/30 13:41:56 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Express Burn Disc Burning Software.lnk
[2011/06/30 13:07:58 | 000,608,373 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Unbootable system tutorial - Geeks to Go Forums.mht
[2011/06/30 13:06:57 | 000,123,823 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\How to Set BIOS to Boot from CDROM - www_hiren_info.mht
[2011/06/25 11:46:47 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TeamViewer 6.lnk
[2011/06/24 09:38:05 | 000,003,151 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/24 09:05:10 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/06/24 09:05:02 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/06/24 09:04:37 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/06/24 09:04:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/06/24 09:04:30 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/06/24 09:04:29 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2011/06/24 08:24:46 | 010,145,792 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ad-Aware90Install.msi
[2011/06/23 17:24:37 | 002,666,306 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Quick Scan#20110623172143000000000.bglog
[2011/06/23 16:59:10 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Shortcut to Local Disk ©.lnk
[2011/06/22 14:59:40 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/06/20 14:56:34 | 000,112,548 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Thank You at SewAlong.mht
[2011/06/18 14:29:18 | 000,029,038 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The_Mentalist_S03E24_Strawberries_and_Cream_Part_2_HDTV_XviD_LOL_VTV_avi-[Fenopy.eu].torrent
[2011/06/18 14:27:41 | 000,018,925 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The.Mentalist.S03E24.Strawberries.and.Cream.HDTV.XviD-2HD.torrent
[2011/06/18 07:26:58 | 000,019,457 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\11062555126C.jpg
[2011/06/10 19:58:48 | 021,022,914 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\vlc-1.1.10-win32.exe
[2011/06/06 13:27:25 | 000,059,065 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\THE_WALKING_DEAD_SEASON_1_2010_1080p_BluRay_QEBS_AAC-FASM.6299677.TPB.torrent
[2011/06/06 11:03:06 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2011/05/01 15:15:47 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2011/05/01 15:15:47 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/05/01 15:15:47 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2011/05/01 15:15:47 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2011/05/01 15:15:47 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/05/01 15:15:46 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2011/05/01 15:15:46 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2011/05/01 15:15:46 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/05/01 15:15:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2011/05/01 15:15:45 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/05/01 15:15:45 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2011/05/01 15:15:45 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2011/05/01 15:15:45 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2011/05/01 15:15:45 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2011/05/01 15:15:45 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/05/01 15:15:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/09/22 17:35:56 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\WS_ATLMovie.dll
[2010/08/13 12:07:59 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/08/07 11:36:06 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/06/22 08:12:11 | 000,000,186 | ---- | C] () -- C:\WINDOWS\PHOTOHSE.INI
[2010/06/21 19:19:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\XSP2003.INI
[2010/06/21 19:04:58 | 000,000,131 | ---- | C] () -- C:\WINDOWS\XSPROF.INI
[2010/06/14 11:59:26 | 000,002,696 | ---- | C] () -- C:\WINDOWS\System32\WebViewLSPService.ini
[2010/06/14 11:59:26 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\WebViewLSPServiceOff.ini
[2010/05/06 11:06:26 | 000,000,062 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2010/05/03 07:40:04 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/06 17:02:41 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/04/06 17:02:41 | 001,185,359 | ---- | C] () -- C:\WINDOWS\System32\unins001.exe
[2010/04/06 17:02:41 | 000,046,845 | ---- | C] () -- C:\WINDOWS\System32\unins001.dat
[2010/02/17 22:49:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/01/16 10:14:52 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
[2010/01/16 10:14:51 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2010/01/16 10:14:51 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2010/01/16 10:14:51 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010/01/16 10:14:51 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2010/01/16 10:14:51 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2010/01/16 10:14:50 | 000,003,036 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/01/07 17:25:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\AVSMediaPlayer.m3u
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/02 09:51:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/06 18:12:39 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\setup_ldm.iss
[2009/09/11 12:40:20 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/09 10:04:42 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/05/23 07:20:45 | 000,101,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/02 20:16:28 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/04/02 20:16:28 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/03/21 14:35:32 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/03/18 16:19:51 | 000,000,111 | ---- | C] () -- C:\WINDOWS\SCORE.INI
[2009/02/26 04:11:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/02/16 19:18:06 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2009/02/16 19:16:12 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/02/15 17:58:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/01/11 15:25:07 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2009/01/11 15:25:07 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2009/01/11 15:25:07 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2009/01/02 12:30:30 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008/12/28 17:59:44 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/28 16:51:00 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/28 16:50:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/12/28 16:49:08 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/12 17:57:38 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/12/10 18:53:56 | 000,038,489 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Microsoft Excel 97-2003.ADR
[2008/12/09 19:57:26 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/12/09 19:57:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/12/09 19:57:02 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/12/09 19:56:42 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/12/09 19:56:34 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/12/09 19:56:22 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/12/08 14:37:04 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/08 14:34:42 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/08 13:53:40 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/06 20:00:27 | 001,466,969 | ---- | C] () -- C:\Program Files\88x_2_122_26109_WHQL.zip
[2008/12/06 08:43:56 | 000,029,561 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/06 08:43:35 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/12/06 08:42:57 | 000,000,628 | ---- | C] () -- C:\Program Files\WinTV Radio.lnk
[2008/12/06 08:42:46 | 000,000,650 | ---- | C] () -- C:\Program Files\WinTV2000.lnk
[2008/12/06 08:41:15 | 000,002,032 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/12/05 16:59:41 | 000,256,222 | ---- | C] () -- C:\Program Files\dotnetfx_cleanup_tool.zip
[2008/12/03 18:20:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2008/11/26 20:55:22 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/11/26 19:49:10 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/10/15 08:14:59 | 000,001,732 | ---- | C] () -- C:\Program Files\WinZip.lnk
[2008/10/12 16:10:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\rx_image.Cache
[2008/10/12 16:10:28 | 000,577,592 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\rx_audio.Cache
[2008/09/19 06:40:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/09/15 18:22:08 | 000,000,287 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2008/09/14 18:42:54 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ICQAL.dll
[2008/09/14 18:42:54 | 000,126,704 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/09/14 18:42:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\icqsock.dll
[2008/09/14 18:42:54 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\icquiex.dll
[2008/09/14 18:42:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\ICQMAPI.dll
[2008/09/14 18:42:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\icqcprt.dll
[2008/09/14 18:42:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/09/14 18:42:54 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\icqwcom.dll
[2008/09/14 18:42:54 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\icqwutl.dll
[2008/09/14 18:42:54 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\icqcutl.dll
[2008/09/14 18:42:54 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\ICQWSock16.dll
[2008/09/14 17:26:48 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/14 14:15:56 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/14 12:35:32 | 000,000,206 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2008/09/14 12:12:03 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2008/09/14 12:09:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\NSM4AEnc.dll
[2008/09/14 12:09:07 | 000,671,859 | ---- | C] () -- C:\WINDOWS\System32\NSEncore.dll
[2008/09/14 08:48:33 | 000,000,448 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/14 08:21:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\printhse.ini
[2008/09/14 08:21:29 | 000,000,056 | ---- | C] () -- C:\WINDOWS\country.ini
[2008/09/13 23:22:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2008/09/13 22:02:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\$_hpcst$.hpc
[2008/09/13 21:51:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CompanionApp.INI
[2008/09/13 20:16:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/13 15:15:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2008/09/13 14:37:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\LDLog.INI
[2008/09/13 14:36:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/13 14:28:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/09/13 14:05:10 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/09/13 14:04:47 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/09/13 14:04:45 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/09/13 14:04:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/09/13 14:04:42 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/09/13 13:25:15 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2008/09/13 13:25:14 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2008/09/13 13:17:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/09/13 13:02:56 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/09/13 13:02:52 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/09/13 11:40:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/13 11:39:20 | 000,475,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/13 11:08:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/13 11:04:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/09 23:36:57 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to setup.lnk
[2008/08/28 15:41:37 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2008/07/09 09:05:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2008/06/15 10:27:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/06/01 13:40:52 | 003,351,552 | ---- | C] () -- C:\Program Files\VersionTracker_Pro_Windows_4_0.msi
[2008/06/01 13:39:37 | 000,881,488 | ---- | C] () -- C:\Program Files\Google Updater.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/29 16:42:22 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 16:42:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/03/29 16:42:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 16:42:08 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 16:42:04 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 16:42:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 16:42:02 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2008/03/29 16:42:02 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 16:42:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 16:42:00 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2008/03/29 16:41:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2008/03/29 16:41:54 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 16:41:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/03/29 16:41:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/22 05:16:14 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2007/12/22 05:16:04 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/12/22 05:15:02 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2007/12/22 04:37:44 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/06/28 19:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/27 16:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/08/11 15:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/06/07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/01 14:05:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/11/10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/11/10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/11/10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/03/31 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 13:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2003/03/31 13:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/03/31 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 13:00:00 | 000,512,666 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(3).dll
[2003/03/31 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(2).dll
[2003/03/31 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 13:00:00 | 000,099,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll
[2003/03/31 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/03/31 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/23 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/03/21 15:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2009/08/30 13:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund
[2011/07/03 13:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BullGuard
[2011/05/23 16:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\C2E
[2009/05/13 06:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Documents
[2009/01/14 12:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2010/06/22 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DP Software
[2010/08/18 19:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Whiz
[2009/09/26 09:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
[2011/05/01 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2009/02/24 09:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Entriq
[2010/04/24 22:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Karen's Power Tools
[2011/07/03 21:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
[2011/06/30 13:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2009/01/14 12:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2008/09/13 21:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Philips
[2009/06/21 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2009/06/21 22:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio Plus
[2010/08/12 16:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RapidSolution
[2011/03/18 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2009/11/28 09:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sky
[2008/09/14 12:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
[2009/06/21 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Studio 12
[2010/09/22 17:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/07/01 10:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2010/09/22 17:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneClone
[2009/04/01 07:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2010/09/22 17:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\xml_param
[2011/05/01 12:02:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{83FC5D7A-8875-4931-80D6-1E3AC725D336}
[2011/05/01 12:01:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8EE64AC9-4067-4544-96FA-A1719B301ABF}
[2010/07/09 08:37:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
[2009/12/12 09:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/09/15 08:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/06/30 10:40:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/03/21 16:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Acronis
[2009/03/13 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Amazon
[2009/03/19 10:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Anthropics
[2009/08/30 13:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Broderbund
[2011/01/31 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\BullGuard
[2009/09/26 09:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\CBS Interactive
[2009/11/22 15:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/14 12:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\DriverCure
[2011/07/03 20:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\GetRight
[2010/12/17 15:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Graboid Inc
[2010/05/11 12:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Gygan
[2011/06/03 17:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\iMeshMediabarTb
[2008/09/13 14:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\InterTrust
[2010/08/13 12:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Megaupload
[2010/08/12 17:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\NCH Swift Sound
[2010/09/04 08:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Neo-Modus.com
[2009/05/29 08:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\RapidGet
[2011/01/02 10:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Samsung
[2009/01/04 22:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Search Settings
[2011/06/02 20:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\shrink_pic
[2011/01/31 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Software Inspection Library
[2010/05/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\SoundMaven
[2009/05/06 16:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\SuperNZB
[2009/01/11 15:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Systweak
[2011/06/25 11:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeamViewer
[2011/07/03 16:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeraCopy
[2009/05/28 17:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TomTom
[2011/05/01 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Uniblue
[2011/07/03 21:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\uTorrent
[2008/12/04 08:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\VersionTracker Pro
[2008/09/18 17:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Windows Desktop Search
[2008/09/18 20:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Windows Search
[2011/06/20 08:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/18 02:06:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/06/30 21:10:11 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2011/07/03 18:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/07/03 00:33:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2011/07/03 20:53:28 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011/06/16 03:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010/10/06 17:13:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2010/10/07 17:56:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 03/07/2011 16:13:33 - Run 3
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Documents and Settings\Merlr Morgan-Oxford\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 51.22% Memory free
7.85 Gb Paging File | 6.98 Gb Available in Paging File | 88.99% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 106.96 Gb Free Space | 22.96% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1019.43 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive O: | 703.12 Mb Total Space | 703.12 Mb Free Space | 100.00% Space Free | Partition Type: CDUDF

Computer Name: MERLES-PC | User Name: Merlr Morgan-Oxford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [RapidShareManagerMail] -- C:\Program Files\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"990:TCP" = 990:TCP:*:Enabled:ActiveSync
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" = C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:Philips Intelligent Agent -- (Philips Consumer Electronics)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{102745C4-5956-4B71-8D4A-8581A0497607}" = AV Album Art Fixer for MCE and WMP
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{17D6BCE2-757A-4A68-A5CD-032E557E1978}" = LightScribe Diagnostic Utility
"{17DBFAE6-7259-4046-8FEF-C0C817A04069}" = DECdry Free Grids for Word 2003
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video/Audio Device Driver
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CDB2DCD-1153-4ED4-9D0A-606231CEFE9A}" = LightScribe Template Designs - Art Pack 1
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{49CE65E4-9EE2-4F29-8768-58DD1E45D09C}" = HP Photo and Imaging 2.1 - Scanjet 36X0 Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{5399ACAF-7B15-43D5-9233-4E797B184FD2}" = AVIVO
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{569C24E9-1D28-4738-99EF-6BEC75DC5F6A}" = Creative ZEN Vision W
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F0545E7-3F0F-4730-AF70-26E61DBDF263}" = WebView
"{5F9662B9-ED3F-4F02-9DEE-EFA1F95F629F}" = Paragon Drive Backup 8.5 Special Edition
"{634F6989-4BB5-4EF2-AF6F-C15700F81494}}_is1" = Advanced System Optimizer
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64A32253-A906-4AEB-B6A7-A90512B68D87}" = VersionTracker Pro Windows
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6BBBF697-2642-4C52-99F6-7EFAB32EEC49}" = PlexTools Professional LE V3.13
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{816F3830-67AE-4C8C-B7F5-E9E6E3FA6650}_is1" = Berg Player 8,0 & FlashPack 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85548764-32DC-43ED-BAA5-5386FDB2500A}" = LightScribe Template Designs - Urban Pack 1
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}" = Readiris Pro 8
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}" = Presto! VideoWorks 6
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C01EAD00-7A41-4045-9FB7-07813BA1EDAE}" = Samsung PC Studio 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C41DABFE-49B1-4B24-9DF0-6DF70B485737}" = Mega Manager
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF736FF-8133-42F3-8E18-BDFE293B87FF}" = LightScribe Template Designs - Holiday Pack 1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9197623-93E7-4664-9476-24834FA74FD7}" = LightScribe Public Windows SDK
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DE72186D-A4A5-4504-839C-B14FC3432DA1}" = LightScribe Template Designs - Fantasy Pack 1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EEFD47F3-3122-4A9C-8FFA-199F624378C6}" = Presto! Digital Converter 1.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F7D689BA-E7DE-4727-9F8D-936B6C30A53A}" = Rapidshare Auto Downloader 3.6.2
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"0BCA6D24013166B380927D270B90FF6D447A4AAA" = Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports (06/02/2008 2.0.5.5)
"3ivx MPEG-4 5.0.2 Plus Decoder" = 3ivx MPEG-4 5.0.2 Plus Decoder (remove only)
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"ACT!" = ACT!
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Video FX Engine" = Advanced Video FX Engine
"Aimersoft DRM Media Converter_is1" = Aimersoft DRM Media Converter(Build 1.4.6.0)
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.4
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"AudioConSole" = Creative Audio Console
"AudioCS" = Creative Audio Console
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS Audio Editor_is1" = AVS Audio Editor version 4.2
"AVS Disc Creator_is1" = AVS Disc Creator version 3.5
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.1
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.20
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS TV Recorder_is1" = AVS TV Recorder 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.165
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS Video to Flash_is1" = AVS Video to Flash
"AVS VideotoGO_is1" = AVS Video to GO
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU DV to DVD_is1" = AVS DV to DVD 1.2
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVS4YOU Video ReMaker_is1" = AVS Video ReMaker 2.4
"AVSCoverEditor_AVS4YOU_is1" = AVS Cover Editor 1.3.1.96 (AVS4YOU)
"BullGuard" = BullGuard 6.0
"CloneDVD2" = CloneDVD2
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"conduitEngine" = Conduit Engine
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam Optia User's Guide English" = Creative Live! Cam Optia User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative PlayCenter 2.0" = Creative PlayCenter
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0270" = Creative Live! Cam Optia Driver (1.03.01.0000)
"Cross Stitch Explorer_is1" = Cross Stitch Explorer version 1.0
"Cross Stitch Professional Platinum_is1" = Cross Stitch Professional Platinum Videos
"DBWScript" = DBWScript 2.5
"DC++" = DC++ 0.7091
"Demand Five Player_is1" = Demand Five Player
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"DivX Setup.divx.com" = DivX Setup
"Duplicate File Cleaner_is1" = Duplicate File Cleaner v2.5
"Duplicate Finder_is1" = Duplicate Finder
"DVD X Player Professional 3.0_is1" = DVD X Player Professional V3.0
"Easy Video Capture_is1" = Easy Video Capture 1.30
"EAX Goldmine" = EAX Goldmine
"Elf_1 Toolbar" = Elf 1 Toolbar
"Entriq MediaSphere_is1" = Uninstall Entriq MediaSphere
"ExpressBurn" = Express Burn Disc Burning Software
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"FreeZip" = FreeZip
"GetRight_is1" = GetRight
"Graboid Video" = Graboid Video 2.01
"HaaliMkx" = Haali Media Splitter
"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp deskjet 840c series" = hp deskjet 840c series (Remove only)
"hp deskjet 840c series_Driver" = hp deskjet 840c series
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"iMesh" = iMesh
"imeshmediabartb" = MediaBar
"Karen's Directory Printer" = Karen's Directory Printer
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Matroska Pack" = Matroska Pack
"Media Player - Codec Pack" = Media Player Codec Pack 3.3.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moleskinsoft Clone Remover 3.3_is1" = Moleskinsoft Clone Remover 3.3
"MovieXplayer" = MovieXplayer
"MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Online Manuals for WinTV (English)" = Online Manuals for WinTV (English)
"Oozic Reactor" = Oozic Reactor
"Outlook Express Backup Restore_is1" = Outlook Express Backup Restore
"OUTLOOKR" = Microsoft Office Outlook 2007
"PerfectHome (Desktop Edition)_is1" = PerfectHome (Desktop Edition)
"PFPortChecker" = PFPortChecker 1.0.28
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"Portrait Professional 8 Trial_is1" = Portrait Professional 8.1 Trial
"Prism" = Prism Video Converter
"QueTek File Scavenger 3.2 (en)" = File Scavenger 3.2 (en)
"RapidShare Manager" = RapidShare Manager
"RealAlt_is1" = Real Alternative 1.9.0
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"RegCure" = RegCure 1.5.0.0
"RM Files Converter_is1" = RM Files Converter 2.2
"Score Software" = Score Software
"Shrink Pic" = Shrink Pic (remove)
"Sound Blaster Audigy" = Sound Blaster Audigy
"SoundFont Showcase" = SoundFont Showcase
"SoundMaven_is1" = SoundMaven 0.8 beta
"ST6UNST #1" = Tec-Tracker
"stax-Pinnacle_is1" = SureThing Express Labeler
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SuperNZB_is1" = SuperNZB v3.2.1
"Sure Cuts A Lot_is1" = Sure Cuts A Lot 1.016
"Switch" = Switch Sound File Converter
"SysInfo" = Creative System Information
"TeamViewer 6" = TeamViewer 6
"TeraCopy_is1" = TeraCopy 2.12
":spam: DVD to DPG Converter_is1" = :spam: DVD to DPG Converter
"TomTom HOME" = TomTom HOME 2.7.3.1894
"ToolBox" = NCH Toolbox
"TuneClone_is1" = TuneClone 1.40
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.7
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"Consumer Input Software" = Consumer Input Software (remove only)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/07/2011 05:29:23 | Computer Name = MERLES-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX.TXT> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 03/07/2011 05:29:23 | Computer Name = MERLES-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX.TXT> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 03/07/2011 05:30:12 | Computer Name = MERLES-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 03/07/2011 05:31:48 | Computer Name = MERLES-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\QOOBOX\BACKENV> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 03/07/2011 06:55:49 | Computer Name = MERLES-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 03/07/2011 08:06:46 | Computer Name = MERLES-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 03/07/2011 11:05:06 | Computer Name = MERLES-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.

Error - 03/07/2011 11:05:06 | Computer Name = MERLES-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 03/07/2011 11:05:09 | Computer Name = MERLES-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.

Error - 03/07/2011 11:05:09 | Computer Name = MERLES-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

[ OSession Events ]
Error - 03/06/2010 08:42:44 | Computer Name = MERLES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/03/2011 17:47:58 | Computer Name = MERLES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 30131
seconds with 420 seconds of active time. This session ended with a crash.

Error - 11/05/2011 03:45:57 | Computer Name = MERLES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 340207
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 27/05/2011 17:07:55 | Computer Name = MERLES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 452623
seconds with 5160 seconds of active time. This session ended with a crash.

Error - 13/06/2011 06:35:58 | Computer Name = MERLES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 409335
seconds with 2940 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03/07/2011 11:07:43 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WebViewLSPService
with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error - 03/07/2011 11:07:58 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 03/07/2011 11:07:58 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 03/07/2011 11:08:31 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WebViewLSPService
with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error - 03/07/2011 11:08:32 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WebViewLSPService
with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error - 03/07/2011 11:08:43 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WebViewLSPService
with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error - 03/07/2011 11:09:18 | Computer Name = MERLES-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 03/07/2011 11:11:35 | Computer Name = MERLES-PC | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 03/07/2011 11:11:44 | Computer Name = MERLES-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 03/07/2011 11:11:46 | Computer Name = MERLES-PC | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 340 (0x154).


< End of report >

I have removed the other progammes you mentioned. I cant thank you enough for all your help you really are a star
  • 0

#11
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
Your logs are looking good :)
Thank you for your kind words

I'm not sure about Adaware, as I don't use it, but you can try to re-install it.
However, I would suggest you a different security plan, as your antivirus doesn't seem to be doing great and you have problems with AdAware. I'd suggest you to uninstall both Adaware and Bullgurd and install Microsoft Security Essentials as an active antivirus, and MBAM (look at the next step) to scan your computer from time to time to ensure that you're clean


Next:

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Next:

Perform a full scan of your computer with your antivirus and post the log here.



Next:

  • Open OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Temp\*.* /s
    c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Adobe\*.* /s
    c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\NVIDIA Corporation\*.* /s

  • Click the Quick Scan button. Post the log it produces in your next reply.



Apart from Adaware problem, are there any other issues?
  • 0

#12
merlejane

merlejane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi

Thank you for your suggestions re bullguard, but I have still got over a year on my subsciption so I will stay with them for a while ( I think it was something stupid I did in downloading something that caused it all I should have known better!!) It took a while to get rid of adaware, I think there was something odd about the version I had I think it was a fake but its gone now, and a lession learned!
Here are the logs you asked for, I hope they are ok, I think alls well now and again I cant thank you enough, you and the site are amazing ( bullguard put me on to you)
OTL logfile created on: 05/07/2011 06:27:28 - Run 5
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Documents and Settings\Merlr Morgan-Oxford\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.50% Memory free
7.85 Gb Paging File | 6.84 Gb Available in Paging File | 87.22% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 104.28 Gb Free Space | 22.39% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 775.05 Gb Free Space | 55.47% Space Free | Partition Type: NTFS
Drive O: | 703.12 Mb Total Space | 703.12 Mb Free Space | 100.00% Space Free | Partition Type: CDUDF

Computer Name: MERLES-PC | User Name: Merlr Morgan-Oxford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/01 15:15:44 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2011/03/03 20:31:28 | 000,175,800 | ---- | M] (Compete, Inc.) -- C:\Program Files\Consumer Input\dca-ua.exe
PRC - [2011/01/21 16:06:36 | 000,056,168 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
PRC - [2010/06/29 17:29:30 | 000,317,440 | ---- | M] () -- C:\Program Files\WebView\WebView-Process-Connector.exe
PRC - [2010/06/14 11:59:26 | 003,043,328 | ---- | M] (nurago GmbH) -- C:\Program Files\WebViewLSPService\WebViewLSPService.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/02/23 13:20:24 | 000,176,128 | ---- | M] () -- C:\Program Files\WebView\WebView-Updater.exe
PRC - [2009/02/23 13:20:24 | 000,102,400 | ---- | M] () -- C:\Program Files\WebView\WebView-Reporting.exe
PRC - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/10/21 11:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/21 11:26:10 | 001,032,640 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/09/09 23:26:41 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2008/09/09 23:26:41 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
MOD - [2011/06/15 11:32:32 | 000,029,664 | ---- | M] (BullGuard Ltd.) -- c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll
MOD - [2011/05/23 15:55:36 | 000,100,184 | ---- | M] (BullGuard Ltd.) -- C:\WINDOWS\system32\BgGamingMonitor.dll
MOD - [2011/05/18 10:34:12 | 000,036,696 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll
MOD - [2011/05/01 15:15:44 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll
MOD - [2011/01/11 10:59:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (aawservice)
SRV - [2011/06/15 11:19:38 | 000,337,240 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV - [2011/06/02 13:01:08 | 000,195,928 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2011/06/02 13:01:06 | 000,322,392 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2011/06/02 13:01:06 | 000,288,088 | ---- | M] (BullGuard Ltd.) [On_Demand | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/18 10:34:14 | 000,125,784 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe -- (BgRaSvc)
SRV - [2011/05/18 10:34:06 | 000,320,344 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2011/05/18 10:34:04 | 000,500,056 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV - [2011/05/18 10:34:04 | 000,186,712 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2011/05/18 10:34:04 | 000,067,928 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV - [2011/05/01 15:19:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/14 11:59:26 | 003,043,328 | ---- | M] (nurago GmbH) [Auto | Running] -- C:\Program Files\WebViewLSPService\WebViewLSPService.exe -- (WebViewLSPService)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/02/23 13:20:24 | 000,176,128 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Updater.exe -- (WebView-Update-Service)
SRV - [2009/02/23 13:20:24 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Reporting.exe -- (WebView-Reporting-Service)
SRV - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/10/21 11:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/09/09 23:36:05 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2008/09/09 23:26:41 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2008/09/09 23:26:41 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2008/09/09 23:26:40 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2008/09/09 23:26:39 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - [2011/06/15 11:32:36 | 000,789,448 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV - [2011/06/15 11:32:36 | 000,019,272 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV - [2011/06/15 11:32:32 | 000,304,712 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2011/06/15 11:32:32 | 000,267,624 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2011/06/15 11:32:32 | 000,064,608 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2011/06/15 11:32:32 | 000,034,280 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/12 08:44:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2011/05/01 17:13:55 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2011/05/01 17:13:29 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011/05/01 16:58:35 | 000,321,280 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2011/05/01 16:58:19 | 000,013,440 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2011/05/01 16:57:57 | 000,215,168 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2011/05/01 16:57:57 | 000,012,288 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2011/05/01 15:15:50 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2011/05/01 15:15:50 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2011/05/01 15:15:50 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2011/05/01 15:15:50 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2011/05/01 15:15:50 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2011/05/01 15:15:49 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2011/05/01 15:15:49 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2011/05/01 15:15:49 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2011/05/01 15:15:49 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2011/05/01 15:15:49 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2011/05/01 15:15:49 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2011/05/01 15:15:49 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2011/05/01 15:15:49 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2011/05/01 15:15:49 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2011/05/01 15:15:48 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2011/05/01 15:15:48 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2011/05/01 15:13:42 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2011/05/01 15:13:42 | 000,045,696 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2010/12/31 22:24:14 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/12/01 20:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/08/27 05:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/08/27 05:32:08 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2010/08/27 05:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/08/27 05:32:08 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/08/27 05:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/08/02 16:01:47 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/07/21 09:00:00 | 000,020,352 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/21 17:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/21 14:51:07 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/03/21 14:50:59 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/03/21 14:50:59 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/03/21 14:50:49 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/02/17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/24 07:59:14 | 000,054,272 | ---- | M] (DAVICOM Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dm9usb.sys -- (DM9USB)
DRV - [2008/09/22 11:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2008/07/28 18:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/04 14:47:46 | 000,026,368 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\optovcm.sys -- (optovcm)
DRV - [2008/04/04 14:47:46 | 000,018,432 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\optousb.sys -- (optousb)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/20 02:03:00 | 000,227,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0270Dev.sys -- (VF0270Dev)
DRV - [2007/08/15 08:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/05/09 09:36:18 | 000,434,176 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinAVS.sys -- (PinnacleMarvinAVS)
DRV - [2007/04/11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/03/30 01:44:48 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/03/30 01:44:48 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/03/30 01:44:48 | 000,032,352 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2007/03/05 19:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0270Vfx.sys -- (VF0270Vfx)
DRV - [2007/02/05 11:15:26 | 000,018,432 | ---- | M] (NewSoft Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Achernar.sys -- (Achernar)
DRV - [2007/01/29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2007/01/12 16:55:24 | 000,022,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/06/07 16:28:40 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/06/07 16:28:20 | 000,149,028 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/06/07 16:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/06/07 16:23:20 | 000,047,811 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2005/11/22 00:49:40 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/10/22 07:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/22 07:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/22 07:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/22 07:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/08/04 08:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 07:10:12 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\WebView\ [2010/08/04 07:36:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/06 11:02:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\[email protected]\ [2011/07/04 18:24:37 | 000,000,000 | ---D | M]

[2009/05/28 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Mozilla\Extensions
[2009/05/28 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Mozilla\Extensions\[email protected]
[2009/12/11 17:42:54 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/07/03 20:53:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh\iMeshIEHelper.dll ()
O2 - BHO: (WebView) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (nurago GmbH)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (BullGuard Safe Browsing) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
O4 - HKCU..\Run: [PowerSuite] C:\Program Files\Uniblue\PowerSuite\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GetRight.lnk = C:\Program Files\GetRight\GetRight.exe (Headlight Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Merlr Morgan-Oxford\Start Menu\Programs\Startup\Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra 'Tools' menuitem : About WebView - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (nurago GmbH)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - C:\WINDOWS\System32\WebViewLSPService.DLL (nurago GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} http://www.shopandsc.../TNSClicker.CAB (TNSClicker.Clicker)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.n...E_5.3.0.228.cab (Cult3D ActiveX Player)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.5.cab (DLM Control)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1221301042406 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1221301033546 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandsc.../TNSClickrc.CAB (TNSClickerc.Clicker)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bglink {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O18 - Protocol\Filter\application/x-icq {db40c160-09a1-11d3-baf2-000000000000} - C:\Program Files\ICQ\IExplorerMime.dll ()
O20 - AppInit_DLLs: (c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\WINDOWS\System32\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/12 16:01:47 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\O:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 18:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Malwarebytes
[2011/07/04 18:45:08 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/04 18:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/04 18:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/07/04 18:45:01 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 18:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/04 18:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/07/04 18:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\logs from trouble
[2011/07/04 18:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\BullGuard
[2011/07/04 18:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd
[2011/07/04 17:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Start Menu\Programs\Revo Uninstaller
[2011/07/04 17:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/07/04 15:25:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/04 14:44:25 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/07/04 08:36:04 | 000,000,000 | ---D | C] -- C:\sysdump
[2011/07/03 21:58:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/03 16:57:56 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\aswMBR.exe
[2011/07/03 08:46:09 | 004,130,135 | R--- | C] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
[2011/07/03 08:26:19 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\mbam-setup-1.51.0.1200new.exe
[2011/06/30 16:17:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/30 16:10:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/30 16:10:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/30 16:10:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/30 16:10:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/30 16:02:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/30 16:00:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/30 15:50:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/30 13:54:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
[2011/06/25 11:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeamViewer
[2011/06/25 11:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TeamViewer 6
[2011/06/25 11:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/06/22 14:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
[2011/06/20 13:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\LightScribe Diagnostic Utility
[2011/06/15 11:32:36 | 000,789,448 | ---- | C] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSKernel.sys
[2011/06/15 11:32:36 | 000,019,272 | ---- | C] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSNetmon.sys
[2011/06/15 11:32:32 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2011/06/15 11:32:32 | 000,267,624 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2011/06/15 11:32:32 | 000,064,608 | ---- | C] (BullGuard Ltd.) -- C:\WINDOWS\System32\drivers\BdSpy.sys
[2011/06/15 11:32:32 | 000,034,280 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2011/06/10 19:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Ebay purchases
[2011/05/01 15:15:37 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2011/03/03 21:20:52 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\log4cxx.dll
[2008/06/01 13:40:11 | 107,505,240 | ---- | C] (Acronis) -- C:\Program Files\TrueImage10.0_s_en.exe
[2008/06/01 13:39:55 | 107,505,240 | ---- | C] (Acronis) -- C:\Program Files\TrueImage10.0.4942_s_en.exe
[2008/06/01 13:39:48 | 001,069,935 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\RegCure_Setup_15_RW.exe
[2008/06/01 13:39:41 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2008/06/01 13:39:31 | 023,405,072 | ---- | C] ( ) -- C:\Program Files\AdbeRdr811_en_US.exe
[2002/01/14 18:30:34 | 021,823,560 | ---- | C] (Microsoft) -- C:\Program Files\dotnetfx.exe
[246 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/05 06:23:00 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Microsoft Office Outlook 2007.lnk
[2011/07/05 06:22:20 | 002,237,758 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\My Computer#20110705052758000000002.bglog
[2011/07/05 02:06:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/07/05 00:33:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/07/04 20:39:53 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-343818398-682003330-1004.job
[2011/07/04 20:39:53 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-343818398-682003330-1004.job
[2011/07/04 20:24:10 | 000,512,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/04 20:24:10 | 000,099,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/04 20:19:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/04 20:19:27 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 20:19:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/04 20:18:16 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/04 20:18:16 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/04 20:18:16 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/04 20:18:16 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/04 20:18:15 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000006-00001102-00000004-00511102}.rfx
[2011/07/04 20:17:52 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000006-00001102-00000004-00511102}.CDF
[2011/07/04 20:17:52 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000006-00001102-00000004-00511102}.BAK
[2011/07/04 18:59:51 | 000,098,740 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\win7 report.mht
[2011/07/04 18:45:09 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/04 18:39:09 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/07/04 18:24:41 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BullGuard.lnk
[2011/07/04 18:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/07/04 17:12:12 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Revo Uninstaller.lnk
[2011/07/04 15:28:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/04 15:28:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/04 15:00:14 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/07/04 08:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/04 04:07:01 | 153,862,744 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\BullGuard Internet Security Install.exe
[2011/07/03 20:53:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/03 18:42:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/03 16:57:54 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\aswMBR.exe
[2011/07/03 12:19:44 | 000,092,296 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\BullGuardDownloader.exe
[2011/07/03 08:46:09 | 004,130,135 | R--- | M] (Swearware) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\ComboFix.exe
[2011/07/03 08:26:19 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\mbam-setup-1.51.0.1200new.exe
[2011/07/01 09:19:27 | 000,151,552 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 21:10:11 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/30 16:17:37 | 000,000,513 | RHS- | M] () -- C:\boot.ini
[2011/06/30 13:54:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\OTL.exe
[2011/06/30 13:41:56 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Express Burn Disc Burning Software.lnk
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 11:46:47 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TeamViewer 6.lnk
[2011/06/24 14:53:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/23 16:59:10 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Shortcut to Local Disk ©.lnk
[2011/06/22 14:59:40 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/06/22 13:54:15 | 021,022,914 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\vlc-1.1.10-win32.exe
[2011/06/21 22:35:45 | 000,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2011/06/20 14:56:44 | 000,112,548 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Thank You at SewAlong.mht
[2011/06/20 13:47:45 | 000,475,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/18 14:29:20 | 000,029,038 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The_Mentalist_S03E24_Strawberries_and_Cream_Part_2_HDTV_XviD_LOL_VTV_avi-[Fenopy.eu].torrent
[2011/06/18 14:27:47 | 000,018,925 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The.Mentalist.S03E24.Strawberries.and.Cream.HDTV.XviD-2HD.torrent
[2011/06/18 06:50:50 | 000,019,457 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\11062555126C.jpg
[2011/06/15 11:32:36 | 000,789,448 | ---- | M] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSKernel.sys
[2011/06/15 11:32:36 | 000,019,272 | ---- | M] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSNetmon.sys
[2011/06/15 11:32:32 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2011/06/15 11:32:32 | 000,267,624 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2011/06/15 11:32:32 | 000,064,608 | ---- | M] (BullGuard Ltd.) -- C:\WINDOWS\System32\drivers\BdSpy.sys
[2011/06/15 11:32:32 | 000,034,280 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2011/06/06 13:27:29 | 000,059,065 | ---- | M] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\THE_WALKING_DEAD_SEASON_1_2010_1080p_BluRay_QEBS_AAC-FASM.6299677.TPB.torrent
[2011/06/06 11:03:06 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2011/06/06 11:01:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[246 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 06:22:40 | 002,237,758 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\My Computer#20110705052758000000002.bglog
[2011/07/04 18:59:51 | 000,098,740 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\win7 report.mht
[2011/07/04 18:45:09 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/04 18:39:09 | 000,001,899 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/07/04 18:24:41 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BullGuard.lnk
[2011/07/04 17:12:12 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Revo Uninstaller.lnk
[2011/07/04 14:44:34 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/07/04 14:44:28 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/07/04 14:44:15 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/07/04 14:44:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/07/04 14:44:09 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/07/04 14:44:08 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2011/07/04 08:46:21 | 000,006,309 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\bg-logs5.bat
[2011/07/03 22:18:38 | 153,862,744 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\BullGuard Internet Security Install.exe
[2011/07/03 08:20:36 | 000,092,296 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\BullGuardDownloader.exe
[2011/06/30 16:17:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/30 16:10:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/30 16:10:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/30 16:10:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/30 16:10:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/30 16:10:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/30 13:48:23 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/06/30 13:41:56 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/06/30 13:41:56 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Express Burn Disc Burning Software.lnk
[2011/06/25 11:46:47 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TeamViewer 6.lnk
[2011/06/23 16:59:10 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Shortcut to Local Disk ©.lnk
[2011/06/22 14:59:40 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/06/20 14:56:34 | 000,112,548 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Desktop\Thank You at SewAlong.mht
[2011/06/18 14:29:18 | 000,029,038 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The_Mentalist_S03E24_Strawberries_and_Cream_Part_2_HDTV_XviD_LOL_VTV_avi-[Fenopy.eu].torrent
[2011/06/18 14:27:41 | 000,018,925 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\The.Mentalist.S03E24.Strawberries.and.Cream.HDTV.XviD-2HD.torrent
[2011/06/18 07:26:58 | 000,019,457 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\11062555126C.jpg
[2011/06/10 19:58:48 | 021,022,914 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\vlc-1.1.10-win32.exe
[2011/06/06 13:27:25 | 000,059,065 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\My Documents\THE_WALKING_DEAD_SEASON_1_2010_1080p_BluRay_QEBS_AAC-FASM.6299677.TPB.torrent
[2011/06/06 11:03:06 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2011/05/01 15:15:47 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2011/05/01 15:15:47 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/05/01 15:15:47 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2011/05/01 15:15:47 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2011/05/01 15:15:47 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/05/01 15:15:46 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2011/05/01 15:15:46 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2011/05/01 15:15:46 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/05/01 15:15:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2011/05/01 15:15:45 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/05/01 15:15:45 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2011/05/01 15:15:45 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2011/05/01 15:15:45 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2011/05/01 15:15:45 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2011/05/01 15:15:45 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/05/01 15:15:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/09/22 17:35:56 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\WS_ATLMovie.dll
[2010/08/13 12:07:59 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/08/07 11:36:06 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/06/22 08:12:11 | 000,000,186 | ---- | C] () -- C:\WINDOWS\PHOTOHSE.INI
[2010/06/21 19:19:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\XSP2003.INI
[2010/06/21 19:04:58 | 000,000,131 | ---- | C] () -- C:\WINDOWS\XSPROF.INI
[2010/06/14 11:59:26 | 000,002,696 | ---- | C] () -- C:\WINDOWS\System32\WebViewLSPService.ini
[2010/06/14 11:59:26 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\WebViewLSPServiceOff.ini
[2010/05/06 11:06:26 | 000,000,062 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2010/05/03 07:40:04 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/06 17:02:41 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/04/06 17:02:41 | 001,185,359 | ---- | C] () -- C:\WINDOWS\System32\unins001.exe
[2010/04/06 17:02:41 | 000,046,845 | ---- | C] () -- C:\WINDOWS\System32\unins001.dat
[2010/02/17 22:49:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/01/16 10:14:52 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
[2010/01/16 10:14:51 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2010/01/16 10:14:51 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2010/01/16 10:14:51 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010/01/16 10:14:51 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2010/01/16 10:14:51 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2010/01/16 10:14:50 | 000,003,036 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/01/07 17:25:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\AVSMediaPlayer.m3u
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/02 09:51:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/06 18:12:39 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\setup_ldm.iss
[2009/09/11 12:40:20 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/09 10:04:42 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/05/23 07:20:45 | 000,101,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/02 20:16:28 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/04/02 20:16:28 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/03/21 14:35:32 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/03/18 16:19:51 | 000,000,111 | ---- | C] () -- C:\WINDOWS\SCORE.INI
[2009/02/26 04:11:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/02/16 19:18:06 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2009/02/16 19:16:12 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/02/15 17:58:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/01/11 15:25:07 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2009/01/11 15:25:07 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2009/01/11 15:25:07 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2009/01/02 12:30:30 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008/12/28 17:59:44 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/28 16:51:00 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/28 16:50:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/12/28 16:49:08 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/12 17:57:38 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/12/10 18:53:56 | 000,038,489 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Microsoft Excel 97-2003.ADR
[2008/12/09 19:57:26 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/12/09 19:57:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/12/09 19:57:02 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/12/09 19:56:42 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/12/09 19:56:34 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/12/09 19:56:22 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/12/08 14:37:04 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/08 14:34:42 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/08 13:53:40 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/06 20:00:27 | 001,466,969 | ---- | C] () -- C:\Program Files\88x_2_122_26109_WHQL.zip
[2008/12/06 08:43:56 | 000,029,561 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/06 08:43:35 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/12/06 08:42:57 | 000,000,628 | ---- | C] () -- C:\Program Files\WinTV Radio.lnk
[2008/12/06 08:42:46 | 000,000,650 | ---- | C] () -- C:\Program Files\WinTV2000.lnk
[2008/12/06 08:41:15 | 000,002,032 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/12/05 16:59:41 | 000,256,222 | ---- | C] () -- C:\Program Files\dotnetfx_cleanup_tool.zip
[2008/12/03 18:20:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2008/11/26 20:55:22 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/11/26 19:49:10 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/10/15 08:14:59 | 000,001,732 | ---- | C] () -- C:\Program Files\WinZip.lnk
[2008/10/12 16:10:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\rx_image.Cache
[2008/10/12 16:10:28 | 000,577,592 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\rx_audio.Cache
[2008/09/19 06:40:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/09/15 18:22:08 | 000,000,287 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2008/09/14 18:42:54 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ICQAL.dll
[2008/09/14 18:42:54 | 000,126,704 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/09/14 18:42:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\icqsock.dll
[2008/09/14 18:42:54 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\icquiex.dll
[2008/09/14 18:42:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\ICQMAPI.dll
[2008/09/14 18:42:54 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\icqcprt.dll
[2008/09/14 18:42:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/09/14 18:42:54 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\icqwcom.dll
[2008/09/14 18:42:54 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\icqwutl.dll
[2008/09/14 18:42:54 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\icqcutl.dll
[2008/09/14 18:42:54 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\ICQWSock16.dll
[2008/09/14 17:26:48 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/14 14:15:56 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/14 12:35:32 | 000,000,206 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2008/09/14 12:12:03 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2008/09/14 12:09:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\NSM4AEnc.dll
[2008/09/14 12:09:07 | 000,671,859 | ---- | C] () -- C:\WINDOWS\System32\NSEncore.dll
[2008/09/14 08:48:33 | 000,000,448 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/14 08:21:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\printhse.ini
[2008/09/14 08:21:29 | 000,000,056 | ---- | C] () -- C:\WINDOWS\country.ini
[2008/09/13 23:22:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2008/09/13 22:02:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\$_hpcst$.hpc
[2008/09/13 21:51:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CompanionApp.INI
[2008/09/13 20:16:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/13 15:15:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2008/09/13 14:37:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\LDLog.INI
[2008/09/13 14:36:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/13 14:28:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/09/13 14:05:10 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/09/13 14:04:47 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/09/13 14:04:45 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/09/13 14:04:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/09/13 14:04:42 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/09/13 13:25:15 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2008/09/13 13:25:14 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2008/09/13 13:17:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/09/13 13:02:56 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/09/13 13:02:52 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/09/13 11:40:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/13 11:39:20 | 000,475,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/13 11:08:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/13 11:04:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/09 23:36:57 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to setup.lnk
[2008/08/28 15:41:37 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2008/07/09 09:05:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2008/06/15 10:27:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/06/01 13:40:52 | 003,351,552 | ---- | C] () -- C:\Program Files\VersionTracker_Pro_Windows_4_0.msi
[2008/06/01 13:39:37 | 000,881,488 | ---- | C] () -- C:\Program Files\Google Updater.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/29 16:42:22 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 16:42:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/03/29 16:42:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 16:42:08 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 16:42:04 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 16:42:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 16:42:02 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2008/03/29 16:42:02 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 16:42:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 16:42:00 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2008/03/29 16:41:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2008/03/29 16:41:54 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 16:41:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/03/29 16:41:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/22 05:16:14 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2007/12/22 05:16:04 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/12/22 05:15:02 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2007/12/22 04:37:44 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/06/28 19:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/27 16:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/08/11 15:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/06/07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/01 14:05:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/11/10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/11/10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/11/10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/03/31 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 13:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2003/03/31 13:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/03/31 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 13:00:00 | 000,512,666 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(3).dll
[2003/03/31 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(2).dll
[2003/03/31 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 13:00:00 | 000,099,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll
[2003/03/31 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/03/31 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/23 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/03/21 15:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2009/08/30 13:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund
[2011/07/05 06:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BullGuard
[2011/05/23 16:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\C2E
[2009/05/13 06:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Documents
[2009/01/14 12:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2010/06/22 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DP Software
[2010/08/18 19:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Whiz
[2009/09/26 09:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
[2011/05/01 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2009/02/24 09:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Entriq
[2010/04/24 22:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Karen's Power Tools
[2011/07/05 06:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
[2011/06/30 13:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2009/01/14 12:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2008/09/13 21:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Philips
[2009/06/21 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2009/06/21 22:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio Plus
[2010/08/12 16:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RapidSolution
[2011/03/18 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2009/11/28 09:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sky
[2008/09/14 12:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
[2009/06/21 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Studio 12
[2010/09/22 17:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/07/01 10:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2010/09/22 17:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneClone
[2009/04/01 07:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2010/09/22 17:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\xml_param
[2011/05/01 12:02:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{83FC5D7A-8875-4931-80D6-1E3AC725D336}
[2011/05/01 12:01:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8EE64AC9-4067-4544-96FA-A1719B301ABF}
[2010/07/09 08:37:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
[2009/12/12 09:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/09/15 08:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/06/30 10:40:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/03/21 16:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Acronis
[2009/03/13 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Amazon
[2009/03/19 10:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Anthropics
[2009/08/30 13:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Broderbund
[2011/01/31 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\BullGuard
[2009/09/26 09:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\CBS Interactive
[2009/11/22 15:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/14 12:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\DriverCure
[2011/07/04 20:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\GetRight
[2010/12/17 15:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Graboid Inc
[2010/05/11 12:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Gygan
[2008/09/13 14:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\InterTrust
[2010/08/13 12:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Megaupload
[2010/08/12 17:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\NCH Swift Sound
[2010/09/04 08:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Neo-Modus.com
[2009/05/29 08:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\RapidGet
[2011/01/02 10:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Samsung
[2009/01/04 22:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Search Settings
[2011/06/02 20:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\shrink_pic
[2011/01/31 18:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Software Inspection Library
[2010/05/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\SoundMaven
[2009/05/06 16:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\SuperNZB
[2009/01/11 15:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Systweak
[2011/06/25 11:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeamViewer
[2011/07/04 18:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TeraCopy
[2009/05/28 17:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\TomTom
[2011/05/01 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Uniblue
[2011/07/04 22:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\uTorrent
[2008/12/04 08:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\VersionTracker Pro
[2008/09/18 17:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Windows Desktop Search
[2008/09/18 20:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\Windows Search
[2011/07/04 08:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/07/05 02:06:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/06/30 21:10:11 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2011/07/04 18:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/07/05 00:33:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2010/10/06 17:13:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2010/10/07 17:56:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Temp\*.* /s >

< c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Adobe\*.* /s >
[2011/06/22 13:58:13 | 000,084,120 | ---- | M] () -- c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Adobe\Acrobat\10.0\UserCache.bin
[2011/06/22 13:58:12 | 000,000,960 | ---- | M] () -- c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Adobe\Color\ACECache11.lst

< c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\NVIDIA Corporation\*.* /s >
[2011/06/20 16:38:15 | 000,019,456 | ---- | M] () -- c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd_exe_1309551512.arl

< End of report >
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7021

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

04/07/2011 21:30:50
mbam-log-2011-07-04 (21-30-50).txt

Scan type: Quick scan
Objects scanned: 284947
Time elapsed: 48 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
sorry bullguard log wont attach but it only found cookies and its cleaned them
Thank you again you do great work!!!!!
  • 0

#13
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hey

Happy to hear that you're clean finally :unsure:

Congratulations! Your logs are clean! :) Now that you are clean, please follow these precautions in order to keep safe:


Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (aawservice)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
    [246 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    :Services

    :Reg

    :Files
    c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\NVIDIA Corporation
    c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Adobe
    c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Temp
    c:\program files\iMeshMediabarTb
    C:\Documents and Settings\Merlr Morgan-Oxford\Application Data\iMeshMediabarTb

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL for the last time and hit the cleanup button. It will remove all the programs we have used plus itself.


Next:


Uninstall ComboFix from your computer:
  • Click on Start > Run
  • Type Combofix /Uninstall in the run box and click Ok. Note the space between the x and the /u, it needs to be there.
    Posted Image


Next:


Note: If you are using Firefox I would suggest the use of these add-ons:
  • NoScript - for blocking ads and other potential website attacks.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.


Next:


Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.



Next:


Additional security programs - For additional security, the use of these tools is important:
  • Malwarebytes Anti-Malware. - Update the free version and scan with it often. It is an excellent scanning tool to have on your side.
  • Javacool's SpywareBlaster: - It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.
    Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)

    Press "Enable All Protection", and you're done.
    The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
    Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
    Don't forget to check for updates every week or so.
  • The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial

Next:

Upgrading Java:
  • Go here and click Do I have Java
  • It will check your current version and then offer to update to the latest version, if there are any.


Next:


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


Next:


Keep a backup of your important files to prevent future data loss.


Happy safe computing !! :yes:
  • 0

#14
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP