This topic is locked- 1 - Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
[list] - Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
- Wait until it has finished scanning and then exit the program.
- Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.
Killer-Virus on my computer! As soon as I get to my desktop it res
Started by
Pawanhammers
, Aug 13 2010 03:47 PM
#46
Posted 21 August 2010 - 07:21 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
#47
Posted 21 August 2010 - 11:38 AM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
Done USB Infector, heres the OTS log.
OTL logfile created on: 8/21/2010 7:49:36 PM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 78.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 2.04 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 12.84 Gb Total Space | 10.96 Gb Free Space | 85.40% Space Free | Partition Type: NTFS
Drive F: | 93.82 Gb Total Space | 90.27 Gb Free Space | 96.22% Space Free | Partition Type: FAT32
Drive G: | 20.65 Gb Total Space | 8.80 Gb Free Space | 42.60% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [On_Demand] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 16:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 16:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/30 06:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/18 11:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 08:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 08:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/04 18:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/23 08:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 06:18:42 | 006,582,912 | ---- | M] () [On_Demand] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 06:34:32 | 000,020,992 | ---- | M] () [Auto] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/09 20:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 04:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Boot] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - [2010/08/21 13:37:58 | 000,784,384 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\bsgbqnm.sys -- (bsgbqnm)
DRV - [2010/07/08 14:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 16:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 16:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 16:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 12:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/23 06:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 06:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 10:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 16:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2009/11/12 09:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/17 13:11:30 | 000,024,232 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/12/31 06:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 03:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 19:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 05:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 05:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 05:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 05:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 15:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 10:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 04:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 04:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 04:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 06:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 09:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/23 22:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2002/09/16 12:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKU\Administrator_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
IE - HKU\Pawan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}\ [2010/08/20 17:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 14:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 14:02:34 | 000,000,000 | ---D | M]
[2010/05/09 09:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 09:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/20 17:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 12:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 16:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 14:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 04:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 16:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 16:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/20 17:50:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 08:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 18:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
O1 HOSTS File: ([2010/08/15 14:18:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (adfaqpyxpr Object) - {72753B7E-42E3-4CEC-87C8-5376EE3B17C4} - C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (brumaqpyxgrm Object) - {98C29012-388F-4DCC-91E4-037249C94392} - C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Pawan_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [bipro] C:\WINDOWS\$NtUninstallMTF1011$\mmduch.DLL ()
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [cschcoyy] C:\Documents and Settings\Administrator\Local Settings\Application Data\clakmlwbl\ywjmgamshdw.exe ()
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [uignvmct] C:\Documents and Settings\Administrator\Local Settings\Application Data\kwullhiwm\yyelnfcshdw.exe ()
O4 - HKLM..\Run: [umvlrrdd] C:\Documents and Settings\Administrator\Local Settings\Application Data\kkskmsvii\yoenyndshdw.exe ()
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Vtahidetayo] C:\WINDOWS\ibiciqucihici.DLL (Sonic Solutions)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKLM..\Run: [wxemrsocan.tmp] C:\Documents and Settings\Administrator\Local Settings\temp\wxemrsocan.tmp ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\Administrator_ON_C..\Run: [{0D0D36BD-C089-5DD3-AA1C-6AB48D3C8A22}] C:\Documents and Settings\Administrator\Application Data\Laba\omohk.exe (Sophos Plc)
O4 - HKU\Administrator_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\Administrator_ON_C..\Run: [cschcoyy] C:\Documents and Settings\Administrator\Local Settings\Application Data\clakmlwbl\ywjmgamshdw.exe ()
O4 - HKU\Administrator_ON_C..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKU\Administrator_ON_C..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\Administrator_ON_C..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - HKU\Administrator_ON_C..\Run: [newsecureapp70700.exe] C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe (MS)
O4 - HKU\Administrator_ON_C..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\Administrator_ON_C..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\Administrator_ON_C..\Run: [uignvmct] C:\Documents and Settings\Administrator\Local Settings\Application Data\kwullhiwm\yyelnfcshdw.exe ()
O4 - HKU\Administrator_ON_C..\Run: [umvlrrdd] C:\Documents and Settings\Administrator\Local Settings\Application Data\kkskmsvii\yoenyndshdw.exe ()
O4 - HKU\Administrator_ON_C..\Run: [Uroyoyiziyema] C:\WINDOWS\weipsroc.DLL (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe (MS)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Pawan_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Pawan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 05:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/21 17:02:06 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/21 12:02:05 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/08/20 17:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}
[2010/08/20 17:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/08/20 17:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Street-Ads
[2010/08/20 17:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sky-Banners
[2010/08/20 17:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\clakmlwbl
[2010/08/20 17:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\kkskmsvii
[2010/08/20 17:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\kwullhiwm
[2010/08/20 17:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server
[2010/08/20 17:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E
[2010/08/20 17:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Xfire
[2010/08/20 17:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/08/20 12:32:55 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/08/20 12:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/08/20 11:08:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/19 12:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/08/19 12:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/08/19 12:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/08/19 11:15:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/18 18:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\COD4
[2010/08/18 13:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/18 12:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Graphics Bypasser
[2010/08/18 09:11:12 | 000,095,232 | ---- | C] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 12:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/17 12:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/08/17 12:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/08/17 12:44:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/17 12:44:29 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/08/17 12:44:29 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/08/17 12:44:29 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/08/17 12:44:29 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/08/17 12:44:29 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/08/17 12:44:29 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/08/17 12:44:29 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/08/17 12:44:29 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/08/17 12:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/08/17 12:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/08/17 12:44:29 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/08/17 12:44:29 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/08/17 12:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/08/17 10:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TMPGEnc-2.525.64.184-EN-Free
[2010/08/17 10:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/16 13:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GCT GENARATOR
[2010/08/16 12:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Computer++
[2010/08/16 12:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
[2010/08/16 12:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reasonable NoClone 2007 Enterprise
[2010/08/16 11:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/16 11:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desktop
[2010/08/16 08:54:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/15 17:17:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/15 08:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/15 08:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/15 08:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/15 08:28:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/13 10:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 16:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 16:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 20:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\Conduit
[2010/08/11 20:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/11 20:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Application Data\Apple Computer
[2010/08/11 20:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\Apple Computer
[2010/08/11 14:05:45 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/08/11 14:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 14:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 14:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 13:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 13:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/11 10:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/11 10:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\Scansoft
[2010/08/11 10:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Application Data\Adobe
[2010/08/11 10:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\Adobe
[2010/08/11 10:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\TSVNCache
[2010/08/11 10:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Application Data\PC Suite
[2010/08/10 13:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 13:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/06 09:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 09:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 09:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 06:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 14:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 14:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 14:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 11:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 11:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/03 20:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/03 20:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 15:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 15:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 15:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 13:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 08:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 18:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 18:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 18:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 18:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 17:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 17:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/02 17:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 17:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 13:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 08:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 07:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 07:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 07:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 07:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 07:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 07:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 07:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 07:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 07:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 07:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 07:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 07:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 07:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 07:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 06:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 06:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/01 16:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 16:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 16:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 16:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 16:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 16:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 12:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 12:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 08:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 08:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 08:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/29 20:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Laba
[2010/07/29 04:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Paiduh
[2010/07/25 06:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 06:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
========== Files - Modified Within 30 Days ==========
[2010/08/21 19:48:30 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/21 13:38:00 | 000,299,008 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/08/21 13:37:58 | 000,784,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\bsgbqnm.sys
[2010/08/21 13:37:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/21 13:37:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/21 13:17:22 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/21 08:24:56 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/21 08:24:53 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/21 08:24:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/21 08:22:27 | 000,002,838 | ---- | M] () -- C:\WINDOWS\aguseveg.dll
[2010/08/20 18:01:31 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/08/20 17:48:32 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ptuqeve.dat
[2010/08/20 17:48:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bhawe.bin
[2010/08/20 17:48:05 | 000,001,253 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/08/20 17:48:05 | 000,001,241 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Antimalware Doctor.lnk
[2010/08/20 17:48:05 | 000,001,219 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/20 17:48:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/20 17:47:07 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/20 17:40:15 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/20 16:44:44 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/08/20 16:44:23 | 000,000,267 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/08/20 11:46:06 | 000,001,117 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 17:54:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/19 17:51:52 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 12:09:26 | 680,366,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 07:41:36 | 000,024,599 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 16:22:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 15:55:18 | 000,095,232 | ---- | M] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/18 09:06:24 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Shenk's 2010 HabboUK Bruteforcer 2.0.0.exe
[2010/08/17 13:27:03 | 002,264,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 08:40:46 | 115,548,956 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 12:56:24 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/15 14:18:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/15 14:18:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/15 08:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/14 10:56:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 10:56:48 | 000,000,460 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe.lnk
[2010/08/14 10:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/12 19:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 18:57:27 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\chrtmp
[2010/08/12 16:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 20:05:17 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Pawan\NTUSER.DAT
[2010/08/11 20:05:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pawan\ntuser.ini
[2010/08/11 13:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 08:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 07:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 07:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 07:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 06:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 12:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 09:24:19 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 08:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 08:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 08:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 14:12:04 | 000,088,969 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 13:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 11:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 07:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 12:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
========== Files Created - No Company Name ==========
[2010/08/21 08:22:27 | 000,002,838 | ---- | C] () -- C:\WINDOWS\aguseveg.dll
[2010/08/20 17:48:32 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ptuqeve.dat
[2010/08/20 17:48:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bhawe.bin
[2010/08/20 17:48:05 | 000,001,253 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/08/20 17:48:05 | 000,001,241 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Antimalware Doctor.lnk
[2010/08/20 17:48:05 | 000,001,219 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/20 17:47:19 | 000,784,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\bsgbqnm.sys
[2010/08/20 17:46:59 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/20 16:44:22 | 000,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/08/20 11:44:30 | 000,001,117 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 13:52:16 | 680,366,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 12:32:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 07:41:36 | 000,024,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 16:22:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 09:04:25 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\chrtmp
[2010/08/18 09:04:23 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Shenk's 2010 HabboUK Bruteforcer 2.0.0.exe
[2010/08/17 13:26:44 | 002,264,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 12:46:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/08/17 12:44:29 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/08/17 12:44:29 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/08/17 12:44:29 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/08/17 12:44:29 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/08/17 12:44:29 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/08/17 12:44:29 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/08/17 12:44:29 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/08/17 12:44:29 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/08/17 09:52:03 | 115,548,956 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 12:56:24 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/14 10:56:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 10:56:47 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe.lnk
[2010/08/12 19:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 16:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 13:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 09:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 12:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 11:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/03 19:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 14:12:01 | 000,088,969 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 13:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 13:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 13:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 12:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/09 15:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/02 06:13:38 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Pawan\ntuser.ini
[2010/07/02 06:13:35 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Pawan\NTUSER.DAT
[2010/07/02 06:13:35 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Pawan\NTUSER.DAT.LOG
[2010/07/01 03:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 16:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 16:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 11:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/26 17:09:45 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/06/26 14:28:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 14:28:17 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/21 05:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 07:55:21 | 000,008,430 | ---- | C] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 07:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 07:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 07:28:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 07:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 07:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 07:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 07:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 07:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 07:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 07:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 07:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/06 09:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 09:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 09:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/05/22 14:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 09:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/16 08:59:43 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Administrator\Installer.log
[2010/05/03 10:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 17:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 16:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/14 12:41:02 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 06:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 05:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 05:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/12 05:39:34 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/12 05:39:33 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/04/12 05:39:10 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2010/04/12 05:39:09 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/12 05:39:09 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2010/04/12 05:39:03 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2010/04/12 05:39:02 | 000,299,008 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/12 05:39:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/11/05 18:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2009/02/17 13:11:30 | 000,024,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2008/12/31 06:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2007/11/14 15:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 02:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 02:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 13:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 18:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/08/10 14:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/07/04 04:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/09 09:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2010/08/19 12:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/07/20 13:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/03 21:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/20 18:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E
[2010/06/26 17:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/04/12 05:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/04/13 06:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/08/21 08:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Geaw
[2010/05/09 07:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GeoVid
[2010/06/29 16:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/05/02 15:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HTNetMeter
[2010/08/15 17:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/05/22 07:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/07/29 20:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Laba
[2010/08/17 10:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/01 12:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/05/16 12:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2010/07/05 14:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MessengerDiscovery 2
[2010/05/01 16:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/05/01 16:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
[2010/05/28 12:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/08/13 14:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Paiduh
[2010/05/01 16:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/21 05:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2010/08/21 08:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/05/27 13:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/08/16 12:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/20 17:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sky-Banners
[2010/08/12 16:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/20 17:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Street-Ads
[2010/08/02 17:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/18 15:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/21 05:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/14 15:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/08/20 17:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/07/02 06:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\ESET
[2010/08/11 10:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\PC Suite
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/06/13 09:09:38 | 000,000,195 | ---- | M] () -- C:\AllClassEditor.txt
[2010/04/12 05:35:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/12 15:30:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2004/08/03 19:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/07/12 15:30:37 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/05/09 07:52:57 | 000,002,192 | ---- | M] () -- C:\dvdlog.txt
[2010/08/15 08:03:08 | 000,003,855 | ---- | M] () -- C:\fix.txt
[2010/04/30 17:28:06 | 000,000,510 | ---- | M] () -- C:\graph.txt
[2010/04/12 05:35:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/27 12:58:15 | 000,000,000 | ---- | M] () -- C:\ipaddresses.txt
[2010/06/19 07:22:38 | 000,000,000 | ---- | M] () -- C:\license.dat
[2010/08/15 16:09:42 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/08/17 13:56:03 | 000,054,504 | ---- | M] () -- C:\MP4debug.log
[2010/04/12 05:35:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 03:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/21 19:47:48 | 000,009,508 | ---- | M] () -- C:\OTL.Txt
[2010/08/21 13:16:46 | 2013,265,920 | -HS- | M] () -- C:\pagefile.sys
[2010/08/14 16:22:42 | 000,001,049 | ---- | M] () -- C:\scan.txt
[2010/05/27 13:33:22 | 000,000,281 | ---- | M] () -- C:\Untitled.txt
[2010/08/20 17:47:07 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
< %systemroot%\Fonts\*.com >
[2006/04/18 10:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 09:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 10:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 09:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2010/06/11 13:52:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/01/31 11:04:10 | 000,051,840 | R--- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OPLAPP3.DLL
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
< %systemroot%\*._sy >
Invalid Environment Variable: %APPDATA%\Adobe\Update\*.*
Invalid Environment Variable: %ALLUSERSPROFILE%\Favorites\*.*
Invalid Environment Variable: %APPDATA%\Microsoft\*.*
< %PROGRAMFILES%\*.* >
Invalid Environment Variable: %APPDATA%\Update\*.*
< %systemroot%\*. /mp /s >
< CREATERESTOREPOINT >
< %systemroot%\System32\config\*.sav >
[2010/06/11 14:36:45 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/11 13:27:25 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/06/11 14:36:45 | 029,884,416 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/11 14:36:47 | 008,650,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
Invalid Environment Variable: %ALLUSERSPROFILE%\Start Menu\*.lnk
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
Invalid Environment Variable: %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk
Invalid Environment Variable: %USERPROFILE%\Desktop\*.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-11 22:37:24
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0B97FF3A444CD92A
< End of report >
OTL logfile created on: 8/21/2010 7:49:36 PM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 78.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 2.04 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 12.84 Gb Total Space | 10.96 Gb Free Space | 85.40% Space Free | Partition Type: NTFS
Drive F: | 93.82 Gb Total Space | 90.27 Gb Free Space | 96.22% Space Free | Partition Type: FAT32
Drive G: | 20.65 Gb Total Space | 8.80 Gb Free Space | 42.60% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [On_Demand] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 16:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 16:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/30 06:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/18 11:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 08:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 08:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/04 18:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/23 08:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 06:18:42 | 006,582,912 | ---- | M] () [On_Demand] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 06:34:32 | 000,020,992 | ---- | M] () [Auto] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/09 20:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 04:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Boot] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - [2010/08/21 13:37:58 | 000,784,384 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\bsgbqnm.sys -- (bsgbqnm)
DRV - [2010/07/08 14:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 16:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 16:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 16:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 12:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/23 06:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 06:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 10:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 16:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2009/11/12 09:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/17 13:11:30 | 000,024,232 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/12/31 06:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 03:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 19:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 05:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 05:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 05:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 05:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 15:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 10:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 04:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 04:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 04:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 06:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 09:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/23 22:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2002/09/16 12:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKU\Administrator_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
IE - HKU\Pawan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}\ [2010/08/20 17:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 14:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 14:02:34 | 000,000,000 | ---D | M]
[2010/05/09 09:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 09:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/20 17:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 12:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 16:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 14:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 04:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 16:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 16:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/20 17:50:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 08:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 18:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
O1 HOSTS File: ([2010/08/15 14:18:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (adfaqpyxpr Object) - {72753B7E-42E3-4CEC-87C8-5376EE3B17C4} - C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (brumaqpyxgrm Object) - {98C29012-388F-4DCC-91E4-037249C94392} - C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Pawan_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [bipro] C:\WINDOWS\$NtUninstallMTF1011$\mmduch.DLL ()
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [cschcoyy] C:\Documents and Settings\Administrator\Local Settings\Application Data\clakmlwbl\ywjmgamshdw.exe ()
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [uignvmct] C:\Documents and Settings\Administrator\Local Settings\Application Data\kwullhiwm\yyelnfcshdw.exe ()
O4 - HKLM..\Run: [umvlrrdd] C:\Documents and Settings\Administrator\Local Settings\Application Data\kkskmsvii\yoenyndshdw.exe ()
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Vtahidetayo] C:\WINDOWS\ibiciqucihici.DLL (Sonic Solutions)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKLM..\Run: [wxemrsocan.tmp] C:\Documents and Settings\Administrator\Local Settings\temp\wxemrsocan.tmp ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\Administrator_ON_C..\Run: [{0D0D36BD-C089-5DD3-AA1C-6AB48D3C8A22}] C:\Documents and Settings\Administrator\Application Data\Laba\omohk.exe (Sophos Plc)
O4 - HKU\Administrator_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\Administrator_ON_C..\Run: [cschcoyy] C:\Documents and Settings\Administrator\Local Settings\Application Data\clakmlwbl\ywjmgamshdw.exe ()
O4 - HKU\Administrator_ON_C..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKU\Administrator_ON_C..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\Administrator_ON_C..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - HKU\Administrator_ON_C..\Run: [newsecureapp70700.exe] C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe (MS)
O4 - HKU\Administrator_ON_C..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\Administrator_ON_C..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\Administrator_ON_C..\Run: [uignvmct] C:\Documents and Settings\Administrator\Local Settings\Application Data\kwullhiwm\yyelnfcshdw.exe ()
O4 - HKU\Administrator_ON_C..\Run: [umvlrrdd] C:\Documents and Settings\Administrator\Local Settings\Application Data\kkskmsvii\yoenyndshdw.exe ()
O4 - HKU\Administrator_ON_C..\Run: [Uroyoyiziyema] C:\WINDOWS\weipsroc.DLL (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe (MS)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Pawan_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Pawan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 05:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/21 17:02:06 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/21 12:02:05 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/08/20 17:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}
[2010/08/20 17:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/08/20 17:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Street-Ads
[2010/08/20 17:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sky-Banners
[2010/08/20 17:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\clakmlwbl
[2010/08/20 17:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\kkskmsvii
[2010/08/20 17:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\kwullhiwm
[2010/08/20 17:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server
[2010/08/20 17:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E
[2010/08/20 17:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Xfire
[2010/08/20 17:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/08/20 12:32:55 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/08/20 12:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/08/20 11:08:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/19 12:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/08/19 12:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/08/19 12:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/08/19 11:15:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/18 18:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\COD4
[2010/08/18 13:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/18 12:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Graphics Bypasser
[2010/08/18 09:11:12 | 000,095,232 | ---- | C] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 12:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/17 12:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/08/17 12:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/08/17 12:44:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/17 12:44:29 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/08/17 12:44:29 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/08/17 12:44:29 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/08/17 12:44:29 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/08/17 12:44:29 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/08/17 12:44:29 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/08/17 12:44:29 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/08/17 12:44:29 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/08/17 12:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/08/17 12:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/08/17 12:44:29 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/08/17 12:44:29 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/08/17 12:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/08/17 10:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TMPGEnc-2.525.64.184-EN-Free
[2010/08/17 10:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/16 13:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GCT GENARATOR
[2010/08/16 12:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Computer++
[2010/08/16 12:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
[2010/08/16 12:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reasonable NoClone 2007 Enterprise
[2010/08/16 11:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/16 11:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desktop
[2010/08/16 08:54:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/15 17:17:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/15 08:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/15 08:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/15 08:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/15 08:28:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/13 10:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 16:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 16:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 20:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\Conduit
[2010/08/11 20:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/11 20:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Application Data\Apple Computer
[2010/08/11 20:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\Apple Computer
[2010/08/11 14:05:45 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/08/11 14:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 14:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 14:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 13:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 13:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/11 10:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/11 10:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\Scansoft
[2010/08/11 10:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Application Data\Adobe
[2010/08/11 10:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\Adobe
[2010/08/11 10:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\TSVNCache
[2010/08/11 10:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Application Data\PC Suite
[2010/08/10 13:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 13:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/06 09:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 09:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 09:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 06:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 14:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 14:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 14:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 11:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 11:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/03 20:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/03 20:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 15:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 15:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 15:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 13:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 08:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 18:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 18:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 18:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 18:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 17:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 17:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/02 17:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 17:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 13:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 08:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 07:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 07:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 07:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 07:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 07:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 07:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 07:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 07:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 07:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 07:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 07:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 07:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 07:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 07:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 06:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 06:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/01 16:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 16:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 16:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 16:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 16:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 16:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 12:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 12:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 08:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 08:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 08:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/29 20:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Laba
[2010/07/29 04:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Paiduh
[2010/07/25 06:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 06:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
========== Files - Modified Within 30 Days ==========
[2010/08/21 19:48:30 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/21 13:38:00 | 000,299,008 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/08/21 13:37:58 | 000,784,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\bsgbqnm.sys
[2010/08/21 13:37:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/21 13:37:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/21 13:17:22 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/21 08:24:56 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/21 08:24:53 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/21 08:24:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/21 08:22:27 | 000,002,838 | ---- | M] () -- C:\WINDOWS\aguseveg.dll
[2010/08/20 18:01:31 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/08/20 17:48:32 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ptuqeve.dat
[2010/08/20 17:48:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bhawe.bin
[2010/08/20 17:48:05 | 000,001,253 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/08/20 17:48:05 | 000,001,241 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Antimalware Doctor.lnk
[2010/08/20 17:48:05 | 000,001,219 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/20 17:48:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/20 17:47:07 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/20 17:40:15 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/20 16:44:44 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/08/20 16:44:23 | 000,000,267 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/08/20 11:46:06 | 000,001,117 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 17:54:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/19 17:51:52 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 12:09:26 | 680,366,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 07:41:36 | 000,024,599 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 16:22:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 15:55:18 | 000,095,232 | ---- | M] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/18 09:06:24 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Shenk's 2010 HabboUK Bruteforcer 2.0.0.exe
[2010/08/17 13:27:03 | 002,264,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 08:40:46 | 115,548,956 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 12:56:24 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/15 14:18:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/15 14:18:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/15 08:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/14 10:56:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 10:56:48 | 000,000,460 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe.lnk
[2010/08/14 10:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/12 19:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 18:57:27 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\chrtmp
[2010/08/12 16:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 20:05:17 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Pawan\NTUSER.DAT
[2010/08/11 20:05:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pawan\ntuser.ini
[2010/08/11 13:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 08:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 07:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 07:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 07:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 06:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 12:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 09:24:19 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 08:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 08:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 08:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 14:12:04 | 000,088,969 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 13:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 11:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 07:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 12:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
========== Files Created - No Company Name ==========
[2010/08/21 08:22:27 | 000,002,838 | ---- | C] () -- C:\WINDOWS\aguseveg.dll
[2010/08/20 17:48:32 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ptuqeve.dat
[2010/08/20 17:48:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bhawe.bin
[2010/08/20 17:48:05 | 000,001,253 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/08/20 17:48:05 | 000,001,241 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Antimalware Doctor.lnk
[2010/08/20 17:48:05 | 000,001,219 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/20 17:47:19 | 000,784,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\bsgbqnm.sys
[2010/08/20 17:46:59 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/20 16:44:22 | 000,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/08/20 11:44:30 | 000,001,117 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 13:52:16 | 680,366,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 12:32:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 07:41:36 | 000,024,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 16:22:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 09:04:25 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\chrtmp
[2010/08/18 09:04:23 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Shenk's 2010 HabboUK Bruteforcer 2.0.0.exe
[2010/08/17 13:26:44 | 002,264,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 12:46:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/08/17 12:44:29 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/08/17 12:44:29 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/08/17 12:44:29 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/08/17 12:44:29 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/08/17 12:44:29 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/08/17 12:44:29 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/08/17 12:44:29 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/08/17 12:44:29 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/08/17 09:52:03 | 115,548,956 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 12:56:24 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/14 10:56:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 10:56:47 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe.lnk
[2010/08/12 19:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 16:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 13:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 09:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 12:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 11:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/03 19:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 14:12:01 | 000,088,969 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 13:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 13:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 13:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 12:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/09 15:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/02 06:13:38 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Pawan\ntuser.ini
[2010/07/02 06:13:35 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Pawan\NTUSER.DAT
[2010/07/02 06:13:35 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Pawan\NTUSER.DAT.LOG
[2010/07/01 03:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 16:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 16:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 11:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/26 17:09:45 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/06/26 14:28:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 14:28:17 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/21 05:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 07:55:21 | 000,008,430 | ---- | C] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 07:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 07:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 07:28:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 07:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 07:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 07:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 07:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 07:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 07:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 07:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 07:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/06 09:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 09:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 09:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/05/22 14:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 09:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/16 08:59:43 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Administrator\Installer.log
[2010/05/03 10:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 17:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 16:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/14 12:41:02 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 06:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 05:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 05:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/12 05:39:34 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/12 05:39:33 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/04/12 05:39:10 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2010/04/12 05:39:09 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/12 05:39:09 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2010/04/12 05:39:03 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2010/04/12 05:39:02 | 000,299,008 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/12 05:39:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/11/05 18:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2009/02/17 13:11:30 | 000,024,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2008/12/31 06:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2007/11/14 15:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 02:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 02:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 13:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 18:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/08/10 14:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/07/04 04:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/09 09:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2010/08/19 12:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/07/20 13:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/03 21:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/20 18:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E
[2010/06/26 17:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/04/12 05:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/04/13 06:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/08/21 08:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Geaw
[2010/05/09 07:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GeoVid
[2010/06/29 16:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/05/02 15:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HTNetMeter
[2010/08/15 17:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/05/22 07:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/07/29 20:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Laba
[2010/08/17 10:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/01 12:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/05/16 12:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2010/07/05 14:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MessengerDiscovery 2
[2010/05/01 16:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/05/01 16:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
[2010/05/28 12:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/08/13 14:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Paiduh
[2010/05/01 16:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/21 05:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2010/08/21 08:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/05/27 13:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/08/16 12:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/20 17:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sky-Banners
[2010/08/12 16:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/20 17:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Street-Ads
[2010/08/02 17:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/18 15:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/21 05:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/14 15:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/08/20 17:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/07/02 06:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\ESET
[2010/08/11 10:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\PC Suite
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/06/13 09:09:38 | 000,000,195 | ---- | M] () -- C:\AllClassEditor.txt
[2010/04/12 05:35:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/12 15:30:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2004/08/03 19:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/07/12 15:30:37 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/05/09 07:52:57 | 000,002,192 | ---- | M] () -- C:\dvdlog.txt
[2010/08/15 08:03:08 | 000,003,855 | ---- | M] () -- C:\fix.txt
[2010/04/30 17:28:06 | 000,000,510 | ---- | M] () -- C:\graph.txt
[2010/04/12 05:35:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/27 12:58:15 | 000,000,000 | ---- | M] () -- C:\ipaddresses.txt
[2010/06/19 07:22:38 | 000,000,000 | ---- | M] () -- C:\license.dat
[2010/08/15 16:09:42 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/08/17 13:56:03 | 000,054,504 | ---- | M] () -- C:\MP4debug.log
[2010/04/12 05:35:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 03:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/21 19:47:48 | 000,009,508 | ---- | M] () -- C:\OTL.Txt
[2010/08/21 13:16:46 | 2013,265,920 | -HS- | M] () -- C:\pagefile.sys
[2010/08/14 16:22:42 | 000,001,049 | ---- | M] () -- C:\scan.txt
[2010/05/27 13:33:22 | 000,000,281 | ---- | M] () -- C:\Untitled.txt
[2010/08/20 17:47:07 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
< %systemroot%\Fonts\*.com >
[2006/04/18 10:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 09:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 10:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 09:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2010/06/11 13:52:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/01/31 11:04:10 | 000,051,840 | R--- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OPLAPP3.DLL
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
< %systemroot%\*._sy >
Invalid Environment Variable: %APPDATA%\Adobe\Update\*.*
Invalid Environment Variable: %ALLUSERSPROFILE%\Favorites\*.*
Invalid Environment Variable: %APPDATA%\Microsoft\*.*
< %PROGRAMFILES%\*.* >
Invalid Environment Variable: %APPDATA%\Update\*.*
< %systemroot%\*. /mp /s >
< CREATERESTOREPOINT >
< %systemroot%\System32\config\*.sav >
[2010/06/11 14:36:45 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/11 13:27:25 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/06/11 14:36:45 | 029,884,416 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/11 14:36:47 | 008,650,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
Invalid Environment Variable: %ALLUSERSPROFILE%\Start Menu\*.lnk
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
Invalid Environment Variable: %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk
Invalid Environment Variable: %USERPROFILE%\Desktop\*.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-11 22:37:24
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0B97FF3A444CD92A
< End of report >
#48
Posted 21 August 2010 - 12:13 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
THEN
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Copy the attached Fix.txt to a USB
- Insert your USB drive with fix.txt on it
- Start OTLPE
- Drag and drop fix.txt into the Custom scans and fixes box
- If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done to normal mode if possible
- Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
THEN
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
#49
Posted 22 August 2010 - 09:58 AM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
As before ComboFix DID NOT work, it stayed 2 hours on Please Wait.. Preparing fix... Here is the OTL fix log.
========== OTL ==========
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files\DVDVideoSoftTB\tbDVDV.dll moved successfully.
HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72753B7E-42E3-4CEC-87C8-5376EE3B17C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72753B7E-42E3-4CEC-87C8-5376EE3B17C4}\ deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98C29012-388F-4DCC-91E4-037249C94392}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98C29012-388F-4DCC-91E4-037249C94392}\ deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bipro deleted successfully.
File C:\WINDOWS\$NtUninstallMTF1011$\mmduch.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cschcoyy deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\clakmlwbl\ywjmgamshdw.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uignvmct deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\kwullhiwm\yyelnfcshdw.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\umvlrrdd deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\kkskmsvii\yoenyndshdw.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Vtahidetayo deleted successfully.
C:\WINDOWS\ibiciqucihici.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxemrsocan.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\wxemrsocan.tmp moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\{0D0D36BD-C089-5DD3-AA1C-6AB48D3C8A22} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D0D36BD-C089-5DD3-AA1C-6AB48D3C8A22}\ not found.
C:\Documents and Settings\Administrator\Application Data\Laba\omohk.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\cschcoyy deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\clakmlwbl\ywjmgamshdw.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\newsecureapp70700.exe deleted successfully.
C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\uignvmct deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\kwullhiwm\yyelnfcshdw.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\umvlrrdd deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\kkskmsvii\yoenyndshdw.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Uroyoyiziyema deleted successfully.
C:\WINDOWS\weipsroc.dll moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk moved successfully.
File C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\Pawan_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Street-Ads\sta folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Street-Ads folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Sky-Banners\skb folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Sky-Banners folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\clakmlwbl folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\kkskmsvii folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\kwullhiwm folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Laba folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Paiduh folder moved successfully.
C:\WINDOWS\system32\drivers\bsgbqnm.sys moved successfully.
C:\WINDOWS\aguseveg.dll moved successfully.
C:\WINDOWS\Ptuqeve.dat moved successfully.
C:\WINDOWS\Bhawe.bin moved successfully.
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk not found.
C:\Documents and Settings\Administrator\Desktop\Antimalware Doctor.lnk moved successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk moved successfully.
File C:\WINDOWS\aguseveg.dll not found.
File C:\WINDOWS\Ptuqeve.dat not found.
File C:\WINDOWS\Bhawe.bin not found.
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk not found.
File C:\Documents and Settings\Administrator\Desktop\Antimalware Doctor.lnk not found.
File C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk not found.
File C:\WINDOWS\System32\drivers\bsgbqnm.sys not found.
C:\zrpt.xml moved successfully.
Folder C:\Documents and Settings\Administrator\Application Data\Sky-Banners\ not found.
Folder C:\Documents and Settings\Administrator\Application Data\Street-Ads\ not found.
C:\Documents and Settings\Administrator\Application Data\Subversion\auth\svn.username folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Subversion\auth\svn.ssl.server folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Subversion\auth\svn.ssl.client-passphrase folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Subversion\auth\svn.simple folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Subversion\auth folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Subversion folder moved successfully.
OTLPE by OldTimer - Version 3.1.40.0 log created on 08212010_232848
Here is the OTL log after I fixed it, in normal mode.
OTL logfile created on: 22/08/2010 14:25:28 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 32.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 0.76 Gb Free Space | 3.12% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 10.96 Gb Free Space | 85.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 93.82 Gb Total Space | 90.27 Gb Free Space | 96.22% Space Free | Partition Type: FAT32
Drive I: | 20.65 Gb Total Space | 8.77 Gb Free Space | 42.45% Space Free | Partition Type: NTFS
Computer Name: WIIWII
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/08/20 22:46:44 | 001,057,280 | ---- | M] (MS) -- C:\_OTL\MovedFiles\08212010_232848\C_Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe
PRC - [2010/08/18 19:11:52 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/08/15 13:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/07/04 09:54:31 | 000,142,336 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/28 18:39:04 | 000,516,096 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
PRC - [2009/01/29 23:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Program Files\Dokan\DokanLibrary\mounter.exe
PRC - [2008/12/06 00:18:58 | 000,577,536 | ---- | M] (Hoo Technologies) -- C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
PRC - [2008/04/16 12:53:46 | 001,079,808 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] () -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:00:00 | 000,507,904 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/03/26 18:41:50 | 001,232,896 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2008/03/19 15:24:20 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2008/03/10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/02/22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2007/05/24 09:00:43 | 000,081,920 | ---- | M] (Gerber Technology, A Gerber Scientific Company) -- C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/10/14 13:17:28 | 001,443,840 | ---- | M] (Linksys) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
PRC - [2004/06/14 16:16:18 | 000,045,056 | ---- | M] () -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2002/03/22 05:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
========== Modules (SafeList) ==========
MOD - [2010/08/15 13:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/14 08:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/18 19:11:52 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/14 20:41:34 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - [2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/05/10 17:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/23 11:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 11:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 21:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/01 17:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/22 21:09:16] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2009/02/17 18:11:30 | 000,024,232 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/12/31 11:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 20:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 09:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 11:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 14:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}\ [2010/08/20 22:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/22 00:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 21:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 09:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 21:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 21:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/22 00:06:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 13:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
O1 HOSTS File: ([2010/08/15 19:18:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKCU..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - HKCU..\Run: [newsecureapp70700.exe] C:\_OTL\MovedFiles\08212010_232848\C_Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe (MS)
O4 - HKLM..\RunOnce: [*upd_debug.exe] C:\_OTL\MovedFiles\08212010_232848\C_Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\upd_debug.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 10:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/21 17:02:06 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/21 17:02:05 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/08/22 13:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/08/22 13:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/08/22 13:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/20 22:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}
[2010/08/20 22:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Xfire
[2010/08/20 22:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/08/20 17:32:55 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/08/20 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/08/20 16:08:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/19 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/08/19 17:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/08/19 17:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/08/19 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/08/19 16:15:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/18 23:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\COD4
[2010/08/18 19:11:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/08/18 19:11:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/08/18 19:11:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/08/18 19:11:44 | 000,447,952 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/08/18 19:11:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/08/18 19:11:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/08/18 19:11:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/08/18 19:11:44 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/08/18 19:11:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/08/18 19:11:42 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/08/18 19:11:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/08/18 19:11:42 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/08/18 18:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/18 17:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Graphics Bypasser
[2010/08/18 14:11:12 | 000,095,232 | ---- | C] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/08/17 17:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/08/17 17:44:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/17 17:44:29 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/08/17 17:44:29 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/08/17 17:44:29 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/08/17 17:44:29 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/08/17 17:44:29 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/08/17 17:44:29 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/08/17 17:44:29 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/08/17 17:44:29 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/08/17 17:44:29 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/08/17 17:44:29 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/08/17 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/08/17 15:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TMPGEnc-2.525.64.184-EN-Free
[2010/08/17 15:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/16 18:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GCT GENARATOR
[2010/08/16 17:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Computer++
[2010/08/16 17:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
[2010/08/16 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reasonable NoClone 2007 Enterprise
[2010/08/16 16:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/16 16:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desktop
[2010/08/16 13:54:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/15 22:17:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/15 13:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/15 13:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/15 13:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/15 13:28:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/13 15:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 21:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 19:05:45 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/08/11 19:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 19:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 19:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 18:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/06 14:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 14:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 14:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 19:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 19:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 16:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/08/05 16:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/08/04 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 15:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/04 01:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/04 01:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 20:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 20:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 18:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 13:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 23:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 22:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 18:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 13:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 12:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 12:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 12:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 12:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 12:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 12:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 12:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 12:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 12:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 12:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 12:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 12:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 12:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/02 11:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/02 11:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 21:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 17:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 17:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 13:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 13:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/25 11:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 11:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2010/07/25 11:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
========== Files - Modified Within 30 Days ==========
[2010/08/22 13:57:21 | 000,000,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/22 13:55:40 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/22 13:55:22 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/22 13:55:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/22 13:54:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/22 13:54:53 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/22 13:53:27 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/22 13:53:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/22 13:48:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/22 13:24:16 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 22:40:15 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/20 22:21:55 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:44 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/08/20 21:44:23 | 000,000,267 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/08/20 16:46:06 | 000,001,117 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 22:54:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/19 22:51:52 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 18:03:55 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:09:26 | 680,366,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 12:41:36 | 000,024,599 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 20:55:18 | 000,095,232 | ---- | M] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/18 19:11:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/08/18 19:11:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/08/18 19:11:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/08/18 19:11:44 | 000,447,952 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/08/18 19:11:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/08/18 19:11:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/08/18 19:11:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/08/18 19:11:44 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/08/18 19:11:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/08/18 19:11:42 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/08/18 19:11:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/08/18 19:11:42 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/08/18 14:06:24 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Shenk's 2010 HabboUK Bruteforcer 2.0.0.exe
[2010/08/17 18:27:03 | 002,264,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:44:29 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 13:40:46 | 115,548,956 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/15 19:18:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/15 19:18:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/15 13:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/14 15:56:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 15:56:48 | 000,000,460 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe.lnk
[2010/08/14 15:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/13 00:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 23:57:27 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\chrtmp
[2010/08/12 21:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 13:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 12:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 12:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 12:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 11:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 17:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 14:24:19 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/04 00:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 13:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 13:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 13:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 19:12:04 | 000,088,969 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 16:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 12:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 17:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
========== Files Created - No Company Name ==========
[2010/08/22 13:56:24 | 000,000,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/21 23:46:55 | 1340,133,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/20 22:21:55 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:22 | 000,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/08/20 16:44:30 | 000,001,117 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 18:52:16 | 680,366,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 17:37:28 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:32:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 12:41:36 | 000,024,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 14:04:25 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\chrtmp
[2010/08/18 14:04:23 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Shenk's 2010 HabboUK Bruteforcer 2.0.0.exe
[2010/08/17 18:26:44 | 002,264,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:46:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/08/17 17:44:29 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/08/17 17:44:29 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/08/17 17:44:29 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/08/17 17:44:29 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/08/17 17:44:29 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/08/17 17:44:29 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/08/17 17:44:29 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/08/17 17:44:29 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/08/17 17:44:29 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 14:52:03 | 115,548,956 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/14 15:56:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 15:56:47 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe.lnk
[2010/08/13 00:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 14:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 17:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 16:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/04 00:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 19:12:01 | 000,088,969 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 18:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 18:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 17:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/01 08:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 21:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 21:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/26 19:28:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/21 10:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 12:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/06 14:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 14:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 14:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/05/22 19:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 14:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/03 15:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 22:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 21:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/12 11:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 10:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 10:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/11/05 23:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2009/02/17 18:11:30 | 000,024,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2008/12/31 11:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2008/04/14 08:00:00 | 001,033,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\explorer.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\winlogon.exe
[2007/11/14 20:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 18:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0B97FF3A444CD92A
< End of report >
The above log was done before ComboFix.
Everything is so bad !! ComboFix won't even work!! please help
========== OTL ==========
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files\DVDVideoSoftTB\tbDVDV.dll moved successfully.
HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72753B7E-42E3-4CEC-87C8-5376EE3B17C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72753B7E-42E3-4CEC-87C8-5376EE3B17C4}\ deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98C29012-388F-4DCC-91E4-037249C94392}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98C29012-388F-4DCC-91E4-037249C94392}\ deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bipro deleted successfully.
File C:\WINDOWS\$NtUninstallMTF1011$\mmduch.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cschcoyy deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\clakmlwbl\ywjmgamshdw.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uignvmct deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\kwullhiwm\yyelnfcshdw.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\umvlrrdd deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\kkskmsvii\yoenyndshdw.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Vtahidetayo deleted successfully.
C:\WINDOWS\ibiciqucihici.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxemrsocan.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\wxemrsocan.tmp moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\{0D0D36BD-C089-5DD3-AA1C-6AB48D3C8A22} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D0D36BD-C089-5DD3-AA1C-6AB48D3C8A22}\ not found.
C:\Documents and Settings\Administrator\Application Data\Laba\omohk.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\cschcoyy deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\clakmlwbl\ywjmgamshdw.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\newsecureapp70700.exe deleted successfully.
C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\uignvmct deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\kwullhiwm\yyelnfcshdw.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\umvlrrdd deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\kkskmsvii\yoenyndshdw.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Uroyoyiziyema deleted successfully.
C:\WINDOWS\weipsroc.dll moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk moved successfully.
File C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\Pawan_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Street-Ads\sta folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Street-Ads folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Sky-Banners\skb folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Sky-Banners folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\clakmlwbl folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\kkskmsvii folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\kwullhiwm folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Laba folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Paiduh folder moved successfully.
C:\WINDOWS\system32\drivers\bsgbqnm.sys moved successfully.
C:\WINDOWS\aguseveg.dll moved successfully.
C:\WINDOWS\Ptuqeve.dat moved successfully.
C:\WINDOWS\Bhawe.bin moved successfully.
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk not found.
C:\Documents and Settings\Administrator\Desktop\Antimalware Doctor.lnk moved successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk moved successfully.
File C:\WINDOWS\aguseveg.dll not found.
File C:\WINDOWS\Ptuqeve.dat not found.
File C:\WINDOWS\Bhawe.bin not found.
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk not found.
File C:\Documents and Settings\Administrator\Desktop\Antimalware Doctor.lnk not found.
File C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk not found.
File C:\WINDOWS\System32\drivers\bsgbqnm.sys not found.
C:\zrpt.xml moved successfully.
Folder C:\Documents and Settings\Administrator\Application Data\Sky-Banners\ not found.
Folder C:\Documents and Settings\Administrator\Application Data\Street-Ads\ not found.
C:\Documents and Settings\Administrator\Application Data\Subversion\auth\svn.username folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Subversion\auth\svn.ssl.server folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Subversion\auth\svn.ssl.client-passphrase folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Subversion\auth\svn.simple folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Subversion\auth folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Subversion folder moved successfully.
OTLPE by OldTimer - Version 3.1.40.0 log created on 08212010_232848
Here is the OTL log after I fixed it, in normal mode.
OTL logfile created on: 22/08/2010 14:25:28 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 32.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 0.76 Gb Free Space | 3.12% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 10.96 Gb Free Space | 85.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 93.82 Gb Total Space | 90.27 Gb Free Space | 96.22% Space Free | Partition Type: FAT32
Drive I: | 20.65 Gb Total Space | 8.77 Gb Free Space | 42.45% Space Free | Partition Type: NTFS
Computer Name: WIIWII
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/08/20 22:46:44 | 001,057,280 | ---- | M] (MS) -- C:\_OTL\MovedFiles\08212010_232848\C_Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe
PRC - [2010/08/18 19:11:52 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/08/15 13:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/07/04 09:54:31 | 000,142,336 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/28 18:39:04 | 000,516,096 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
PRC - [2009/01/29 23:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Program Files\Dokan\DokanLibrary\mounter.exe
PRC - [2008/12/06 00:18:58 | 000,577,536 | ---- | M] (Hoo Technologies) -- C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
PRC - [2008/04/16 12:53:46 | 001,079,808 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] () -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:00:00 | 000,507,904 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/03/26 18:41:50 | 001,232,896 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2008/03/19 15:24:20 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2008/03/10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/02/22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2007/05/24 09:00:43 | 000,081,920 | ---- | M] (Gerber Technology, A Gerber Scientific Company) -- C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/10/14 13:17:28 | 001,443,840 | ---- | M] (Linksys) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
PRC - [2004/06/14 16:16:18 | 000,045,056 | ---- | M] () -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2002/03/22 05:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
========== Modules (SafeList) ==========
MOD - [2010/08/15 13:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/14 08:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/18 19:11:52 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/14 20:41:34 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - [2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/05/10 17:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/23 11:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 11:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 21:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/01 17:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/22 21:09:16] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2009/02/17 18:11:30 | 000,024,232 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/12/31 11:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 20:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 09:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 11:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 14:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}\ [2010/08/20 22:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/22 00:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 21:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 09:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 21:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 21:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/22 00:06:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 13:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
O1 HOSTS File: ([2010/08/15 19:18:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKCU..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - HKCU..\Run: [newsecureapp70700.exe] C:\_OTL\MovedFiles\08212010_232848\C_Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe (MS)
O4 - HKLM..\RunOnce: [*upd_debug.exe] C:\_OTL\MovedFiles\08212010_232848\C_Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\upd_debug.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 10:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/21 17:02:06 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/21 17:02:05 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/08/22 13:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/08/22 13:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/08/22 13:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/20 22:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}
[2010/08/20 22:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Xfire
[2010/08/20 22:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/08/20 17:32:55 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/08/20 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/08/20 16:08:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/19 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/08/19 17:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/08/19 17:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/08/19 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/08/19 16:15:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/18 23:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\COD4
[2010/08/18 19:11:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/08/18 19:11:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/08/18 19:11:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/08/18 19:11:44 | 000,447,952 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/08/18 19:11:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/08/18 19:11:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/08/18 19:11:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/08/18 19:11:44 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/08/18 19:11:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/08/18 19:11:42 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/08/18 19:11:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/08/18 19:11:42 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/08/18 18:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/18 17:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Graphics Bypasser
[2010/08/18 14:11:12 | 000,095,232 | ---- | C] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/08/17 17:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/08/17 17:44:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/17 17:44:29 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/08/17 17:44:29 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/08/17 17:44:29 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/08/17 17:44:29 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/08/17 17:44:29 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/08/17 17:44:29 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/08/17 17:44:29 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/08/17 17:44:29 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/08/17 17:44:29 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/08/17 17:44:29 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/08/17 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/08/17 15:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TMPGEnc-2.525.64.184-EN-Free
[2010/08/17 15:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/16 18:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GCT GENARATOR
[2010/08/16 17:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Computer++
[2010/08/16 17:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
[2010/08/16 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reasonable NoClone 2007 Enterprise
[2010/08/16 16:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/16 16:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desktop
[2010/08/16 13:54:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/15 22:17:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/15 13:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/15 13:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/15 13:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/15 13:28:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/13 15:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 21:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 19:05:45 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/08/11 19:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 19:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 19:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 18:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/06 14:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 14:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 14:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 19:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 19:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 16:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/08/05 16:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/08/04 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 15:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/04 01:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/04 01:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 20:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 20:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 18:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 13:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 23:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 22:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 18:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 13:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 12:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 12:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 12:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 12:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 12:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 12:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 12:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 12:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 12:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 12:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 12:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 12:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 12:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/02 11:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/02 11:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 21:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 17:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 17:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 13:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 13:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/25 11:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 11:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2010/07/25 11:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
========== Files - Modified Within 30 Days ==========
[2010/08/22 13:57:21 | 000,000,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/22 13:55:40 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/22 13:55:22 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/22 13:55:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/22 13:54:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/22 13:54:53 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/22 13:53:27 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/22 13:53:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/22 13:48:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/22 13:24:16 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 22:40:15 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/20 22:21:55 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:44 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/08/20 21:44:23 | 000,000,267 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/08/20 16:46:06 | 000,001,117 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 22:54:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/19 22:51:52 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 18:03:55 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:09:26 | 680,366,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 12:41:36 | 000,024,599 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 20:55:18 | 000,095,232 | ---- | M] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/18 19:11:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/08/18 19:11:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/08/18 19:11:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/08/18 19:11:44 | 000,447,952 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/08/18 19:11:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/08/18 19:11:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/08/18 19:11:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/08/18 19:11:44 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/08/18 19:11:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/08/18 19:11:42 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/08/18 19:11:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/08/18 19:11:42 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/08/18 14:06:24 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Shenk's 2010 HabboUK Bruteforcer 2.0.0.exe
[2010/08/17 18:27:03 | 002,264,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:44:29 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 13:40:46 | 115,548,956 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/15 19:18:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/15 19:18:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/15 13:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/14 15:56:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 15:56:48 | 000,000,460 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe.lnk
[2010/08/14 15:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/13 00:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 23:57:27 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\chrtmp
[2010/08/12 21:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 13:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 12:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 12:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 12:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 11:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 17:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 14:24:19 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/04 00:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 13:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 13:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 13:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 19:12:04 | 000,088,969 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 16:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 12:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 17:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
========== Files Created - No Company Name ==========
[2010/08/22 13:56:24 | 000,000,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/21 23:46:55 | 1340,133,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/20 22:21:55 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:22 | 000,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/08/20 16:44:30 | 000,001,117 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 18:52:16 | 680,366,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 17:37:28 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:32:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 12:41:36 | 000,024,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 14:04:25 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\chrtmp
[2010/08/18 14:04:23 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Shenk's 2010 HabboUK Bruteforcer 2.0.0.exe
[2010/08/17 18:26:44 | 002,264,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:46:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/08/17 17:44:29 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/08/17 17:44:29 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/08/17 17:44:29 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/08/17 17:44:29 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/08/17 17:44:29 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/08/17 17:44:29 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/08/17 17:44:29 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/08/17 17:44:29 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/08/17 17:44:29 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 14:52:03 | 115,548,956 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/14 15:56:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 15:56:47 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe.lnk
[2010/08/13 00:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 14:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 17:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 16:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/04 00:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 19:12:01 | 000,088,969 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 18:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 18:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 17:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/01 08:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 21:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 21:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/26 19:28:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/21 10:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 12:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/06 14:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 14:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 14:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/05/22 19:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 14:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/03 15:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 22:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 21:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/12 11:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 10:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 10:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/11/05 23:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2009/02/17 18:11:30 | 000,024,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2008/12/31 11:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2008/04/14 08:00:00 | 001,033,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\explorer.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\winlogon.exe
[2007/11/14 20:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 18:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0B97FF3A444CD92A
< End of report >
The above log was done before ComboFix.
Everything is so bad !! ComboFix won't even work!! please help
#50
Posted 22 August 2010 - 10:33 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK this is one clever malware it is now running from OTL quarantine. As soon as the computer reboots from this fix run OTL and hit the Cleanup button
Run OTL
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Please click here to download AVP Tool by Kaspersky.
After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKCU..\Run: [newsecureapp70700.exe] C:\_OTL\MovedFiles\08212010_232848\C_Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe (MS)
O4 - HKLM..\RunOnce: [*upd_debug.exe] C:\_OTL\MovedFiles\08212010_232848\C_Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\upd_debug.exe ()
[2010/08/22 13:57:21 | 000,000,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/22 13:55:40 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Please click here to download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode.
You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter. - Double click the setup file to run it.
- Click Next to continue.
- It will by default install it to your desktop folder.Click Next.
- Hit ok at the prompt for scanning in Safe Mode.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- System Memory
- Startup Objects
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.
- Then click on Scan at the to right hand Corner.
- It will automatically Neutralize any objects found.
- If some objects are left un-neutralized then click the button that says Neutralize all
- If it says it cannot be Neutralized then chooose The delete option when prompted.
- After that is done click on the reports button at the bottom and save it to file name it Kas.
- Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
#51
Posted 24 August 2010 - 07:10 AM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
I can't get into my computer, after I done the kaspersky scan I log-on and theres nothing, only the wallpaper and the mouse. Seems like everything is getting worse and worse. I done the OTL fix succesfully. And I did do the kaspersky scan in safe mode, but I can't click the save button ( resolution ).
EDIT: May I add that explorer.exe isn't in task manager when started up, and explorer.exe is not in C:\WINDOWS\ or C:\WINDOWS\SYSTEM32\
EDIT: May I add that explorer.exe isn't in task manager when started up, and explorer.exe is not in C:\WINDOWS\ or C:\WINDOWS\SYSTEM32\
Edited by Pawanhammers, 24 August 2010 - 09:11 AM.
#52
Posted 24 August 2010 - 11:02 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK looks like AVP killed explorer
Do you have access to a windows CD so that we can extract a new copy of explorer ?
Do you have access to a windows CD so that we can extract a new copy of explorer ?
#53
Posted 24 August 2010 - 12:15 PM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
Yep I have Im using XP SP3 but I have the XP SP2 CD ( and the SP3 lying around somewhere but I don't know where that is. If I need it just tell me and i'll try to find it ) also i'm typing now from the broken computer ( I done CTRL + DELETE + ATL ) Taskmanager, and I wen't to file then new process then opened safari from there, I also done a Malware-Bytes scan, a full scan, and I also scanned the usb drive, here is the log, just so you know.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4436
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
24/08/2010 18:59:25
mbam-log-2010-08-24 (18-59-25).txt
Scan type: Full scan (C:\|D:\|G:\|H:\|I:\|)
Objects scanned: 218472
Time elapsed: 1 hour(s), 17 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\PriceGong (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.
Files Infected:
C:\WINDOWS\system32\drivers\67304222.sys (Rootkit.Agent.H) -> No action taken.
C:\Program Files\Pegasys Inc\TMPGEnc Authoring Works 4\keygen.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000239.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000240.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000242.dll (Trojan.Hiloti) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000257.dll (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000258.dll (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000278.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000488.exe (Trojan.Agent.CK) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000669.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> No action taken.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\Shenk's 2010 HabboUK Bruteforcer 2.0.0.exe (Trojan.Swizzor) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\chrtmp (Malware.Trace) -> No action taken.
Also I read the log and it says no action taken, i don't know why, I did tick all the viruses and click remove selected, and when it asked to reboot i did so.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4436
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
24/08/2010 18:59:25
mbam-log-2010-08-24 (18-59-25).txt
Scan type: Full scan (C:\|D:\|G:\|H:\|I:\|)
Objects scanned: 218472
Time elapsed: 1 hour(s), 17 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\PriceGong (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.
Files Infected:
C:\WINDOWS\system32\drivers\67304222.sys (Rootkit.Agent.H) -> No action taken.
C:\Program Files\Pegasys Inc\TMPGEnc Authoring Works 4\keygen.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000239.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000240.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000242.dll (Trojan.Hiloti) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000257.dll (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000258.dll (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000278.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000488.exe (Trojan.Agent.CK) -> No action taken.
C:\System Volume Information\_restore{5873CECD-F265-4024-8275-35E9E20452D2}\RP4\A0000669.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> No action taken.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\Shenk's 2010 HabboUK Bruteforcer 2.0.0.exe (Trojan.Swizzor) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\chrtmp (Malware.Trace) -> No action taken.
Also I read the log and it says no action taken, i don't know why, I did tick all the viruses and click remove selected, and when it asked to reboot i did so.
#54
Posted 24 August 2010 - 12:19 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
As you can run things - lets run OTL and see if there is a spare copy on your system
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
/md5start
explorer.exe
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
#55
Posted 24 August 2010 - 12:52 PM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
Here is the OTL log.
OTL logfile created on: 24/08/2010 19:31:19 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 6.41 Gb Free Space | 26.27% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 10.97 Gb Free Space | 85.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIIWII
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Program Files\Dokan\DokanLibrary\mounter.exe
PRC - [2004/10/14 13:17:28 | 001,443,840 | ---- | M] (Linksys) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
========== Modules (SafeList) ==========
MOD - [2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/14 20:41:34 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\67304222.sys -- (67304222)
DRV - [2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 17:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/23 11:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 11:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 21:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\6730422.sys -- (setup_9.0.0.722_23.08.2010_03-48drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\67304221.sys -- (67304221)
DRV - [2009/09/01 17:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/22 21:09:16] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008/12/31 11:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 20:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 09:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 11:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 14:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}\ [2010/08/20 22:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/23 00:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 21:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 09:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 21:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 21:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/23 00:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 13:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
O1 HOSTS File: ([2010/08/15 19:18:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..\Toolbar\ShellBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [adslsvccat.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [newsecureapp70700.exe] C:\_OTL\MovedFiles\08212010_232848\C_Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe File not found
O4 - HKLM..\RunOnce: [*adslsvccat.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_23.08.2010_03-48.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_23.08.2010_03-48\startup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 10:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:12:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:12:44 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-602162358-1500820517-682003330-500\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 90 Days ==========
[2010/08/24 19:29:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/24 11:49:04 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\6730422.sys
[2010/08/24 11:49:04 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\67304221.sys
[2010/08/24 11:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2010/08/23 20:35:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/23 12:43:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2010/08/23 01:21:38 | 073,898,584 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\setup_9.0.0.722_23.08.2010_03-48.exe
[2010/08/23 01:12:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/08/22 18:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/08/22 17:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2010/08/22 17:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/08/22 16:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/08/22 15:52:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/08/22 13:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/20 22:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}
[2010/08/20 22:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Xfire
[2010/08/20 22:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/08/20 17:32:55 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/08/20 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/08/19 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/08/19 17:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/08/19 17:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/08/19 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/08/19 16:15:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/18 18:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/18 17:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Graphics Bypasser
[2010/08/18 14:11:12 | 000,095,232 | ---- | C] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/08/17 17:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/08/17 17:44:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/17 17:44:29 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/08/17 17:44:29 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/08/17 17:44:29 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/08/17 17:44:29 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/08/17 17:44:29 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/08/17 17:44:29 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/08/17 17:44:29 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/08/17 17:44:29 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/08/17 17:44:29 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/08/17 17:44:29 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/08/17 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/08/17 15:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TMPGEnc-2.525.64.184-EN-Free
[2010/08/17 15:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/16 18:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GCT GENARATOR
[2010/08/16 17:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Computer++
[2010/08/16 17:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
[2010/08/16 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reasonable NoClone 2007 Enterprise
[2010/08/16 16:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/16 16:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desktop
[2010/08/16 13:54:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/15 13:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/15 13:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/15 13:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/13 15:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 21:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 19:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 19:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 19:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 18:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/06 14:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 14:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 14:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 19:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 19:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 16:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/08/05 16:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/08/04 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 15:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/04 01:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/04 01:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 20:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 20:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 18:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 13:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 23:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 22:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 18:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 13:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 12:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 12:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 12:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 12:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 12:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 12:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 12:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 12:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 12:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 12:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 12:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 12:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 12:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/02 11:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/02 11:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 21:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 17:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 17:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 13:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 13:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/25 11:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 11:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2010/07/25 11:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/07/21 14:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PrintScreen Files
[2010/07/21 14:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2010/07/20 18:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/19 22:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/07/19 22:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/07/14 20:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/07/12 19:28:32 | 000,000,000 | ---D | C] -- C:\Games
[2010/07/08 19:07:01 | 000,024,448 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/05 08:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/07/04 13:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2010/07/04 13:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/04 13:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/07/04 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/07/04 13:16:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/04 09:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/07/04 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/07/04 09:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/02 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Movies
[2010/07/02 08:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/29 21:04:38 | 000,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\WINDOWS\System32\GplMpgDec.ax
[2010/06/29 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Mobile 3GP Video Converter
[2010/06/29 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/06/29 20:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTubeAssistant
[2010/06/29 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 07
[2010/06/29 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/06/29 18:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/06/29 18:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My YouTube
[2010/06/29 18:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Eurekr.com
[2010/06/29 18:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2010/06/27 16:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/27 16:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\directx2
[2010/06/27 16:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/27 16:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 08
[2010/06/26 22:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/06/26 22:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVDVideoSoft
[2010/06/26 20:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\EA SPORTS™ FIFA Online
[2010/06/26 19:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/06/26 19:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
[2010/06/26 19:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/06/26 19:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2010/06/26 19:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup
[2010/06/26 18:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2010/06/26 18:21:09 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/06/26 18:21:02 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/06/21 11:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\VStitcher
[2010/06/21 11:28:16 | 000,000,000 | ---D | C] -- C:\mm95
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\dxf
[2010/06/21 11:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dvd
[2010/06/21 11:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVD Flick
[2010/06/21 11:06:36 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2010/06/21 11:06:36 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/06/21 11:06:36 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010/06/21 11:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/06/21 10:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DivX Author
[2010/06/21 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/21 10:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer
[2010/06/21 10:36:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/21 10:16:57 | 000,000,000 | ---D | C] -- C:\LEGEND
[2010/06/19 12:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/06/19 12:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gerber Technology
[2010/06/19 12:18:29 | 000,000,000 | ---D | C] -- C:\userroot
[2010/06/19 12:07:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/06/19 11:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/06/14 20:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/06/14 20:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/06/13 16:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\RCLogon
[2010/06/11 20:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/06/11 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/06/11 19:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/11 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/06/11 18:59:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/11 18:55:24 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/06/11 18:53:51 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/11 16:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/11 16:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/11 16:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/11 16:14:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/10 20:34:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/06 19:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/06 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dokan
[2010/06/06 14:49:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/06 14:33:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/06 14:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/06/06 14:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2010/06/01 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/06/01 23:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/01 23:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/06/01 23:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/01 23:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/06/01 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/06/01 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/01 15:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/01 14:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/05/29 08:59:04 | 000,000,000 | ---D | C] -- C:\aircrack-ng-1.1-win
[2010/05/29 08:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi
[2010/05/28 17:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/05/27 18:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/05/27 18:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
========== Files - Modified Within 90 Days ==========
[2010/08/24 19:03:52 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Safari.lnk
[2010/08/24 19:02:22 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/24 19:02:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 19:02:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 19:02:11 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/24 19:00:05 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/24 19:00:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/24 18:48:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/24 15:42:06 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinLogon.reg
[2010/08/24 12:39:54 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/24 11:50:45 | 000,002,274 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_23.08.2010_03-48.lnk
[2010/08/23 01:26:02 | 073,898,584 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\setup_9.0.0.722_23.08.2010_03-48.exe
[2010/08/23 00:31:12 | 000,076,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/22 17:54:26 | 003,589,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/22 17:43:13 | 000,154,112 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe
[2010/08/22 16:48:11 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/22 16:40:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 14:55:33 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/08/22 14:51:28 | 000,000,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/22 13:24:16 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 22:40:15 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/20 22:21:55 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:44 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/08/20 21:44:23 | 000,000,267 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/08/20 16:46:06 | 000,001,117 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 22:54:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/19 22:51:52 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 18:03:55 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:09:26 | 680,366,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 12:41:36 | 000,024,599 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 20:55:18 | 000,095,232 | ---- | M] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 18:27:03 | 002,264,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:44:29 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 13:40:46 | 115,548,956 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/15 19:18:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/15 19:18:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/14 15:56:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 15:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/13 00:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 13:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 12:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 12:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 12:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 11:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 17:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 00:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 13:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 13:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 13:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 19:12:04 | 000,088,969 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 16:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 12:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 17:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/19 22:16:54 | 000,087,607 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/15 18:01:32 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/12 20:30:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/07/12 20:30:37 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/07/11 15:13:18 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/04 13:20:37 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/07/01 09:08:24 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/26 19:28:00 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/21 11:45:07 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/21 11:45:06 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/21 11:31:02 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/21 11:30:57 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:57:16 | 000,000,607 | ---- | M] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/21 10:35:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:58:11 | 000,008,430 | ---- | M] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:28:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:24:02 | 000,000,054 | ---- | M] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | M] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:20:51 | 000,001,398 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 19:01:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/11 18:57:49 | 000,023,553 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/11 18:52:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/11 18:52:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/11 18:52:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/11 18:49:31 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/11 18:39:17 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:14:41 | 000,226,555 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/05/29 09:14:52 | 000,012,442 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
========== Files Created - No Company Name ==========
[2010/08/24 15:42:06 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinLogon.reg
[2010/08/24 12:38:53 | 1340,133,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/24 11:50:45 | 000,002,274 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_23.08.2010_03-48.lnk
[2010/08/22 17:43:12 | 000,154,112 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe
[2010/08/22 16:40:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 14:55:33 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/08/22 14:55:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/22 14:50:39 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/20 22:21:55 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:22 | 000,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/08/20 16:44:30 | 000,001,117 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 18:52:16 | 680,366,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 17:37:28 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:32:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 12:41:36 | 000,024,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/17 18:26:44 | 002,264,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:46:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/08/17 17:44:29 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/08/17 17:44:29 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/08/17 17:44:29 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/08/17 17:44:29 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/08/17 17:44:29 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/08/17 17:44:29 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/08/17 17:44:29 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/08/17 17:44:29 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/08/17 17:44:29 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 14:52:03 | 115,548,956 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/14 15:56:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/13 00:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 14:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 17:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 16:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/04 00:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 19:12:01 | 000,088,969 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 18:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 18:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 17:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/19 22:16:53 | 000,087,607 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/11 15:13:18 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/04 09:54:50 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/07/02 19:05:24 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/07/01 08:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 21:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 21:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/06/26 22:09:45 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/06/26 19:28:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 19:28:17 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/26 19:28:03 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/06/26 19:28:01 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/06/26 19:28:00 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/26 18:22:05 | 000,002,345 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/06/21 11:30:57 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 12:55:21 | 000,008,430 | ---- | C] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 12:33:35 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\A870.sentinel
[2010/06/19 12:28:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:26:18 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/19 12:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | C] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:22:36 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/19 12:22:36 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/19 12:20:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 18:56:07 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/06/11 18:55:15 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/11 18:54:45 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/06/11 18:54:44 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/11 18:54:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/11 18:54:33 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/11 18:54:31 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/11 18:54:21 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/11 18:54:16 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/11 18:54:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/06/11 18:53:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/11 18:53:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/06/11 18:53:46 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/06/11 18:53:45 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/06/11 18:51:40 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:39:17 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:38:39 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/11 18:38:39 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/11 18:38:39 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/06/11 18:38:39 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/06/11 18:38:39 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/11 18:38:39 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/06/11 18:38:39 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/06/11 18:38:39 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/06/11 18:38:39 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/06/11 18:38:39 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/06/11 18:38:39 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/11 18:38:39 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/06/11 18:38:39 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/06/11 18:38:39 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/11 18:38:39 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/11 18:38:38 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/06/11 18:38:38 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/06/11 18:38:38 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/06/06 14:33:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/06/06 14:09:48 | 001,718,912 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/06/06 14:09:48 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/06/06 14:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 14:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 14:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/06/01 17:58:53 | 000,060,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/01 17:38:29 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/01 17:38:28 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Safari.lnk
[2010/05/29 09:14:52 | 000,012,442 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
[2010/05/22 19:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 14:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/03 15:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 22:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 21:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/14 17:41:02 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 11:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 10:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 10:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/11/05 23:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2008/12/31 11:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2007/11/14 20:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 18:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/08/10 19:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/07/04 09:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/09 14:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2010/08/19 17:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/07/20 18:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/04 02:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/06/26 22:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/04/12 10:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/04/13 11:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/08/21 13:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Geaw
[2010/05/09 12:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GeoVid
[2010/06/29 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/05/02 20:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HTNetMeter
[2010/08/15 22:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/05/22 12:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/08/17 15:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/01 17:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/05/16 17:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2010/07/05 19:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MessengerDiscovery 2
[2010/05/01 21:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/05/01 21:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
[2010/05/28 17:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/05/01 21:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/21 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2010/05/27 18:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/08/16 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/12 21:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/22 17:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/18 20:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/21 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/14 20:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/08/22 17:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/08/02 12:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/19 17:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/06/21 11:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/04/12 12:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2010/04/12 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010/05/01 21:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/01 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/04 16:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/05/01 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/12 21:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/02 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/05/23 11:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/05/02 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/08/22 17:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/23 11:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/08/11 19:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/24 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Nokia
[2010/07/02 11:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\ESET
[2010/08/11 15:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\PC Suite
========== Purity Check ==========
========== Custom Scans ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0B97FF3A444CD92A
< End of report >
OTL logfile created on: 24/08/2010 19:31:19 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 6.41 Gb Free Space | 26.27% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 10.97 Gb Free Space | 85.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIIWII
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Program Files\Dokan\DokanLibrary\mounter.exe
PRC - [2004/10/14 13:17:28 | 001,443,840 | ---- | M] (Linksys) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
========== Modules (SafeList) ==========
MOD - [2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/14 20:41:34 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\67304222.sys -- (67304222)
DRV - [2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 17:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/23 11:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 11:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 21:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\6730422.sys -- (setup_9.0.0.722_23.08.2010_03-48drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\67304221.sys -- (67304221)
DRV - [2009/09/01 17:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/22 21:09:16] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008/12/31 11:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 20:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 09:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 11:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 14:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKU\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}\ [2010/08/20 22:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/23 00:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 21:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 09:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 21:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 21:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/23 00:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 13:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
O1 HOSTS File: ([2010/08/15 19:18:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..\Toolbar\ShellBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [adslsvccat.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [newsecureapp70700.exe] C:\_OTL\MovedFiles\08212010_232848\C_Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe File not found
O4 - HKLM..\RunOnce: [*adslsvccat.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_23.08.2010_03-48.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_23.08.2010_03-48\startup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 10:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:12:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:12:44 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-602162358-1500820517-682003330-500\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 90 Days ==========
[2010/08/24 19:29:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/24 11:49:04 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\6730422.sys
[2010/08/24 11:49:04 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\67304221.sys
[2010/08/24 11:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2010/08/23 20:35:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/23 12:43:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2010/08/23 01:21:38 | 073,898,584 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\setup_9.0.0.722_23.08.2010_03-48.exe
[2010/08/23 01:12:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/08/22 18:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/08/22 17:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2010/08/22 17:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/08/22 16:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/08/22 15:52:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/08/22 13:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/20 22:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}
[2010/08/20 22:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Xfire
[2010/08/20 22:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/08/20 17:32:55 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/08/20 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/08/19 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/08/19 17:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/08/19 17:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/08/19 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/08/19 16:15:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/18 18:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/18 17:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Graphics Bypasser
[2010/08/18 14:11:12 | 000,095,232 | ---- | C] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/08/17 17:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/08/17 17:44:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/17 17:44:29 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/08/17 17:44:29 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/08/17 17:44:29 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/08/17 17:44:29 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/08/17 17:44:29 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/08/17 17:44:29 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/08/17 17:44:29 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/08/17 17:44:29 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/08/17 17:44:29 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/08/17 17:44:29 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/08/17 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/08/17 15:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TMPGEnc-2.525.64.184-EN-Free
[2010/08/17 15:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/16 18:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GCT GENARATOR
[2010/08/16 17:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Computer++
[2010/08/16 17:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
[2010/08/16 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reasonable NoClone 2007 Enterprise
[2010/08/16 16:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/16 16:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desktop
[2010/08/16 13:54:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/15 13:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/15 13:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/15 13:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/13 15:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 21:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 19:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 19:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 19:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 18:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/06 14:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 14:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 14:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 19:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 19:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 16:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/08/05 16:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/08/04 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 15:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/04 01:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/04 01:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 20:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 20:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 18:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 13:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 23:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 22:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 18:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 13:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 12:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 12:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 12:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 12:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 12:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 12:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 12:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 12:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 12:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 12:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 12:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 12:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 12:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/02 11:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/02 11:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 21:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 17:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 17:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 13:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 13:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/25 11:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 11:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2010/07/25 11:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/07/21 14:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PrintScreen Files
[2010/07/21 14:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2010/07/20 18:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/19 22:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/07/19 22:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/07/14 20:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/07/12 19:28:32 | 000,000,000 | ---D | C] -- C:\Games
[2010/07/08 19:07:01 | 000,024,448 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/05 08:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/07/04 13:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2010/07/04 13:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/04 13:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/07/04 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/07/04 13:16:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/04 09:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/07/04 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/07/04 09:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/02 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Movies
[2010/07/02 08:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/29 21:04:38 | 000,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\WINDOWS\System32\GplMpgDec.ax
[2010/06/29 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Mobile 3GP Video Converter
[2010/06/29 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/06/29 20:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTubeAssistant
[2010/06/29 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 07
[2010/06/29 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/06/29 18:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/06/29 18:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My YouTube
[2010/06/29 18:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Eurekr.com
[2010/06/29 18:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2010/06/27 16:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/27 16:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\directx2
[2010/06/27 16:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/27 16:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 08
[2010/06/26 22:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/06/26 22:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVDVideoSoft
[2010/06/26 20:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\EA SPORTS™ FIFA Online
[2010/06/26 19:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/06/26 19:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
[2010/06/26 19:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/06/26 19:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2010/06/26 19:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup
[2010/06/26 18:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2010/06/26 18:21:09 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/06/26 18:21:02 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/06/21 11:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\VStitcher
[2010/06/21 11:28:16 | 000,000,000 | ---D | C] -- C:\mm95
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\dxf
[2010/06/21 11:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dvd
[2010/06/21 11:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVD Flick
[2010/06/21 11:06:36 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2010/06/21 11:06:36 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/06/21 11:06:36 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010/06/21 11:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/06/21 10:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DivX Author
[2010/06/21 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/21 10:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer
[2010/06/21 10:36:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/21 10:16:57 | 000,000,000 | ---D | C] -- C:\LEGEND
[2010/06/19 12:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/06/19 12:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gerber Technology
[2010/06/19 12:18:29 | 000,000,000 | ---D | C] -- C:\userroot
[2010/06/19 12:07:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/06/19 11:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/06/14 20:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/06/14 20:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/06/13 16:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\RCLogon
[2010/06/11 20:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/06/11 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/06/11 19:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/11 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/06/11 18:59:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/11 18:55:24 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/06/11 18:53:51 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/11 16:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/11 16:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/11 16:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/11 16:14:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/10 20:34:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/06 19:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/06 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dokan
[2010/06/06 14:49:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/06 14:33:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/06 14:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/06/06 14:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2010/06/01 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/06/01 23:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/01 23:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/06/01 23:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/01 23:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/06/01 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/06/01 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/01 15:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/01 14:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/05/29 08:59:04 | 000,000,000 | ---D | C] -- C:\aircrack-ng-1.1-win
[2010/05/29 08:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi
[2010/05/28 17:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/05/27 18:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/05/27 18:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
========== Files - Modified Within 90 Days ==========
[2010/08/24 19:03:52 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Safari.lnk
[2010/08/24 19:02:22 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/24 19:02:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 19:02:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 19:02:11 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/24 19:00:05 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/24 19:00:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/24 18:48:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/24 15:42:06 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinLogon.reg
[2010/08/24 12:39:54 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/24 11:50:45 | 000,002,274 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_23.08.2010_03-48.lnk
[2010/08/23 01:26:02 | 073,898,584 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\setup_9.0.0.722_23.08.2010_03-48.exe
[2010/08/23 00:31:12 | 000,076,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/22 17:54:26 | 003,589,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/22 17:43:13 | 000,154,112 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe
[2010/08/22 16:48:11 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/22 16:40:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 14:55:33 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/08/22 14:51:28 | 000,000,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/22 13:24:16 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 22:40:15 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/20 22:21:55 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:44 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/08/20 21:44:23 | 000,000,267 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/08/20 16:46:06 | 000,001,117 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 22:54:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/19 22:51:52 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 18:03:55 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:09:26 | 680,366,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 12:41:36 | 000,024,599 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 20:55:18 | 000,095,232 | ---- | M] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 18:27:03 | 002,264,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:44:29 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 13:40:46 | 115,548,956 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/15 19:18:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/15 19:18:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/14 15:56:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 15:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/13 00:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 13:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 12:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 12:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 12:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 11:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 17:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 00:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 13:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 13:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 13:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 19:12:04 | 000,088,969 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 16:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 12:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 17:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/19 22:16:54 | 000,087,607 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/15 18:01:32 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/12 20:30:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/07/12 20:30:37 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/07/11 15:13:18 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/04 13:20:37 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/07/01 09:08:24 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/26 19:28:00 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/21 11:45:07 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/21 11:45:06 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/21 11:31:02 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/21 11:30:57 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:57:16 | 000,000,607 | ---- | M] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/21 10:35:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:58:11 | 000,008,430 | ---- | M] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:28:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:24:02 | 000,000,054 | ---- | M] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | M] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:20:51 | 000,001,398 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 19:01:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/11 18:57:49 | 000,023,553 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/11 18:52:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/11 18:52:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/11 18:52:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/11 18:49:31 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/11 18:39:17 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:14:41 | 000,226,555 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/05/29 09:14:52 | 000,012,442 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
========== Files Created - No Company Name ==========
[2010/08/24 15:42:06 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinLogon.reg
[2010/08/24 12:38:53 | 1340,133,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/24 11:50:45 | 000,002,274 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_23.08.2010_03-48.lnk
[2010/08/22 17:43:12 | 000,154,112 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe
[2010/08/22 16:40:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 14:55:33 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/08/22 14:55:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/22 14:50:39 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/20 22:21:55 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:22 | 000,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/08/20 16:44:30 | 000,001,117 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 18:52:16 | 680,366,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 17:37:28 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:32:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 12:41:36 | 000,024,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/17 18:26:44 | 002,264,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:46:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/08/17 17:44:29 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/08/17 17:44:29 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/08/17 17:44:29 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/08/17 17:44:29 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/08/17 17:44:29 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/08/17 17:44:29 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/08/17 17:44:29 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/08/17 17:44:29 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/08/17 17:44:29 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 14:52:03 | 115,548,956 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/14 15:56:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/13 00:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 14:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 17:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 16:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/04 00:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 19:12:01 | 000,088,969 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 18:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 18:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 17:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/19 22:16:53 | 000,087,607 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/11 15:13:18 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/04 09:54:50 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/07/02 19:05:24 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/07/01 08:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 21:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 21:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/06/26 22:09:45 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/06/26 19:28:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 19:28:17 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/26 19:28:03 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/06/26 19:28:01 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/06/26 19:28:00 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/26 18:22:05 | 000,002,345 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/06/21 11:30:57 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 12:55:21 | 000,008,430 | ---- | C] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 12:33:35 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\A870.sentinel
[2010/06/19 12:28:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:26:18 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/19 12:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | C] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:22:36 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/19 12:22:36 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/19 12:20:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 18:56:07 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/06/11 18:55:15 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/11 18:54:45 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/06/11 18:54:44 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/11 18:54:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/11 18:54:33 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/11 18:54:31 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/11 18:54:21 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/11 18:54:16 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/11 18:54:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/06/11 18:53:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/11 18:53:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/06/11 18:53:46 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/06/11 18:53:45 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/06/11 18:51:40 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:39:17 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:38:39 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/11 18:38:39 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/11 18:38:39 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/06/11 18:38:39 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/06/11 18:38:39 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/11 18:38:39 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/06/11 18:38:39 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/06/11 18:38:39 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/06/11 18:38:39 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/06/11 18:38:39 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/06/11 18:38:39 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/11 18:38:39 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/06/11 18:38:39 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/06/11 18:38:39 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/11 18:38:39 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/11 18:38:38 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/06/11 18:38:38 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/06/11 18:38:38 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/06/06 14:33:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/06/06 14:09:48 | 001,718,912 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/06/06 14:09:48 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/06/06 14:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 14:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 14:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/06/01 17:58:53 | 000,060,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/01 17:38:29 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/01 17:38:28 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Safari.lnk
[2010/05/29 09:14:52 | 000,012,442 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
[2010/05/22 19:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 14:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/03 15:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 22:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 21:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/14 17:41:02 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 11:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 10:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 10:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/11/05 23:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2008/12/31 11:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2007/11/14 20:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 18:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/08/10 19:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/07/04 09:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/09 14:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2010/08/19 17:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/07/20 18:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/04 02:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/06/26 22:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/04/12 10:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/04/13 11:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/08/21 13:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Geaw
[2010/05/09 12:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GeoVid
[2010/06/29 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/05/02 20:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HTNetMeter
[2010/08/15 22:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/05/22 12:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/08/17 15:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/01 17:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/05/16 17:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2010/07/05 19:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MessengerDiscovery 2
[2010/05/01 21:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/05/01 21:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
[2010/05/28 17:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/05/01 21:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/21 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2010/05/27 18:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/08/16 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/12 21:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/22 17:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/18 20:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/21 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/14 20:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/08/22 17:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/08/02 12:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/19 17:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/06/21 11:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/04/12 12:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2010/04/12 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010/05/01 21:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/01 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/04 16:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/05/01 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/12 21:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/02 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/05/23 11:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/05/02 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/08/22 17:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/23 11:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/08/11 19:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/24 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Nokia
[2010/07/02 11:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\ESET
[2010/08/11 15:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\PC Suite
========== Purity Check ==========
========== Custom Scans ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0B97FF3A444CD92A
< End of report >
#56
Posted 24 August 2010 - 01:29 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK it appears that you have no copies of explorer on your system. Lets see if combofix can find one in system restore. But first
Run OTL
THEN
Download Combofix from any of the links below. You must rename it before saving rename it to svchostbefore saving it to your desktop.
Link 1
Link 2
==================================
Double click on the renamed ComboFix.exe & follow the prompts.
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..\Toolbar\ShellBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [adslsvccat.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe ()
O4 - HKU\S-1-5-21-602162358-1500820517-682003330-500..\Run: [newsecureapp70700.exe] C:\_OTL\MovedFiles\08212010_232848\C_Documents and Settings\Administrator\Application Data\D8EE24D4DE25ADC46C445344FBDE382E\newsecureapp70700.exe File not found
O4 - HKLM..\RunOnce: [*adslsvccat.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_23.08.2010_03-48.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_23.08.2010_03-48\startup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O15 - HKU\S-1-5-21-602162358-1500820517-682003330-500\..Trusted Ranges: Range1979 ([http] in Trusted sites)
[2010/08/23 01:21:38 | 073,898,584 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\setup_9.0.0.722_23.08.2010_03-48.exe
[2010/08/22 17:43:13 | 000,154,112 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe
[2010/08/02 19:12:04 | 000,088,969 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/22 14:55:33 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/08/22 14:50:39 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download Combofix from any of the links below. You must rename it before saving rename it to svchostbefore saving it to your desktop.
Link 1
Link 2
==================================
Double click on the renamed ComboFix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt so we can continue cleaning the system.
#57
Posted 24 August 2010 - 03:36 PM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
Again problems with ComboFix ( svchost really ), ComboFix has never worked before. :/
Heres the OTL fix log.
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_USERS\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_USERS\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\adslsvccat.exe deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Windows\CurrentVersion\Run\\newsecureapp70700.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*adslsvccat.exe deleted successfully.
Invalid CLSID key: *adslsvccat.exe
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe not found.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk moved successfully.
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_23.08.2010_03-48.lnk moved successfully.
File move failed. C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_23.08.2010_03-48\startup.exe scheduled to be moved on reboot.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1979\\http deleted successfully.
C:\Documents and Settings\Administrator\Desktop\setup_9.0.0.722_23.08.2010_03-48.exe moved successfully.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe not found.
C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg moved successfully.
C:\WINDOWS\system32\drivers\kgpfr2.cfg moved successfully.
C:\WINDOWS\system32\drivers\kgpcpy.cfg moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 20605839 bytes
->Temporary Internet Files folder emptied: 1216016 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43882255 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 15654912 bytes
->Flash cache emptied: 5299 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33036 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 24009794 bytes
->Flash cache emptied: 3084 bytes
User: Pawan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16420 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 182897 bytes
Total Files Cleaned = 101.00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
->Flash cache emptied: 0 bytes
User: Pawan
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.10.0 log created on 08242010_212117
Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_23.08.2010_03-48\startup.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Heres the OTL Quick Scan log.
OTL logfile created on: 24/08/2010 21:27:05 - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 6.51 Gb Free Space | 26.66% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 10.97 Gb Free Space | 85.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIIWII
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Program Files\Dokan\DokanLibrary\mounter.exe
PRC - [2004/10/14 13:17:28 | 001,443,840 | ---- | M] (Linksys) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
========== Modules (SafeList) ==========
MOD - [2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/14 20:41:34 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\67304222.sys -- (67304222)
DRV - [2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 17:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/23 11:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 11:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 21:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\6730422.sys -- (setup_9.0.0.722_23.08.2010_03-48drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\67304221.sys -- (67304221)
DRV - [2009/09/01 17:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/22 21:09:16] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008/12/31 11:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 20:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 09:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 11:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 14:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}\ [2010/08/20 22:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/23 00:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 21:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 09:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 21:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 21:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/23 00:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 13:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
O1 HOSTS File: ([2010/08/24 21:21:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKCU..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 10:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:12:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:12:44 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 90 Days ==========
[2010/08/24 21:21:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/24 19:29:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/24 11:49:04 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\6730422.sys
[2010/08/24 11:49:04 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\67304221.sys
[2010/08/24 11:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2010/08/23 20:35:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/23 12:43:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2010/08/23 01:12:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/08/22 18:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/08/22 17:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2010/08/22 17:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/08/22 16:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/08/22 15:52:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/08/22 13:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/20 22:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}
[2010/08/20 22:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Xfire
[2010/08/20 22:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/08/20 17:32:55 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/08/20 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/08/19 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/08/19 17:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/08/19 17:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/08/19 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/08/19 16:15:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/18 18:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/18 17:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Graphics Bypasser
[2010/08/18 14:11:12 | 000,095,232 | ---- | C] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/08/17 17:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/08/17 17:44:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/17 17:44:29 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/08/17 17:44:29 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/08/17 17:44:29 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/08/17 17:44:29 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/08/17 17:44:29 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/08/17 17:44:29 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/08/17 17:44:29 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/08/17 17:44:29 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/08/17 17:44:29 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/08/17 17:44:29 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/08/17 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/08/17 15:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TMPGEnc-2.525.64.184-EN-Free
[2010/08/17 15:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/16 18:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GCT GENARATOR
[2010/08/16 17:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Computer++
[2010/08/16 17:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
[2010/08/16 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reasonable NoClone 2007 Enterprise
[2010/08/16 16:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/16 16:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desktop
[2010/08/16 13:54:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/15 13:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/15 13:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/15 13:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/13 15:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 21:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 19:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 19:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 19:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 18:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/06 14:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 14:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 14:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 19:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 19:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 16:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/08/05 16:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/08/04 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 15:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/04 01:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/04 01:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 20:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 20:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 18:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 13:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 23:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 22:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 18:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 13:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 12:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 12:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 12:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 12:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 12:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 12:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 12:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 12:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 12:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 12:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 12:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 12:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 12:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/02 11:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/02 11:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 21:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 17:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 17:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 13:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 13:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/25 11:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 11:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2010/07/25 11:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/07/21 14:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PrintScreen Files
[2010/07/21 14:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2010/07/20 18:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/19 22:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/07/19 22:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/07/14 20:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/07/12 19:28:32 | 000,000,000 | ---D | C] -- C:\Games
[2010/07/08 19:07:01 | 000,024,448 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/05 08:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/07/04 13:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2010/07/04 13:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/04 13:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/07/04 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/07/04 13:16:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/04 09:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/07/04 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/07/04 09:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/02 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Movies
[2010/07/02 08:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/29 21:04:38 | 000,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\WINDOWS\System32\GplMpgDec.ax
[2010/06/29 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Mobile 3GP Video Converter
[2010/06/29 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/06/29 20:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTubeAssistant
[2010/06/29 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 07
[2010/06/29 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/06/29 18:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/06/29 18:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My YouTube
[2010/06/29 18:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Eurekr.com
[2010/06/29 18:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2010/06/27 16:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/27 16:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\directx2
[2010/06/27 16:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/27 16:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 08
[2010/06/26 22:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/06/26 22:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVDVideoSoft
[2010/06/26 20:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\EA SPORTS™ FIFA Online
[2010/06/26 19:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/06/26 19:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
[2010/06/26 19:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/06/26 19:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2010/06/26 19:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup
[2010/06/26 18:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2010/06/26 18:21:09 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/06/26 18:21:02 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/06/21 11:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\VStitcher
[2010/06/21 11:28:16 | 000,000,000 | ---D | C] -- C:\mm95
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\dxf
[2010/06/21 11:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dvd
[2010/06/21 11:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVD Flick
[2010/06/21 11:06:36 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2010/06/21 11:06:36 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/06/21 11:06:36 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010/06/21 11:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/06/21 10:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DivX Author
[2010/06/21 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/21 10:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer
[2010/06/21 10:36:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/21 10:16:57 | 000,000,000 | ---D | C] -- C:\LEGEND
[2010/06/19 12:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/06/19 12:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gerber Technology
[2010/06/19 12:18:29 | 000,000,000 | ---D | C] -- C:\userroot
[2010/06/19 12:07:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/06/19 11:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/06/14 20:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/06/14 20:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/06/13 16:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\RCLogon
[2010/06/11 20:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/06/11 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/06/11 19:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/11 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/06/11 18:59:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/11 18:55:24 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/06/11 18:53:51 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/11 16:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/11 16:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/11 16:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/11 16:14:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/10 20:34:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/06 19:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/06 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dokan
[2010/06/06 14:49:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/06 14:33:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/06 14:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/06/06 14:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2010/06/01 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/06/01 23:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/01 23:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/06/01 23:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/01 23:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/06/01 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/06/01 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/01 15:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/01 14:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/05/29 08:59:04 | 000,000,000 | ---D | C] -- C:\aircrack-ng-1.1-win
[2010/05/29 08:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi
[2010/05/28 17:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/05/27 18:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/05/27 18:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
========== Files - Modified Within 90 Days ==========
[2010/08/24 21:25:45 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/24 21:25:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 21:25:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 21:25:31 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/24 21:24:48 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/24 21:24:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/24 21:21:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/24 20:48:14 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/24 19:50:31 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Safari.lnk
[2010/08/24 15:42:06 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinLogon.reg
[2010/08/23 00:31:12 | 000,076,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/22 17:54:26 | 003,589,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/22 16:48:11 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/22 16:40:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 13:24:16 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 22:40:15 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/20 22:21:55 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:44 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/08/20 21:44:23 | 000,000,267 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/08/20 16:46:06 | 000,001,117 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 22:54:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/19 22:51:52 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 18:03:55 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:09:26 | 680,366,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 12:41:36 | 000,024,599 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 20:55:18 | 000,095,232 | ---- | M] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 18:27:03 | 002,264,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:44:29 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 13:40:46 | 115,548,956 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/15 19:18:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/14 15:56:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 15:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/13 00:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 13:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 12:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 12:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 12:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 11:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 17:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 00:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 13:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 13:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 13:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 18:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 16:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 12:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 17:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/19 22:16:54 | 000,087,607 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/15 18:01:32 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/12 20:30:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/07/12 20:30:37 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/07/11 15:13:18 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/04 13:20:37 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/07/01 09:08:24 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/26 19:28:00 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/21 11:45:07 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/21 11:45:06 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/21 11:31:02 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/21 11:30:57 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:57:16 | 000,000,607 | ---- | M] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/21 10:35:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:58:11 | 000,008,430 | ---- | M] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:28:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:24:02 | 000,000,054 | ---- | M] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | M] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:20:51 | 000,001,398 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 19:01:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/11 18:57:49 | 000,023,553 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/11 18:52:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/11 18:52:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/11 18:52:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/11 18:49:31 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/11 18:39:17 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:14:41 | 000,226,555 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/05/29 09:14:52 | 000,012,442 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
========== Files Created - No Company Name ==========
[2010/08/24 15:42:06 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinLogon.reg
[2010/08/24 12:38:53 | 1340,133,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/22 16:40:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 14:55:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/20 22:21:55 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:22 | 000,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/08/20 16:44:30 | 000,001,117 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 18:52:16 | 680,366,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 17:37:28 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:32:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 12:41:36 | 000,024,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/17 18:26:44 | 002,264,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:46:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/08/17 17:44:29 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/08/17 17:44:29 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/08/17 17:44:29 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/08/17 17:44:29 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/08/17 17:44:29 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/08/17 17:44:29 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/08/17 17:44:29 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/08/17 17:44:29 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/08/17 17:44:29 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 14:52:03 | 115,548,956 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/14 15:56:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/13 00:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 14:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 17:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 16:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/04 00:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 18:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 18:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 17:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/19 22:16:53 | 000,087,607 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/11 15:13:18 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/02 19:05:24 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/07/01 08:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 21:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 21:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/06/26 22:09:45 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/06/26 19:28:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 19:28:17 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/26 19:28:03 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/06/26 19:28:01 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/06/26 19:28:00 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/26 18:22:05 | 000,002,345 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/06/21 11:30:57 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 12:55:21 | 000,008,430 | ---- | C] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 12:33:35 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\A870.sentinel
[2010/06/19 12:28:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:26:18 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/19 12:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | C] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:22:36 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/19 12:22:36 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/19 12:20:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 18:56:07 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/06/11 18:55:15 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/11 18:54:45 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/06/11 18:54:44 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/11 18:54:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/11 18:54:33 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/11 18:54:31 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/11 18:54:21 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/11 18:54:16 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/11 18:54:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/06/11 18:53:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/11 18:53:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/06/11 18:53:46 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/06/11 18:53:45 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/06/11 18:51:40 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:39:17 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:38:39 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/11 18:38:39 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/11 18:38:39 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/06/11 18:38:39 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/06/11 18:38:39 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/11 18:38:39 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/06/11 18:38:39 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/06/11 18:38:39 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/06/11 18:38:39 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/06/11 18:38:39 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/06/11 18:38:39 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/11 18:38:39 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/06/11 18:38:39 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/06/11 18:38:39 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/11 18:38:39 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/11 18:38:38 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/06/11 18:38:38 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/06/11 18:38:38 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/06/06 14:33:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/06/06 14:09:48 | 001,718,912 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/06/06 14:09:48 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/06/06 14:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 14:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 14:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/06/01 17:58:53 | 000,060,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/01 17:38:29 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/01 17:38:28 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Safari.lnk
[2010/05/29 09:14:52 | 000,012,442 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
[2010/05/22 19:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 14:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/03 15:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 22:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 21:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/14 17:41:02 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 11:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 10:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 10:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/11/05 23:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2008/12/31 11:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2007/11/14 20:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 18:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/08/10 19:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/07/04 09:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/09 14:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2010/08/19 17:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/07/20 18:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/04 02:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/06/26 22:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/04/12 10:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/04/13 11:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/08/21 13:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Geaw
[2010/05/09 12:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GeoVid
[2010/06/29 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/05/02 20:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HTNetMeter
[2010/08/15 22:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/05/22 12:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/08/17 15:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/01 17:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/05/16 17:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2010/07/05 19:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MessengerDiscovery 2
[2010/05/01 21:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/05/01 21:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
[2010/05/28 17:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/05/01 21:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/21 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2010/05/27 18:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/08/16 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/12 21:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/22 17:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/18 20:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/21 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/14 20:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/08/22 17:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/08/02 12:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/19 17:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/06/21 11:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/04/12 12:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2010/04/12 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010/05/01 21:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/01 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/04 16:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/05/01 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/12 21:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/02 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/05/23 11:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/05/02 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/08/22 17:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/23 11:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/08/11 19:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0B97FF3A444CD92A
< End of report >
Heres the OTL fix log.
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_USERS\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_USERS\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\adslsvccat.exe deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-602162358-1500820517-682003330-500\Software\Microsoft\Windows\CurrentVersion\Run\\newsecureapp70700.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*adslsvccat.exe deleted successfully.
Invalid CLSID key: *adslsvccat.exe
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe not found.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk moved successfully.
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_23.08.2010_03-48.lnk moved successfully.
File move failed. C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_23.08.2010_03-48\startup.exe scheduled to be moved on reboot.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-602162358-1500820517-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1979\\http deleted successfully.
C:\Documents and Settings\Administrator\Desktop\setup_9.0.0.722_23.08.2010_03-48.exe moved successfully.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adslsvccat.exe not found.
C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg moved successfully.
C:\WINDOWS\system32\drivers\kgpfr2.cfg moved successfully.
C:\WINDOWS\system32\drivers\kgpcpy.cfg moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 20605839 bytes
->Temporary Internet Files folder emptied: 1216016 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43882255 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 15654912 bytes
->Flash cache emptied: 5299 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33036 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 24009794 bytes
->Flash cache emptied: 3084 bytes
User: Pawan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16420 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 182897 bytes
Total Files Cleaned = 101.00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
->Flash cache emptied: 0 bytes
User: Pawan
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.10.0 log created on 08242010_212117
Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_23.08.2010_03-48\startup.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Heres the OTL Quick Scan log.
OTL logfile created on: 24/08/2010 21:27:05 - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 6.51 Gb Free Space | 26.66% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 10.97 Gb Free Space | 85.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIIWII
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Program Files\Dokan\DokanLibrary\mounter.exe
PRC - [2004/10/14 13:17:28 | 001,443,840 | ---- | M] (Linksys) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
========== Modules (SafeList) ==========
MOD - [2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 21:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 11:34:32 | 000,020,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/14 20:41:34 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\67304222.sys -- (67304222)
DRV - [2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 17:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/23 11:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 11:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 21:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\6730422.sys -- (setup_9.0.0.722_23.08.2010_03-48drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\67304221.sys -- (67304221)
DRV - [2009/09/01 17:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/22 21:09:16] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008/12/31 11:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 20:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 09:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 11:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 14:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}\ [2010/08/20 22:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 19:02:34 | 000,000,000 | ---D | M]
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/23 00:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 21:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 09:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 21:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 21:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/23 00:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 13:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
O1 HOSTS File: ([2010/08/24 21:21:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKCU..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 10:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:12:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 01:12:44 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 90 Days ==========
[2010/08/24 21:21:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/24 19:29:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/24 11:49:04 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\6730422.sys
[2010/08/24 11:49:04 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\67304221.sys
[2010/08/24 11:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2010/08/23 20:35:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/23 12:43:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2010/08/23 01:12:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/08/22 18:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/08/22 17:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2010/08/22 17:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/08/22 16:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/08/22 15:52:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/08/22 13:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/20 22:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{2AEE3DE3-A9C2-4ED7-9603-06890817D3D1}
[2010/08/20 22:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Xfire
[2010/08/20 22:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/08/20 17:32:55 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/08/20 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/08/19 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/08/19 17:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/08/19 17:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/08/19 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/08/19 16:15:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/18 18:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/18 17:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Graphics Bypasser
[2010/08/18 14:11:12 | 000,095,232 | ---- | C] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/17 17:46:12 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/08/17 17:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/08/17 17:44:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/17 17:44:29 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/08/17 17:44:29 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/08/17 17:44:29 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/08/17 17:44:29 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/08/17 17:44:29 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/08/17 17:44:29 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/08/17 17:44:29 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/08/17 17:44:29 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/08/17 17:44:29 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/08/17 17:44:29 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/08/17 17:44:29 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/08/17 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/08/17 15:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TMPGEnc-2.525.64.184-EN-Free
[2010/08/17 15:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/16 18:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GCT GENARATOR
[2010/08/16 17:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Computer++
[2010/08/16 17:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Reasonable_Software_House
[2010/08/16 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reasonable NoClone 2007 Enterprise
[2010/08/16 16:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/16 16:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desktop
[2010/08/16 13:54:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/15 13:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/15 13:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/15 13:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/13 15:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 21:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 19:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 19:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 19:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 18:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/06 14:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 14:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 14:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 19:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 19:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 16:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/08/05 16:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/08/04 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 15:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/04 01:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/04 01:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 20:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 20:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 18:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 13:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 23:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 22:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 18:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 13:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 12:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 12:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 12:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 12:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 12:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 12:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 12:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 12:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 12:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 12:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 12:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 12:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 12:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/02 11:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/02 11:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 21:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 17:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 17:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 13:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 13:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/25 11:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 11:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2010/07/25 11:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/07/21 14:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PrintScreen Files
[2010/07/21 14:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2010/07/20 18:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/19 22:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/07/19 22:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/07/14 20:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/07/12 19:28:32 | 000,000,000 | ---D | C] -- C:\Games
[2010/07/08 19:07:01 | 000,024,448 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/05 08:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/07/04 13:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2010/07/04 13:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/04 13:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/07/04 13:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/07/04 13:16:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/04 09:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/07/04 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/07/04 09:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/02 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Movies
[2010/07/02 08:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/29 21:04:38 | 000,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\WINDOWS\System32\GplMpgDec.ax
[2010/06/29 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Mobile 3GP Video Converter
[2010/06/29 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/06/29 20:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTubeAssistant
[2010/06/29 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 07
[2010/06/29 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/06/29 18:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/06/29 18:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My YouTube
[2010/06/29 18:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Eurekr.com
[2010/06/29 18:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2010/06/27 16:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/27 16:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\directx2
[2010/06/27 16:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/27 16:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIFA 08
[2010/06/26 22:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/06/26 22:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVDVideoSoft
[2010/06/26 20:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\EA SPORTS™ FIFA Online
[2010/06/26 19:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/06/26 19:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
[2010/06/26 19:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/06/26 19:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2010/06/26 19:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup
[2010/06/26 18:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2010/06/26 18:21:09 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/06/26 18:21:02 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/06/26 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/06/21 11:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\VStitcher
[2010/06/21 11:28:16 | 000,000,000 | ---D | C] -- C:\mm95
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/06/21 11:28:13 | 000,000,000 | ---D | C] -- C:\dxf
[2010/06/21 11:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dvd
[2010/06/21 11:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVD Flick
[2010/06/21 11:06:36 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2010/06/21 11:06:36 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/06/21 11:06:36 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010/06/21 11:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/06/21 10:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DivX Author
[2010/06/21 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/21 10:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer
[2010/06/21 10:36:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/21 10:16:57 | 000,000,000 | ---D | C] -- C:\LEGEND
[2010/06/19 12:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/06/19 12:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gerber Technology
[2010/06/19 12:18:29 | 000,000,000 | ---D | C] -- C:\userroot
[2010/06/19 12:07:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/06/19 11:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/06/14 20:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/06/14 20:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/06/13 16:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\RCLogon
[2010/06/11 20:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/06/11 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/11 19:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/11 19:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/06/11 19:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/11 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/06/11 18:59:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/11 18:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/11 18:55:24 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/06/11 18:53:51 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/11 16:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/11 16:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/11 16:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/11 16:14:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/10 20:34:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/06 19:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/06 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dokan
[2010/06/06 14:49:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/06 14:33:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/06 14:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/06/06 14:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2010/06/01 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/06/01 23:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/01 23:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/06/01 23:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/01 23:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/01 23:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/06/01 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/06/01 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/01 15:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/01 14:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/05/29 08:59:04 | 000,000,000 | ---D | C] -- C:\aircrack-ng-1.1-win
[2010/05/29 08:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi
[2010/05/28 17:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/05/27 18:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/05/27 18:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
========== Files - Modified Within 90 Days ==========
[2010/08/24 21:25:45 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/24 21:25:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 21:25:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 21:25:31 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/24 21:24:48 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/24 21:24:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/24 21:21:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/24 20:48:14 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/24 19:50:31 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Safari.lnk
[2010/08/24 15:42:06 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinLogon.reg
[2010/08/23 00:31:12 | 000,076,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/22 17:54:26 | 003,589,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/22 16:48:11 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/22 16:40:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 13:24:16 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 22:40:15 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/20 22:21:55 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:44 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/08/20 21:44:23 | 000,000,267 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/08/20 16:46:06 | 000,001,117 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 22:54:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/19 22:51:52 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 18:03:55 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:09:26 | 680,366,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 12:41:36 | 000,024,599 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/18 20:55:18 | 000,095,232 | ---- | M] (www.youtube.com/muppe7) -- C:\Documents and Settings\Administrator\Desktop\MuppetsAutoclicker.exe
[2010/08/17 18:27:03 | 002,264,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:44:29 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 13:40:46 | 115,548,956 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/15 23:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/15 19:18:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/14 15:56:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/14 15:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/13 00:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 13:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 12:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 12:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 12:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 11:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 17:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 00:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 13:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 13:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 13:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 18:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 16:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 12:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 17:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/19 22:16:54 | 000,087,607 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/15 18:01:32 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/12 20:30:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/07/12 20:30:37 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/07/11 15:13:18 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/08 19:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\fnetthjm.sys
[2010/07/04 13:20:37 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/07/01 09:08:24 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:39:55 | 000,099,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/06/28 21:38:56 | 000,188,168 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/26 19:28:00 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/21 11:45:07 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/21 11:45:06 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/21 11:31:02 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/21 11:30:57 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:57:16 | 000,000,607 | ---- | M] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/21 10:35:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:58:11 | 000,008,430 | ---- | M] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:28:26 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:24:02 | 000,000,054 | ---- | M] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | M] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:20:51 | 000,001,398 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 19:01:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/11 18:57:49 | 000,023,553 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/11 18:52:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/11 18:52:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/11 18:52:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/11 18:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/11 18:49:31 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/11 18:39:17 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:14:41 | 000,226,555 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/05/29 09:14:52 | 000,012,442 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
========== Files Created - No Company Name ==========
[2010/08/24 15:42:06 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinLogon.reg
[2010/08/24 12:38:53 | 1340,133,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/22 16:40:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 14:55:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/20 22:21:55 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/08/20 21:45:10 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/08/20 21:44:22 | 000,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/08/20 16:44:30 | 000,001,117 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2010/08/19 18:52:16 | 680,366,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cod.avi
[2010/08/19 17:37:28 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/08/19 17:37:22 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2010/08/19 17:32:06 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/19 17:32:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 12:41:36 | 000,024,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\panchod.jpg
[2010/08/18 21:22:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$acking.docx
[2010/08/17 18:26:44 | 002,264,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4.AVI
[2010/08/17 17:46:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/08/17 17:44:29 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/08/17 17:44:29 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/08/17 17:44:29 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/08/17 17:44:29 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/08/17 17:44:29 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/08/17 17:44:29 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/08/17 17:44:29 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/08/17 17:44:29 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/08/17 17:44:29 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/17 17:44:29 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/17 14:52:03 | 115,548,956 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17082010_001.mp4
[2010/08/16 17:56:24 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GCT to TXT Converter.lnk
[2010/08/14 15:56:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2010/08/13 00:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 21:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 18:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 14:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 17:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 16:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/04 00:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 18:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 18:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 18:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 17:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/19 22:16:53 | 000,087,607 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/11 15:13:18 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/09 20:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/02 19:05:24 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/07/01 08:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 21:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 21:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/27 16:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/06/27 16:06:12 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/06/27 16:06:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/06/26 22:09:45 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/06/26 19:28:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 19:28:17 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/26 19:28:03 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/06/26 19:28:01 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/06/26 19:28:00 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/06/26 18:22:05 | 000,002,345 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/06/21 11:30:57 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk
[2010/06/21 10:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 12:55:21 | 000,008,430 | ---- | C] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 12:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 12:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 12:33:35 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\A870.sentinel
[2010/06/19 12:28:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 12:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 12:26:18 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/19 12:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 12:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 12:22:38 | 000,000,000 | ---- | C] () -- C:\license.dat
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 12:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 12:22:36 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/06/19 12:22:36 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\nsprs.tgz
[2010/06/19 12:20:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/19 12:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/16 20:46:00 | 000,040,374 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hieu.jpg
[2010/06/11 18:56:07 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/06/11 18:55:17 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/06/11 18:55:15 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/11 18:54:45 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/06/11 18:54:44 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/11 18:54:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/11 18:54:33 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/11 18:54:31 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/11 18:54:21 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/11 18:54:16 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/11 18:54:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/06/11 18:53:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/11 18:53:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/06/11 18:53:46 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/06/11 18:53:45 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/06/11 18:51:40 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/11 18:51:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/11 18:39:17 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/11 18:38:39 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/11 18:38:39 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/11 18:38:39 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/06/11 18:38:39 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/06/11 18:38:39 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/11 18:38:39 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/06/11 18:38:39 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/06/11 18:38:39 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/06/11 18:38:39 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/06/11 18:38:39 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/06/11 18:38:39 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/11 18:38:39 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/06/11 18:38:39 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/06/11 18:38:39 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/11 18:38:39 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/11 18:38:38 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/06/11 18:38:38 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/06/11 18:38:38 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/06/06 14:33:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/06/06 14:09:48 | 001,718,912 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/06/06 14:09:48 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/06/06 14:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 14:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 14:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/06/01 17:58:53 | 000,060,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/01 17:38:29 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/01 17:38:28 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Safari.lnk
[2010/05/29 09:14:52 | 000,012,442 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hacking.docx
[2010/05/29 09:02:09 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aircrack-ng GUI.exe.lnk
[2010/05/22 19:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 14:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/03 15:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 22:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 21:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/14 17:41:02 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 11:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 10:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 10:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/11/05 23:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2008/12/31 11:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2007/11/14 20:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 07:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 18:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/08/10 19:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/07/04 09:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/09 14:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2010/08/19 17:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/07/20 18:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/04 02:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/06/26 22:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/04/12 10:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/04/13 11:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/08/21 13:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Geaw
[2010/05/09 12:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GeoVid
[2010/06/29 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/05/02 20:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HTNetMeter
[2010/08/15 22:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/05/22 12:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/08/17 15:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2010/08/01 17:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/05/16 17:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2010/07/05 19:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MessengerDiscovery 2
[2010/05/01 21:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/05/01 21:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
[2010/05/28 17:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/05/01 21:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/21 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2010/05/27 18:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/08/16 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/08/12 21:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/22 17:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2010/08/22 13:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/18 20:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/21 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/14 20:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/08/22 17:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/08/02 12:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/19 17:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/06/21 11:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gerber Technology
[2010/04/12 12:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2010/04/12 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010/05/01 21:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/01 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/04 16:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/05/01 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/12 21:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/02 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/05/23 11:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/05/02 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/08/22 17:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/23 11:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/08/11 19:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0B97FF3A444CD92A
< End of report >
#58
Posted 25 August 2010 - 05:19 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK baby steps - Did you find the CD ? or do you have access to another computer where you can copy explorer from ?
Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
#59
Posted 25 August 2010 - 07:16 AM
Pawanhammers
- Topic Starter
-
- Member
-
- 248 posts
Member
Yep I have the CD and acsess to a computer where I can get explorer.exe from. Whatever is easiest.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4475
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
25/08/2010 14:13:23
mbam-log-2010-08-25 (14-13-23).txt
Scan type: Quick scan
Objects scanned: 143543
Time elapsed: 9 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\chkaqpyxhst.chkaqpyxhst (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chkaqpyxhst.chkaqpyxhst.1.0 (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4475
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
25/08/2010 14:13:23
mbam-log-2010-08-25 (14-13-23).txt
Scan type: Quick scan
Objects scanned: 143543
Time elapsed: 9 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\chkaqpyxhst.chkaqpyxhst (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chkaqpyxhst.chkaqpyxhst.1.0 (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#60
Posted 25 August 2010 - 07:33 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
The easiest way it copy from another computer to C:\windows and then reboot
Once rebooted then retry Combofix
Once rebooted then retry Combofix
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
