This topic is locked
Run the fix now and we should be able to work in normal mode
Killer-Virus on my computer! As soon as I get to my desktop it res
Started by
Pawanhammers
, Aug 13 2010 03:47 PM
#16
Posted 15 August 2010 - 05:51 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Run the fix now and we should be able to work in normal mode
#17
Posted 15 August 2010 - 06:22 AM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
I don't fully understand. Next post I shall post ComboFix, 1 OTL Fix Log, and 1 OTL Scan Log, what shall I put in the OTL Scan Log custom box.( in Normal mode ) Or shall I just click Run Scan, with those 2 boxes unticked.
#18
Posted 15 August 2010 - 06:25 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
For the new OTL log just run quick scan ( selecting all users )Next post I shall post ComboFix, 1 OTL Fix Log, and 1 OTL Scan Log
Otherwise the plan is good
#19
Posted 15 August 2010 - 01:08 PM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
A complicated situation here, indeed. Problems happening with ComboFix. Let me first show you the OTL logs.
Here is the OTL FIX Log
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\dvxvxufc deleted successfully.
C:\WINDOWS\system32\drivers\dvxvxufc.sys moved successfully.
Prefs.js: "Web Search..." removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A43B03B-D079-4C50-8D95-95DABBB7B2AD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A43B03B-D079-4C50-8D95-95DABBB7B2AD}\ deleted successfully.
C:\WINDOWS\system32\epgap.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B882AC28-644E-40AD-B8EB-2BC21AF3F838}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B882AC28-644E-40AD-B8EB-2BC21AF3F838}\ deleted successfully.
C:\WINDOWS\system32\ipgap.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bar deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\cwaxrnmeos.tmp moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MChk deleted successfully.
C:\WINDOWS\system32\vpgap.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pbvsyoin deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\isbgvuxsh\luhjnqjshdw.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sta deleted successfully.
File C:\WINDOWS\System32\ipgap.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tmtapcvi deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\lfggvdkbt\lmtpgnhshdw.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\{0D0D36BD-C089-5DD3-AA1C-6AB48D3C8A22} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D0D36BD-C089-5DD3-AA1C-6AB48D3C8A22}\ not found.
C:\Documents and Settings\Administrator\Application Data\Idki\qoovr.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\pbvsyoin deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\isbgvuxsh\luhjnqjshdw.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\secureapp70700.exe deleted successfully.
C:\Documents and Settings\Administrator\Application Data\69815FF4AC8F7F65A62ECD83125A4915\secureapp70700.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Startup deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\system32.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\tmtapcvi deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\lfggvdkbt\lmtpgnhshdw.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Uroyoyiziyema deleted successfully.
C:\WINDOWS\weipsroc.dll moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk moved successfully.
File C:\Documents and Settings\Administrator\Application Data\69815FF4AC8F7F65A62ECD83125A4915\secureapp70700.exe not found.
C:\Documents and Settings\Administrator\Application Data\Sky-Banners\skb folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Sky-Banners folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Street-Ads\sta folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Street-Ads folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\isbgvuxsh folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\lfggvdkbt folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\69815FF4AC8F7F65A62ECD83125A4915 folder moved successfully.
C:\WINDOWS\win32.exe moved successfully.
C:\Documents and Settings\Administrator\Application Data\lsass.exe moved successfully.
File C:\WINDOWS\System32\drivers\dvxvxufc.sys not found.
File C:\WINDOWS\win32.exe not found.
File C:\Documents and Settings\Administrator\Application Data\lsass.exe not found.
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk not found.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk moved successfully.
File C:\WINDOWS\System32\drivers\dvxvxufc.sys not found.
Folder C:\Documents and Settings\Administrator\Application Data\Sky-Banners\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 45676831 bytes
->Temporary Internet Files folder emptied: 17143148 bytes
->Java cache emptied: 16960 bytes
->FireFox cache emptied: 110874846 bytes
->Google Chrome cache emptied: 118817464 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 66148 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 172214 bytes
->Flash cache emptied: 56504 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33036 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 577079 bytes
User: Pawan
->Temp folder emptied: 8141 bytes
->Temporary Internet Files folder emptied: 283966 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4551804 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85744 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 41940784 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
Total Files Cleaned = 325.00 mb
[EMPTYFLASH]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Pawan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTLPE by OldTimer - Version 3.1.40.0 log created on 08152010_171704
Here is the OTL Log in normal mode ( the one with no custom fixes ).
OTL logfile created on: 15/08/2010 13:29:30 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 1.83 Gb Free Space | 7.50% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 5.43 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIIWII
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/15 13:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/07/04 09:54:31 | 000,142,336 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/10 17:17:15 | 000,139,264 | ---- | M] (SOURCENEXT) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/28 18:39:04 | 000,516,096 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
PRC - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Program Files\Dokan\DokanLibrary\mounter.exe
PRC - [2008/12/06 00:18:58 | 000,577,536 | ---- | M] (Hoo Technologies) -- C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
PRC - [2008/04/16 12:53:46 | 001,079,808 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/03/26 18:41:50 | 001,232,896 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2008/03/19 15:24:20 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2008/03/10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/02/22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2007/05/24 09:00:43 | 000,081,920 | ---- | M] (Gerber Technology, A Gerber Scientific Company) -- C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/10/14 13:17:28 | 001,443,840 | ---- | M] (Linksys) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
PRC - [2004/06/14 16:16:18 | 000,045,056 | ---- | M] () -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2002/03/22 05:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
========== Modules (SafeList) ==========
MOD - [2010/08/15 13:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/10 17:17:15 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/14 20:41:34 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - [2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 17:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/23 11:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 11:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 21:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/09/01 17:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/22 21:09:16] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008/12/31 11:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 20:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 09:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 11:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 14:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/13 17:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 21:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 09:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 21:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 21:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/13 17:48:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 13:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
O1 HOSTS File: ([2010/08/15 22:17:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..\Toolbar\ShellBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 10:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b6ce28e9-47d9-11df-8278-00121761df2f}\Shell - "" = AutoRun
O33 - MountPoints2\{b6ce28e9-47d9-11df-8278-00121761df2f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b6ce28e9-47d9-11df-8278-00121761df2f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/08/15 22:17:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/15 13:28:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/13 15:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 21:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 19:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 19:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 19:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 18:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/08 23:15:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/06 14:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 14:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 14:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 19:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 19:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 16:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/08/05 16:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nuance
[2010/08/05 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2010/08/05 16:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/08/05 16:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nuance
[2010/08/05 16:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/08/05 16:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/08/05 16:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/08/04 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 15:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/04 01:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/04 01:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 20:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 20:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 18:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 13:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 23:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 22:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 22:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 18:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 13:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 12:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 12:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 12:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 12:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 12:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 12:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 12:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 12:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 12:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 12:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 12:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 12:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 12:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/02 11:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/02 11:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/02 10:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 21:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 17:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 17:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 13:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 13:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/29 09:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Paiduh
[2010/07/25 11:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 11:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2010/07/25 11:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/07/21 14:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PrintScreen Files
[2010/07/21 14:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2010/07/20 18:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/19 22:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/07/19 22:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/07/16 20:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\U-TORRENT
[2010/07/14 20:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/07/12 19:28:32 | 000,000,000 | ---D | C] -- C:\Games
[2010/07/08 19:07:01 | 000,024,448 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/05 08:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/07/04 13:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2010/07/04 13:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/04 13:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/07/04 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/07/04 13:16:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/04 09:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/07/04 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/07/04 09:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/02 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Movies
[2010/07/02 08:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/29 21:04:38 | 000,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\WINDOWS\System32\GplMpgDec.ax
[2010/06/29 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Mobile 3GP Video Converter
[2010/06/29 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/06/29 20:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTubeAssistant
[2010/06/29 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 07
[2010/06/29 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/06/29 18:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/06/29 18:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My YouTube
[2010/06/29 18:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Eurekr.com
[2010/06/29 18:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2010/06/27 16:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/27 16:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\directx2
[2010/06/27 16:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/27 16:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 08
[2010/06/26 22:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/06/26 22:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVDVideoSoft
[2010/06/26 20:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\EA SPORTS™ FIFA Online
[2010/06/26 19:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/06/26 19:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
[2010/06/26 19:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/06/26 19:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2010/06/26 19:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup
[2010/06/26 18:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2010/06/26 18:21:09 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/06/26 18:21:02 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/06/21 11:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\VStitcher
[2010/06/21 11:28:16 | 000,000,000 | ---D | C] -- C:\mm95
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\dxf
[2010/06/21 11:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dvd
[2010/06/21 11:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVD Flick
[2010/06/21 11:06:36 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2010/06/21 11:06:36 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/06/21 11:06:36 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010/06/21 11:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/06/21 10:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DivX Author
[2010/06/21 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/21 10:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer
[2010/06/21 10:36:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/21 10:16:57 | 000,000,000 | ---D | C] -- C:\LEGEND
[2010/06/19 12:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/06/19 12:22:46 | 000,000,000 | ---D | C] -- C:\acmkrbin
[2010/06/19 12:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gerber Technology
[2010/06/19 12:18:29 | 000,000,000 | ---D | C] -- C:\userroot
[2010/06/19 12:18:29 | 000,000,000 | ---D | C] -- C:\ads
[2010/06/19 12:07:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/06/19 11:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/06/14 20:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/06/14 20:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/06/13 16:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\RCLogon
[2010/06/11 20:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/06/11 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/06/11 19:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/11 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/06/11 18:59:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/11 18:55:24 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/06/11 18:53:51 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/11 16:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/11 16:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/11 16:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/11 16:14:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/10 20:34:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/06 19:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/06 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dokan
[2010/06/06 14:49:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/06 14:33:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/06 14:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/06/06 14:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2010/06/01 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/06/01 23:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/01 23:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/06/01 23:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/01 23:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/06/01 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/06/01 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/01 15:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/01 14:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/05/29 08:59:04 | 000,000,000 | ---D | C] -- C:\aircrack-ng-1.1-win
[2010/05/29 08:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi
[2010/05/28 17:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/05/27 18:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/05/27 18:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
[2010/05/23 11:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\CyberLink
[2010/05/23 11:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/05/23 11:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2010/05/23 11:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/05/22 21:05:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/05/22 20:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CyberLink
[2010/05/22 20:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2010/05/22 20:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/05/22 20:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/05/22 19:52:45 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2010/05/22 19:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2010/05/22 17:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinAVI MP4 Converter
[2010/05/22 12:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/05/19 18:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MAC
========== Files - Modified Within 90 Days ==========
[2010/08/15 22:18:23 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/15 22:17:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/15 17:24:16 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/15 17:23:49 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/15 17:23:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/15 17:23:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/15 17:23:29 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/15 16:07:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/15 13:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/14 15:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/14 15:44:21 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/13 18:48:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/13 02:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-WII-Administrator.job
[2010/08/13 01:32:12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/13 01:31:19 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/13 00:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 22:30:56 | 1340,162,048 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/08/11 18:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 13:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 12:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 12:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 12:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 11:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 17:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 14:24:19 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/04 00:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 13:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 13:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 13:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 19:12:04 | 000,088,969 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 16:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 12:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 17:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/20 10:15:54 | 003,589,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/19 22:16:54 | 000,087,607 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/19 22:13:00 | 000,076,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/15 18:01:32 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/12 20:30:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/07/12 20:30:37 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/07/11 15:13:18 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/04 13:20:37 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/07/01 09:08:24 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/27 16:18:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/26 19:28:17 | 000,139,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 19:28:17 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/26 19:28:00 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/21 11:45:07 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/21 11:45:07 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2010/06/21 11:45:06 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/21 11:45:06 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/06/21 11:31:02 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/21 11:31:02 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\nsprs.dll
[2010/06/21 11:30:57 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:57:16 | 000,000,607 | ---- | M] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/21 10:35:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:58:11 | 000,008,430 | ---- | M] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:28:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:24:02 | 000,000,054 | ---- | M] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | M] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:20:51 | 000,001,398 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 19:01:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/11 18:57:49 | 000,023,553 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/11 18:52:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/11 18:52:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/11 18:52:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/11 18:49:31 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/11 18:39:17 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:14:41 | 000,226,555 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/05/29 09:14:52 | 000,012,442 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
[2010/05/28 20:20:55 | 006,679,323 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\86.169.211.22_hfplg.com_Emissary.rar
[2010/05/18 21:00:48 | 000,000,048 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
========== Files Created - No Company Name ==========
[2010/08/15 17:23:29 | 1340,133,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/13 00:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 14:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 17:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 16:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/04 00:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 19:12:01 | 000,088,969 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 18:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 18:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 17:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/20 13:42:44 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-WII-Administrator.job
[2010/07/19 22:16:53 | 000,087,607 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/11 15:13:18 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/10 17:42:16 | 1340,162,048 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/04 09:54:50 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/07/02 19:05:24 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/07/01 08:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 21:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 21:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/06/26 22:09:45 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/06/26 19:28:18 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 19:28:17 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/26 19:28:03 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/06/26 19:28:01 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/06/26 19:28:00 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/26 18:22:05 | 000,002,345 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/06/21 11:30:57 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 12:55:21 | 000,008,430 | ---- | C] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 12:33:35 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\A870.sentinel
[2010/06/19 12:28:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:26:18 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/19 12:26:18 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010/06/19 12:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | C] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:22:36 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/19 12:22:36 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/06/19 12:22:36 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/19 12:22:36 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2010/06/19 12:20:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 18:56:07 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/06/11 18:55:15 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/11 18:54:45 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/06/11 18:54:44 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/11 18:54:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/11 18:54:33 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/11 18:54:31 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/11 18:54:21 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/11 18:54:16 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/11 18:54:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/06/11 18:53:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/11 18:53:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/06/11 18:53:46 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/06/11 18:53:45 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/06/11 18:51:40 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:39:17 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:38:39 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/11 18:38:39 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/11 18:38:39 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/06/11 18:38:39 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/06/11 18:38:39 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/11 18:38:39 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/06/11 18:38:39 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/06/11 18:38:39 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/06/11 18:38:39 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/06/11 18:38:39 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/06/11 18:38:39 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/11 18:38:39 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/06/11 18:38:39 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/06/11 18:38:39 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/11 18:38:39 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/11 18:38:38 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/06/11 18:38:38 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/06/11 18:38:38 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/06/06 14:33:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/06/06 14:09:48 | 001,718,912 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/06/06 14:09:48 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/06/06 14:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 14:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 14:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/06/01 17:58:53 | 000,060,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/01 17:38:29 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/05/29 09:14:52 | 000,012,442 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
[2010/05/28 20:20:14 | 006,679,323 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\86.169.211.22_hfplg.com_Emissary.rar
[2010/05/22 19:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 14:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/03 15:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 22:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 21:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/12 11:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 10:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 10:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/11/05 23:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2008/12/31 11:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2007/11/14 20:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 18:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/08/10 19:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/07/04 09:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/09 14:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2010/07/20 18:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/04 02:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/06/26 22:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/04/12 10:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/04/13 11:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/05/09 12:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GeoVid
[2010/06/29 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/05/02 20:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HTNetMeter
[2010/08/15 22:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/05/22 12:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/08/01 17:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/05/16 17:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2010/07/05 19:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MessengerDiscovery 2
[2010/05/01 21:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/05/01 21:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
[2010/05/28 17:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/08/05 16:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nuance
[2010/08/13 19:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Paiduh
[2010/05/01 21:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/21 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2010/08/13 22:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/05/27 18:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/08/12 21:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/02 22:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/06/27 16:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/21 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/14 20:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/08/13 19:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/08/02 12:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/21 11:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/04/12 12:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2010/04/12 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010/05/01 21:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/01 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/04 16:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/08/05 16:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/05/01 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/12 21:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/02 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/05 16:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/05/23 11:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/05/02 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/05/23 11:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/08/11 19:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/24 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Nokia
[2010/07/02 11:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\ESET
[2010/08/11 15:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\PC Suite
========== Purity Check ==========
< End of report >
Here is the OTL Extra log in normal mode.
OTL Extras logfile created on: 15/08/2010 13:29:30 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 1.83 Gb Free Space | 7.50% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 5.43 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIIWII
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Administrator\My Documents\Downloads\utorrent (1).exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\utorrent (1).exe:*:Enabled:µTorrent -- File not found
"C:\Documents and Settings\Administrator\Desktop\utorrent (1).exe" = C:\Documents and Settings\Administrator\Desktop\utorrent (1).exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe" = C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe:*:Enabled:Nonoh -- File not found
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\IpSharkk\IpSharkk.exe" = C:\Program Files\IpSharkk\IpSharkk.exe:*:Enabled:IpSharkk -- File not found
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}" = BT Voyager Wireless Utility
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EEAB819-BF2D-4F43-85DE-66B7D6FC2F56}" = 1-Click YouTubeAssistant
"{40928C54-F8EE-420D-BD80-07F2F78CFB0D}" = MySQL Connector/ODBC 3.51
"{41BB38A4-ED84-4682-8329-042FEBD8C30B}" = Mega Manager
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44F337BB-514E-43AC-803B-7673B8C2267B}" = TMPGEnc 4.0 XPress Trial Version
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58395cd9-51fb-4c06-96fa-770c441a7168}" = Nero 9
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C9CEF25-6F70-4916-AFE2-67DC66E440F9}" = SmartFTP Client
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A96B905-B786-43DC-8C8C-5E52A5966E48}" = DokanLibrary
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0048-0409-0000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 32-bit
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{97B9314B-134D-482B-A32E-1E6123BE0F64}" = Wireless-G Portable USB Adapter
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C05FA75-0337-4523-AA57-9D3511018887}" = Nokia PC Suite
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch Utility
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B8D91F6B-803A-4579-9DAD-1377B56DC657}" = TMPGEnc Authoring Works 4
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB1FC9F9-4B1F-46EC-BF56-25F599C3A947}" = MySQL Server 5.1
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast5" = avast! Internet Security
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Blueline_is1" = Blueline 1.1.1
"CamStudio" = CamStudio
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CommView for WiFi" = CommView for WiFi
"Core FTP LE 2.1" = Core FTP LE 2.1
"Defraggler" = Defraggler
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"dvdSanta 4.00 - Create Your Own DVD Movies!_is1" = dvdSanta 4.00
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.8.1 Home Edition
"Free Studio_is1" = Free Studio version 4.8
"Gadwin PrintScreen Professional" = Gadwin PrintScreen Professional
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Lunascape6" = Lunascape6 (All Users)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.3.4640
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
"MSN Sniffer 2" = MSN Sniffer 2
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Net Meter" = Net Meter 3.6 build 437
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NoIPDUC" = No-IP DUC
"Nokia PC Suite" = Nokia PC Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"OKI LPR Utility" = OKI LPR Utility
"PFConfig" = PFConfig 1.0.275
"PFPortChecker" = PFPortChecker 1.0.32
"Pool Sharks" = Pool Sharks 2.1
"PowerISO" = PowerISO
"PremiumSoft Navicat 8.2 for MySQL_is1" = PremiumSoft Navicat 8.2 for MySQL
"PROSet" = Intel® PRO Network Adapters and Drivers
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera Driver
"RCLogon_is1" = RCLogon 2
"Simple Port Forwarding" = Simple Port Forwarding
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 5" = TeamViewer 5
"Tweak UI 2.10" = Tweak UI
"Ultra Mobile 3GP Video Converter_is1" = Ultra Mobile 3GP Video Converter 5.2.0603
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.9
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.2
"WampServer 2_is1" = WampServer 2.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1 beta2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"00355e5451b496b8" = Habbo Coin Generator
"Antimalware Doctor" = Antimalware Doctor
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/08/2010 17:41:08 | Computer Name = WIIWII | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2172
Error - 11/08/2010 17:41:08 | Computer Name = WIIWII | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2172
Error - 11/08/2010 20:00:44 | Computer Name = WIIWII | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041F from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 11/08/2010 22:30:31 | Computer Name = WIIWII | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 12.0.0.0, faulting module
photoshop.exe, version 12.0.0.0, fault address 0x017950b4.
Error - 12/08/2010 18:55:36 | Computer Name = WIIWII | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3834, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/08/2010 18:55:39 | Computer Name = WIIWII | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3834, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/08/2010 18:57:44 | Computer Name = WIIWII | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 code helper v1.1.exe, P2 1.0.0.0, P3 4bf55544,
P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 29b, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc,
P10 NIL.
Error - 13/08/2010 12:35:38 | Computer Name = WIIWII | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3834, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 15/08/2010 08:26:51 | Computer Name = WIIWII | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 15/08/2010 08:26:52 | Computer Name = WIIWII | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
[ OSession Events ]
Error - 22/04/2010 15:30:39 | Computer Name = PAWAN-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
[ System Events ]
Error - 15/08/2010 11:06:53 | Computer Name = WIIWII | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31
Error - 15/08/2010 11:06:53 | Computer Name = WIIWII | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31
Error - 15/08/2010 11:06:53 | Computer Name = WIIWII | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31
Error - 15/08/2010 11:06:53 | Computer Name = WIIWII | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 15/08/2010 11:06:53 | Computer Name = WIIWII | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswFW aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
SCDEmu
Tcpip
Error - 15/08/2010 11:06:58 | Computer Name = WIIWII | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 15/08/2010 11:07:25 | Computer Name = WIIWII | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 15/08/2010 12:23:59 | Computer Name = WIIWII | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 15/08/2010 12:23:59 | Computer Name = WIIWII | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 15/08/2010 12:24:20 | Computer Name = WIIWII | Source = Dhcp | ID = 1002
Description = The IP address lease 5.128.68.51 for the Network Card with network
address 0023C3804433 has been denied by the DHCP server 0.0.0.1 (The DHCP Server
sent a DHCPNACK message).
< End of report >
Now here is my problem with ComboFix.
I started it, and yes I had the recovery console installed before, and it said Accept Terms and Conditions and stuff and I said yes, then it began, and it said... preparing for scan, Creating system checkpoint, it was like that for 20 minutes, I thought it shouldn't take 20 minutes for a program to make a checkpoint, so I force shutdowned the computer and an error came up after the DELL loading bar, it said something about Intel and network and corrupt and boot. Can't quite remember, if I get it i'll EDIT this post and give you it. So I countinued in to Windows, ignoring the error, and tried ComboFix again, this time it passed the preparation and it was at this part ' Starting auto-scan, normally 10 minutes, badly infected computers may take double that time'. And it was like that for an hour. Then I force shutdowned it again, the error came up and I countinued with XP and ran ComboFix this time the auto-scan progressed and I went out and left my computer on and I came back about 1 and a half hours later and it had a plain blue screen, with my mouse. So I forced shutdownned the computer, the error came up again, skipped the error, and ComboFix AUTOMATICALLY came up again, this time it said, Making LOG, don't run any programs, I went and came back 20 minutes later, still like that, so I force shutdownned it and here I am typing these words. I hope you can help with running ComboFix properly and that problem after booting i'll just restart my computer in a moment and edit the message to show you what the error was.
Here is the OTL FIX Log
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\dvxvxufc deleted successfully.
C:\WINDOWS\system32\drivers\dvxvxufc.sys moved successfully.
Prefs.js: "Web Search..." removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A43B03B-D079-4C50-8D95-95DABBB7B2AD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A43B03B-D079-4C50-8D95-95DABBB7B2AD}\ deleted successfully.
C:\WINDOWS\system32\epgap.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B882AC28-644E-40AD-B8EB-2BC21AF3F838}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B882AC28-644E-40AD-B8EB-2BC21AF3F838}\ deleted successfully.
C:\WINDOWS\system32\ipgap.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bar deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\cwaxrnmeos.tmp moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MChk deleted successfully.
C:\WINDOWS\system32\vpgap.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pbvsyoin deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\isbgvuxsh\luhjnqjshdw.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sta deleted successfully.
File C:\WINDOWS\System32\ipgap.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tmtapcvi deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\lfggvdkbt\lmtpgnhshdw.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\{0D0D36BD-C089-5DD3-AA1C-6AB48D3C8A22} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D0D36BD-C089-5DD3-AA1C-6AB48D3C8A22}\ not found.
C:\Documents and Settings\Administrator\Application Data\Idki\qoovr.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\pbvsyoin deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\isbgvuxsh\luhjnqjshdw.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\secureapp70700.exe deleted successfully.
C:\Documents and Settings\Administrator\Application Data\69815FF4AC8F7F65A62ECD83125A4915\secureapp70700.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Startup deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\system32.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\tmtapcvi deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\lfggvdkbt\lmtpgnhshdw.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Uroyoyiziyema deleted successfully.
C:\WINDOWS\weipsroc.dll moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk moved successfully.
File C:\Documents and Settings\Administrator\Application Data\69815FF4AC8F7F65A62ECD83125A4915\secureapp70700.exe not found.
C:\Documents and Settings\Administrator\Application Data\Sky-Banners\skb folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Sky-Banners folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Street-Ads\sta folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Street-Ads folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\isbgvuxsh folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\lfggvdkbt folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\69815FF4AC8F7F65A62ECD83125A4915 folder moved successfully.
C:\WINDOWS\win32.exe moved successfully.
C:\Documents and Settings\Administrator\Application Data\lsass.exe moved successfully.
File C:\WINDOWS\System32\drivers\dvxvxufc.sys not found.
File C:\WINDOWS\win32.exe not found.
File C:\Documents and Settings\Administrator\Application Data\lsass.exe not found.
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk not found.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk moved successfully.
File C:\WINDOWS\System32\drivers\dvxvxufc.sys not found.
Folder C:\Documents and Settings\Administrator\Application Data\Sky-Banners\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 45676831 bytes
->Temporary Internet Files folder emptied: 17143148 bytes
->Java cache emptied: 16960 bytes
->FireFox cache emptied: 110874846 bytes
->Google Chrome cache emptied: 118817464 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 66148 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 172214 bytes
->Flash cache emptied: 56504 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33036 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 577079 bytes
User: Pawan
->Temp folder emptied: 8141 bytes
->Temporary Internet Files folder emptied: 283966 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4551804 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85744 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 41940784 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
Total Files Cleaned = 325.00 mb
[EMPTYFLASH]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Pawan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTLPE by OldTimer - Version 3.1.40.0 log created on 08152010_171704
Here is the OTL Log in normal mode ( the one with no custom fixes ).
OTL logfile created on: 15/08/2010 13:29:30 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 1.83 Gb Free Space | 7.50% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 5.43 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIIWII
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/15 13:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/07/04 09:54:31 | 000,142,336 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/10 17:17:15 | 000,139,264 | ---- | M] (SOURCENEXT) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/28 18:39:04 | 000,516,096 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
PRC - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Program Files\Dokan\DokanLibrary\mounter.exe
PRC - [2008/12/06 00:18:58 | 000,577,536 | ---- | M] (Hoo Technologies) -- C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
PRC - [2008/04/16 12:53:46 | 001,079,808 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/03/26 18:41:50 | 001,232,896 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2008/03/19 15:24:20 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2008/03/10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/02/22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2007/05/24 09:00:43 | 000,081,920 | ---- | M] (Gerber Technology, A Gerber Scientific Company) -- C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/10/14 13:17:28 | 001,443,840 | ---- | M] (Linksys) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
PRC - [2004/06/14 16:16:18 | 000,045,056 | ---- | M] () -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2002/03/22 05:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
========== Modules (SafeList) ==========
MOD - [2010/08/15 13:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/10 17:17:15 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/14 20:41:34 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - [2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 17:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/23 11:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 11:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 21:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/09/01 17:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/22 21:09:16] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008/12/31 11:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 20:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 09:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 11:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 14:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/13 17:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 21:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 09:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 21:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 21:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/13 17:48:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 13:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
O1 HOSTS File: ([2010/08/15 22:17:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..\Toolbar\ShellBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 10:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b6ce28e9-47d9-11df-8278-00121761df2f}\Shell - "" = AutoRun
O33 - MountPoints2\{b6ce28e9-47d9-11df-8278-00121761df2f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b6ce28e9-47d9-11df-8278-00121761df2f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/08/15 22:17:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/15 13:28:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/13 15:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 21:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 19:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 19:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 19:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 18:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/08 23:15:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/06 14:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 14:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 14:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 19:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 19:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 16:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/08/05 16:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nuance
[2010/08/05 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2010/08/05 16:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/08/05 16:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nuance
[2010/08/05 16:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/08/05 16:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/08/05 16:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/08/04 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 15:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/04 01:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/04 01:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 20:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 20:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 18:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 13:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 23:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 22:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 22:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 18:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 13:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 12:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 12:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 12:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 12:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 12:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 12:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 12:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 12:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 12:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 12:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 12:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 12:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 12:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/02 11:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/02 11:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/02 10:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 21:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 17:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 17:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 13:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 13:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/29 09:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Paiduh
[2010/07/25 11:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 11:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2010/07/25 11:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/07/21 14:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PrintScreen Files
[2010/07/21 14:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2010/07/20 18:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/19 22:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/07/19 22:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/07/16 20:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\U-TORRENT
[2010/07/14 20:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/07/12 19:28:32 | 000,000,000 | ---D | C] -- C:\Games
[2010/07/08 19:07:01 | 000,024,448 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/05 08:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/07/04 13:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2010/07/04 13:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/04 13:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/07/04 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/07/04 13:16:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/04 09:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/07/04 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/07/04 09:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/02 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Movies
[2010/07/02 08:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/29 21:04:38 | 000,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\WINDOWS\System32\GplMpgDec.ax
[2010/06/29 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Mobile 3GP Video Converter
[2010/06/29 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/06/29 20:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTubeAssistant
[2010/06/29 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 07
[2010/06/29 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/06/29 18:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/06/29 18:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My YouTube
[2010/06/29 18:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Eurekr.com
[2010/06/29 18:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2010/06/27 16:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/27 16:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\directx2
[2010/06/27 16:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/27 16:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 08
[2010/06/26 22:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/06/26 22:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVDVideoSoft
[2010/06/26 20:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\EA SPORTS™ FIFA Online
[2010/06/26 19:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/06/26 19:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
[2010/06/26 19:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/06/26 19:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2010/06/26 19:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup
[2010/06/26 18:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2010/06/26 18:21:09 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/06/26 18:21:02 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/06/21 11:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\VStitcher
[2010/06/21 11:28:16 | 000,000,000 | ---D | C] -- C:\mm95
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\dxf
[2010/06/21 11:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dvd
[2010/06/21 11:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVD Flick
[2010/06/21 11:06:36 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2010/06/21 11:06:36 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/06/21 11:06:36 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010/06/21 11:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/06/21 10:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DivX Author
[2010/06/21 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/21 10:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer
[2010/06/21 10:36:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/21 10:16:57 | 000,000,000 | ---D | C] -- C:\LEGEND
[2010/06/19 12:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/06/19 12:22:46 | 000,000,000 | ---D | C] -- C:\acmkrbin
[2010/06/19 12:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gerber Technology
[2010/06/19 12:18:29 | 000,000,000 | ---D | C] -- C:\userroot
[2010/06/19 12:18:29 | 000,000,000 | ---D | C] -- C:\ads
[2010/06/19 12:07:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/06/19 11:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/06/14 20:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/06/14 20:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/06/13 16:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\RCLogon
[2010/06/11 20:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/06/11 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/06/11 19:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/11 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/06/11 18:59:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/11 18:55:24 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/06/11 18:53:51 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/11 16:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/11 16:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/11 16:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/11 16:14:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/10 20:34:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/06 19:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/06 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dokan
[2010/06/06 14:49:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/06 14:33:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/06 14:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/06/06 14:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2010/06/01 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/06/01 23:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/01 23:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/06/01 23:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/01 23:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/06/01 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/06/01 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/01 15:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/01 14:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/05/29 08:59:04 | 000,000,000 | ---D | C] -- C:\aircrack-ng-1.1-win
[2010/05/29 08:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi
[2010/05/28 17:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/05/27 18:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/05/27 18:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
[2010/05/23 11:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\CyberLink
[2010/05/23 11:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/05/23 11:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2010/05/23 11:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/05/22 21:05:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/05/22 20:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CyberLink
[2010/05/22 20:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2010/05/22 20:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/05/22 20:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/05/22 19:52:45 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2010/05/22 19:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2010/05/22 17:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinAVI MP4 Converter
[2010/05/22 12:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/05/19 18:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MAC
========== Files - Modified Within 90 Days ==========
[2010/08/15 22:18:23 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/15 22:17:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/15 17:24:16 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/15 17:23:49 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/15 17:23:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/15 17:23:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/15 17:23:29 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/15 16:07:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/15 13:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/14 15:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/14 15:44:21 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/13 18:48:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/13 02:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-WII-Administrator.job
[2010/08/13 01:32:12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/13 01:31:19 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/13 00:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 22:30:56 | 1340,162,048 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/08/11 18:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 13:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 12:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 12:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 12:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 11:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 17:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 14:24:19 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/04 00:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 13:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 13:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 13:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 19:12:04 | 000,088,969 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 16:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 12:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 17:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/20 10:15:54 | 003,589,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/19 22:16:54 | 000,087,607 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/19 22:13:00 | 000,076,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/15 18:01:32 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/12 20:30:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/07/12 20:30:37 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/07/11 15:13:18 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/04 13:20:37 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/07/01 09:08:24 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/27 16:18:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/26 19:28:17 | 000,139,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 19:28:17 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/26 19:28:00 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/21 11:45:07 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/21 11:45:07 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2010/06/21 11:45:06 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/21 11:45:06 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/06/21 11:31:02 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/21 11:31:02 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\nsprs.dll
[2010/06/21 11:30:57 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:57:16 | 000,000,607 | ---- | M] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/21 10:35:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:58:11 | 000,008,430 | ---- | M] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:28:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:24:02 | 000,000,054 | ---- | M] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | M] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:20:51 | 000,001,398 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 19:01:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/11 18:57:49 | 000,023,553 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/11 18:52:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/11 18:52:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/11 18:52:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/11 18:49:31 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/11 18:39:17 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:14:41 | 000,226,555 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/05/29 09:14:52 | 000,012,442 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
[2010/05/28 20:20:55 | 006,679,323 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\86.169.211.22_hfplg.com_Emissary.rar
[2010/05/18 21:00:48 | 000,000,048 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
========== Files Created - No Company Name ==========
[2010/08/15 17:23:29 | 1340,133,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/13 00:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 14:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 17:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 16:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/04 00:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 19:12:01 | 000,088,969 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 18:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 18:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 17:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/20 13:42:44 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-WII-Administrator.job
[2010/07/19 22:16:53 | 000,087,607 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/11 15:13:18 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/10 17:42:16 | 1340,162,048 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/04 09:54:50 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/07/02 19:05:24 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/07/01 08:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 21:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 21:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/06/26 22:09:45 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/06/26 19:28:18 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 19:28:17 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/26 19:28:03 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/06/26 19:28:01 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/06/26 19:28:00 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/26 18:22:05 | 000,002,345 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/06/21 11:30:57 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 12:55:21 | 000,008,430 | ---- | C] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 12:33:35 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\A870.sentinel
[2010/06/19 12:28:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:26:18 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/19 12:26:18 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010/06/19 12:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | C] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:22:36 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/19 12:22:36 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/06/19 12:22:36 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/19 12:22:36 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2010/06/19 12:20:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 18:56:07 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/06/11 18:55:15 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/11 18:54:45 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/06/11 18:54:44 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/11 18:54:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/11 18:54:33 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/11 18:54:31 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/11 18:54:21 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/11 18:54:16 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/11 18:54:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/06/11 18:53:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/11 18:53:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/06/11 18:53:46 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/06/11 18:53:45 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/06/11 18:51:40 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:39:17 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:38:39 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/11 18:38:39 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/11 18:38:39 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/06/11 18:38:39 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/06/11 18:38:39 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/11 18:38:39 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/06/11 18:38:39 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/06/11 18:38:39 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/06/11 18:38:39 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/06/11 18:38:39 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/06/11 18:38:39 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/11 18:38:39 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/06/11 18:38:39 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/06/11 18:38:39 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/11 18:38:39 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/11 18:38:38 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/06/11 18:38:38 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/06/11 18:38:38 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/06/06 14:33:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/06/06 14:09:48 | 001,718,912 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/06/06 14:09:48 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/06/06 14:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 14:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 14:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/06/01 17:58:53 | 000,060,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/01 17:38:29 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/05/29 09:14:52 | 000,012,442 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
[2010/05/28 20:20:14 | 006,679,323 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\86.169.211.22_hfplg.com_Emissary.rar
[2010/05/22 19:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 14:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/03 15:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 22:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 21:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/12 11:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 10:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 10:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/11/05 23:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2008/12/31 11:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2007/11/14 20:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 18:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/08/10 19:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/07/04 09:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/09 14:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2010/07/20 18:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/04 02:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/06/26 22:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/04/12 10:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/04/13 11:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/05/09 12:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GeoVid
[2010/06/29 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/05/02 20:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HTNetMeter
[2010/08/15 22:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/05/22 12:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/08/01 17:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/05/16 17:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2010/07/05 19:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MessengerDiscovery 2
[2010/05/01 21:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/05/01 21:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
[2010/05/28 17:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/08/05 16:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nuance
[2010/08/13 19:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Paiduh
[2010/05/01 21:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/21 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2010/08/13 22:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/05/27 18:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/08/12 21:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/02 22:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/06/27 16:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/21 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/14 20:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/08/13 19:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/08/02 12:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/21 11:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/04/12 12:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2010/04/12 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010/05/01 21:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/01 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/04 16:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/08/05 16:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/05/01 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/12 21:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/02 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/05 16:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/05/23 11:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/05/02 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/05/23 11:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/08/11 19:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/24 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Nokia
[2010/07/02 11:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\ESET
[2010/08/11 15:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\PC Suite
========== Purity Check ==========
< End of report >
Here is the OTL Extra log in normal mode.
OTL Extras logfile created on: 15/08/2010 13:29:30 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 1.83 Gb Free Space | 7.50% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 5.43 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIIWII
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Administrator\My Documents\Downloads\utorrent (1).exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\utorrent (1).exe:*:Enabled:µTorrent -- File not found
"C:\Documents and Settings\Administrator\Desktop\utorrent (1).exe" = C:\Documents and Settings\Administrator\Desktop\utorrent (1).exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe" = C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe:*:Enabled:Nonoh -- File not found
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\IpSharkk\IpSharkk.exe" = C:\Program Files\IpSharkk\IpSharkk.exe:*:Enabled:IpSharkk -- File not found
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}" = BT Voyager Wireless Utility
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EEAB819-BF2D-4F43-85DE-66B7D6FC2F56}" = 1-Click YouTubeAssistant
"{40928C54-F8EE-420D-BD80-07F2F78CFB0D}" = MySQL Connector/ODBC 3.51
"{41BB38A4-ED84-4682-8329-042FEBD8C30B}" = Mega Manager
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44F337BB-514E-43AC-803B-7673B8C2267B}" = TMPGEnc 4.0 XPress Trial Version
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58395cd9-51fb-4c06-96fa-770c441a7168}" = Nero 9
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C9CEF25-6F70-4916-AFE2-67DC66E440F9}" = SmartFTP Client
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A96B905-B786-43DC-8C8C-5E52A5966E48}" = DokanLibrary
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0048-0409-0000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 32-bit
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{97B9314B-134D-482B-A32E-1E6123BE0F64}" = Wireless-G Portable USB Adapter
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C05FA75-0337-4523-AA57-9D3511018887}" = Nokia PC Suite
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch Utility
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B8D91F6B-803A-4579-9DAD-1377B56DC657}" = TMPGEnc Authoring Works 4
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB1FC9F9-4B1F-46EC-BF56-25F599C3A947}" = MySQL Server 5.1
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast5" = avast! Internet Security
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Blueline_is1" = Blueline 1.1.1
"CamStudio" = CamStudio
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CommView for WiFi" = CommView for WiFi
"Core FTP LE 2.1" = Core FTP LE 2.1
"Defraggler" = Defraggler
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"dvdSanta 4.00 - Create Your Own DVD Movies!_is1" = dvdSanta 4.00
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.8.1 Home Edition
"Free Studio_is1" = Free Studio version 4.8
"Gadwin PrintScreen Professional" = Gadwin PrintScreen Professional
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Lunascape6" = Lunascape6 (All Users)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.3.4640
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
"MSN Sniffer 2" = MSN Sniffer 2
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Net Meter" = Net Meter 3.6 build 437
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NoIPDUC" = No-IP DUC
"Nokia PC Suite" = Nokia PC Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"OKI LPR Utility" = OKI LPR Utility
"PFConfig" = PFConfig 1.0.275
"PFPortChecker" = PFPortChecker 1.0.32
"Pool Sharks" = Pool Sharks 2.1
"PowerISO" = PowerISO
"PremiumSoft Navicat 8.2 for MySQL_is1" = PremiumSoft Navicat 8.2 for MySQL
"PROSet" = Intel® PRO Network Adapters and Drivers
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera Driver
"RCLogon_is1" = RCLogon 2
"Simple Port Forwarding" = Simple Port Forwarding
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 5" = TeamViewer 5
"Tweak UI 2.10" = Tweak UI
"Ultra Mobile 3GP Video Converter_is1" = Ultra Mobile 3GP Video Converter 5.2.0603
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.9
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.2
"WampServer 2_is1" = WampServer 2.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1 beta2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"00355e5451b496b8" = Habbo Coin Generator
"Antimalware Doctor" = Antimalware Doctor
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/08/2010 17:41:08 | Computer Name = WIIWII | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2172
Error - 11/08/2010 17:41:08 | Computer Name = WIIWII | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2172
Error - 11/08/2010 20:00:44 | Computer Name = WIIWII | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041F from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 11/08/2010 22:30:31 | Computer Name = WIIWII | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 12.0.0.0, faulting module
photoshop.exe, version 12.0.0.0, fault address 0x017950b4.
Error - 12/08/2010 18:55:36 | Computer Name = WIIWII | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3834, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/08/2010 18:55:39 | Computer Name = WIIWII | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3834, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/08/2010 18:57:44 | Computer Name = WIIWII | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 code helper v1.1.exe, P2 1.0.0.0, P3 4bf55544,
P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 29b, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc,
P10 NIL.
Error - 13/08/2010 12:35:38 | Computer Name = WIIWII | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3834, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 15/08/2010 08:26:51 | Computer Name = WIIWII | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 15/08/2010 08:26:52 | Computer Name = WIIWII | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
[ OSession Events ]
Error - 22/04/2010 15:30:39 | Computer Name = PAWAN-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
[ System Events ]
Error - 15/08/2010 11:06:53 | Computer Name = WIIWII | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31
Error - 15/08/2010 11:06:53 | Computer Name = WIIWII | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31
Error - 15/08/2010 11:06:53 | Computer Name = WIIWII | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31
Error - 15/08/2010 11:06:53 | Computer Name = WIIWII | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 15/08/2010 11:06:53 | Computer Name = WIIWII | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswFW aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
SCDEmu
Tcpip
Error - 15/08/2010 11:06:58 | Computer Name = WIIWII | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 15/08/2010 11:07:25 | Computer Name = WIIWII | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 15/08/2010 12:23:59 | Computer Name = WIIWII | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 15/08/2010 12:23:59 | Computer Name = WIIWII | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 15/08/2010 12:24:20 | Computer Name = WIIWII | Source = Dhcp | ID = 1002
Description = The IP address lease 5.128.68.51 for the Network Card with network
address 0023C3804433 has been denied by the DHCP server 0.0.0.1 (The DHCP Server
sent a DHCPNACK message).
< End of report >
Now here is my problem with ComboFix.
I started it, and yes I had the recovery console installed before, and it said Accept Terms and Conditions and stuff and I said yes, then it began, and it said... preparing for scan, Creating system checkpoint, it was like that for 20 minutes, I thought it shouldn't take 20 minutes for a program to make a checkpoint, so I force shutdowned the computer and an error came up after the DELL loading bar, it said something about Intel and network and corrupt and boot. Can't quite remember, if I get it i'll EDIT this post and give you it. So I countinued in to Windows, ignoring the error, and tried ComboFix again, this time it passed the preparation and it was at this part ' Starting auto-scan, normally 10 minutes, badly infected computers may take double that time'. And it was like that for an hour. Then I force shutdowned it again, the error came up and I countinued with XP and ran ComboFix this time the auto-scan progressed and I went out and left my computer on and I came back about 1 and a half hours later and it had a plain blue screen, with my mouse. So I forced shutdownned the computer, the error came up again, skipped the error, and ComboFix AUTOMATICALLY came up again, this time it said, Making LOG, don't run any programs, I went and came back 20 minutes later, still like that, so I force shutdownned it and here I am typing these words. I hope you can help with running ComboFix properly and that problem after booting i'll just restart my computer in a moment and edit the message to show you what the error was.
Edited by Pawanhammers, 15 August 2010 - 01:12 PM.
#20
Posted 15 August 2010 - 01:33 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hmm there are no folders asociated with combofix on the log
Lets step down one gear and move back up slowly - on completion of this run let me know all the problems you are experiencing
Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Lets step down one gear and move back up slowly - on completion of this run let me know all the problems you are experiencing
Please download Malwarebytes' Anti-Malware from Here.Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
#21
Posted 15 August 2010 - 01:39 PM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
Before I do that I done the OTL scan before ComboFix.
#22
Posted 15 August 2010 - 01:42 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Ah that would explain it - is there a log at C:\combofix.txt ?
Run MBAM anyway and see what that reports as there may be some clues there
Run MBAM anyway and see what that reports as there may be some clues there
#23
Posted 15 August 2010 - 02:25 PM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
MBAM Log here;
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
15/08/2010 21:21:42
mbam-log-2010-08-15 (21-21-42).txt
Scan type: Quick scan
Objects scanned: 128719
Time elapsed: 10 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Also the error message when booting is: Initializing Intel Boot Agent. The lan configurator is corrupted or has not been initialized, the boot agent cannot countinue.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
15/08/2010 21:21:42
mbam-log-2010-08-15 (21-21-42).txt
Scan type: Quick scan
Objects scanned: 128719
Time elapsed: 10 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Also the error message when booting is: Initializing Intel Boot Agent. The lan configurator is corrupted or has not been initialized, the boot agent cannot countinue.
#24
Posted 15 August 2010 - 02:31 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
What is the make of your computer as this appears to be a common error on Dell and HP
Also what other problems do you have outstanding ?
Also what other problems do you have outstanding ?
#25
Posted 15 August 2010 - 02:35 PM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
Im on Dell
But I think there is alot more viruses on my computer.
But I think there is alot more viruses on my computer.
#26
Posted 15 August 2010 - 02:44 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK delete your current copy of Combofix from your desktop and we will try a new copy. But I do need to know the current problems to determine my course of action
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
#27
Posted 15 August 2010 - 02:48 PM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
Ok, and shall i delete C:\Combofix folder? and what if combofix dosen't work like last time.
#28
Posted 15 August 2010 - 03:00 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
No just the copy on your desktop
Dependant upon what happens here will determine my next step
Dependant upon what happens here will determine my next step
#29
Posted 15 August 2010 - 04:22 PM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
Unfortunately, that dosen't work either. Possibly the virus is blocking ComboFix. It was at the Making log ( which is the last part ) for about an hour! So I just force shutdowned the computer. ComboFix fixed all the stuff, but was unable to produce a log. What shall I do now !!
Dependant upon what happens here will determine my next step
What shall I do now !!
#30
Posted 16 August 2010 - 03:09 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK lets try my bigger tool
Download avz4.zip from here
When restarted
Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post
Download avz4.zip from here
- Unzip it to your desktop to a folder named avz4
- Double click on AVZ.exe to run it.
- Run an update by clicking the Auto Update button on the Right of the Log window:
- Click Start to begin the update
- Start AVZ.
- Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with Malware removal mode enabled " check box.
- Click on the “Execute selected scripts”.
- Automatic scanning, healing and system check will be executed.
- A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
- It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
- All applications will work properly after the system restart.
When restarted
- Start AVZ.
- Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis " check box.
- Click on the "Execute selected scripts".
- A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
