Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got Hit by many Win32/Agent - IE does not work


  • This topic is locked This topic is locked
44 replies to this topic

#1 Ron Cooper

Ron Cooper

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 28 March 2010 - 05:46 PM

Hello Great Warriers!
I got attacked by something on 032210. IE 8 stopped working at all. Went to MS site and they said to Remove IE 8 and install IE 7. I did that with Firefox. "Still got the same Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." "So was I". My anti Virus "Avast" could not connect to its server and their program could not Update. I ran online ESET and it found a lot of problems. "attached logs for 3 days" Malware Bytes found a few problems. "attached". Super AntiSpyware found only Cookies and it removed all of them. Comodo firewall did not alert about anything.

I have to log off of XP to shut it down. the Start/Shut Down Button is Blocked.

Defogger Ran: "Attached"
DDS did not run error "This program cannot be run in DOS mode."
Gmer ran fine "Attached Ark.txt"
Eset Logs "Scan032210 Scan032310 Scan032410"
Malware Bytes Logs "Attached"

This will get you started.
Have been Following your site for a long time. I did not think i would need it. hysterical.gif hysterical.gif
Thanks
Ron Cooper Portland, OR

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:13 AM

Posted 01 April 2010 - 05:51 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki man acch?
Yadi thak, tahal
Ki kshama kart paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Ron Cooper

Ron Cooper
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 06 April 2010 - 10:20 PM

Hello from Ron Cooper. Thanks for the reply.
the problem is that i got hit downloading a repair program for tcp. Comodo asked if i wanted to run it and i did. woops! CPU went to 100% and i stoped it with task manager and ran MalwareBytes and it removed some trojans. (Attached) At that time till now my IE does not work at all. It comes up with the (attached Error) error. Since then i have followed through with lots of google searches and it still does not work.

so now it's the gurus time to try and fix it.

Thanks for your dedication
Ron in Portland, OR USA


DDS (Ver_10-03-17.01) - NTFSx86
Run by ronc at 16:05:26.38 on Sun 04/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.429 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ronc\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PopUpCop: {db43e4e6-ff8a-4018-8c8e-f68587a44a73} - c:\progra~1\popupcop\PopUpCop.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Duhiki: {20001e7a-823d-4e19-ade2-d6ab53c7c81e} - c:\program files\duhiki\duhikitoolbar\Duhiki.dll
TB: HopSurf toolbar: {e9fab13d-4600-49e1-90d1-ee961c859d39} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
c:\documents and settings\ronc\local settings\temp\1f.tmp\temp00
c:\documents and settings\ronc\local settings\temp\1f.tmp\temp00
c:\documents and settings\ronc\local settings\temp\1f.tmp\temp00
c:\documents and settings\ronc\local settings\temp\1f.tmp\temp00
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
c:\documents and settings\ronc\local settings\temp\1f.tmp\temp00
c:\documents and settings\ronc\local settings\temp\1f.tmp\temp00
c:\documents and settings\ronc\local settings\temp\1f.tmp\temp00
StartupFolder: c:\docume~1\ronc\startm~1\programs\startup\update~1.lnk - c:\program files\update notifier\updatenotifier.exealluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office14\officesas\officeSASscheduler.exe
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-explorer: <NO NAME> =
mPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - c:\program files\gpsoftware\directory opus\dopuslib.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli
mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ronc\applic~1\mozilla\firefox\profiles\ws8cj3g3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15557&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BLT&o=15554&locale=en_US&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: XUL Cache: {67BBBBAE-B92D-41A0-A9F8-B119C767F2C7} - c:\documents and settings\ronc\local settings\application data\{67bbbbae-b92d-41a0-a9f8-b119c767f2c7}\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Fasttrak;Fasttrak;c:\windows\system32\drivers\Fasttrak.sys [2001-12-20 70528]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2003-1-9 11264]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-23 162640]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-12-8 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-12-8 25160]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2003-1-19 13294]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-23 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-23 40384]
R2 CachemanXPService;CachemanXP;c:\progra~1\cachem~1\CachemanXP.exe [2010-1-5 355840]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-12-8 723632]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-23 54752]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-4-1 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-4-1 600944]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2004-1-27 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2004-1-27 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2004-1-27 8864]
R2 PEG;PEG;c:\windows\system32\drivers\PEG.sys [2009-9-10 8064]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-23 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-23 40384]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-2-16 33792]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2002-12-30 18840]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\cfrmd.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S2 BootlogService;BootlogService;c:\program files\greatis\bootlog xp\BootLogService.exe [2010-1-6 65248]
S2 gupdate1caba70678a18cc;Google Update Service (gupdate1caba70678a18cc);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 133104]
S2 nvtvSND;AOpen NVIDIA WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2002-12-31 14048]
S3 cpuz128;cpuz128;\??\c:\docume~1\ronc\locals~1\temp\cpuz_x32.sys --> c:\docume~1\ronc\locals~1\temp\cpuz_x32.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\ronc\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\ronc\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 hcdriver;EHCI;c:\windows\system32\drivers\hcdriver.sys [2006-6-4 50432]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2004-2-16 571776]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\drivers\ProtoWall.sys [2010-2-24 22912]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S4 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-1 53248]
S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]
S4 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-11-30 598856]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.txt=

=============== Created Last 30 ================


==================== Find3M ====================

2010-02-02 17:28:02 171552 ----a-w- c:\windows\system32\guard32.dll
2004-09-10 20:40:38 75264 ----a-w- c:\program files\DECCHECK.exe
2004-09-10 20:40:38 5970 ----a-w- c:\program files\eula.txt
2003-08-27 21:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
2000-12-12 19:17:40 100432 ----a-w- c:\program files\Win2000PPAHotfix.exe
2002-08-01 02:55:12 106 --sha-w- c:\windows\WSYS049.SYS
2006-02-01 04:20:50 56 --sha-r- c:\windows\system32\8D11BC3992.sys
2004-01-25 08:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-02-28 02:25:01 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2005-02-28 20:16:22 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 08:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
2008-09-07 19:59:16 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 16:06:52.06 ===============

Edited by Ron Cooper, 06 April 2010 - 10:24 PM.


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 07 April 2010 - 08:44 PM

Hello.

I'm Extremeboy and I will continue to help you here. Could you also please re-run GMER and post that log for my review.

In addition, I would like to see one more scan.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Ron Cooper

Ron Cooper
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 07 April 2010 - 10:34 PM

Thanks For the reply Extremeboy.

Good Luck with my Data!

Ron

OTL logfile created on: 4/7/2010 7:35:53 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\ronc\My Documents\My Completed Downloads\Bleeping Computer Programs\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 284.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.51 Gb Total Space | 4.70 Gb Free Space | 2.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 544.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 465.75 Gb Total Space | 301.85 Gb Free Space | 64.81% Space Free | Partition Type: NTFS

Computer Name: DRMP3HOME
Current User Name: ronc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/07 19:30:54 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ronc\My Documents\My Completed Downloads\Bleeping Computer Programs\OTL\OTL.exe
PRC - [2010/04/01 22:11:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/11 18:13:14 | 009,669,488 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Adobe Audition 3.0\Audition.exe
PRC - [2010/03/09 03:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/07 16:05:54 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/01/28 10:28:11 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/01/28 10:28:05 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/09/26 06:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/05/21 10:17:26 | 000,600,944 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/30 15:32:54 | 005,238,784 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopus.exe
PRC - [2005/09/18 18:40:42 | 001,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2003/12/18 10:50:00 | 000,038,912 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2003/04/09 19:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2002/12/02 20:56:10 | 000,040,960 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2002/11/27 04:30:30 | 000,065,536 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/04/07 19:30:54 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ronc\My Documents\My Completed Downloads\Bleeping Computer Programs\OTL\OTL.exe
MOD - [2010/02/02 10:28:02 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008/04/14 05:42:02 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2006/01/30 15:32:54 | 000,483,328 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
MOD - [2003/12/18 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/12/18 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SysEnforce)
SRV - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/28 10:28:05 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/12/04 16:53:42 | 000,065,248 | ---- | M] (Greatis Software ©) [Auto | Stopped] -- C:\Program Files\Greatis\BootLog XP\BootLogService.exe -- (BootlogService)
SRV - [2009/12/01 20:41:40 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/21 10:17:26 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/05/21 10:17:26 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/01/14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/11 13:40:44 | 000,355,840 | ---- | M] (Outertech) [On_Demand | Stopped] -- C:\Program Files\CachemanXP\CachemanXP.exe -- (CachemanXPService)
SRV - [2009/01/07 21:34:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/31 14:44:13 | 000,079,360 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/03/10 00:04:52 | 000,065,536 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32)
SRV - [2007/11/26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2003/12/01 15:27:00 | 000,053,248 | ---- | M] (GEAR Software) [Disabled | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (gearsec)
SRV - [2002/12/24 11:01:22 | 000,065,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2002/11/27 04:30:30 | 000,065,536 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/03/04 11:35:26 | 001,118,208 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel®
SRV - [2001/09/20 09:23:18 | 000,061,440 | ---- | M] (Iomega Corporation) [Disabled | Stopped] -- C:\Program Files\Iomega\System32\ActivityDisk.exe -- (Iomega Activity Disk2)


========== Driver Services (SafeList) ==========

DRV - [2010/03/09 03:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 03:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 03:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 03:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 03:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 03:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/02 10:27:59 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/01/28 10:28:33 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/01/28 10:28:32 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/09/10 06:10:50 | 000,008,064 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PEG.sys -- (PEG)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/24 04:03:08 | 000,007,808 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/03/23 14:07:28 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 14:07:26 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/23 14:07:26 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/26 14:07:54 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007/12/11 05:59:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2007/09/05 13:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/06/25 02:21:18 | 000,018,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2007/04/09 05:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/01/25 18:19:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/01/25 18:19:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/11 15:56:36 | 000,008,192 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2006/08/11 15:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 15:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 15:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 15:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 15:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 15:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 15:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 15:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 15:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/05/03 09:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/02/03 12:02:56 | 000,050,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcdriver.sys -- (hcdriver)
DRV - [2005/11/10 18:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/09/18 18:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/12 08:29:14 | 000,022,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ProtoWall.sys -- (ProtoWall)
DRV - [2004/04/01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/02/16 15:19:30 | 000,571,776 | ---- | M] (Eugene Gavrilov) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kx.sys -- (kxwdmdrv)
DRV - [2003/12/11 02:50:00 | 000,070,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/11 02:50:00 | 000,051,582 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/05/22 09:55:34 | 000,064,384 | ---- | M] (ALCATech GmbH) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL)
DRV - [2002/11/18 16:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/08/14 01:00:00 | 000,093,594 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel®
DRV - [2002/08/14 01:00:00 | 000,013,782 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/06/26 23:02:00 | 000,014,048 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\NVTVSND.SYS -- (nvtvSND)
DRV - [2002/04/17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (AsapiW2K)
DRV - [2002/04/17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\asapi.sys -- (Asapi)
DRV - [2002/03/04 11:35:42 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/11/22 08:08:06 | 000,070,528 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttrak.sys -- (Fasttrak)
DRV - [2001/10/30 15:25:08 | 000,013,294 | ---- | M] (WayTech Development, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbfilter.sys -- (kbfilter)
DRV - [2001/09/20 09:23:18 | 000,033,474 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)
DRV - [2001/05/28 16:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MARXDEV3.SYS -- (MarxDev3)
DRV - [2001/05/28 16:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MARXDEV2.SYS -- (MarxDev2)
DRV - [2001/05/28 16:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MARXDEV1.SYS -- (MarxDev1)
DRV - [2000/10/20 02:00:00 | 000,029,408 | ---- | M] (ahead software gmbh && its licensors) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\imagedrv.sys -- (Imagedrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\PROGRA~1\SPEEDB~1\vaproxy.pac

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\PROGRA~1\SPEEDB~1\vaproxy.pac

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-879983540-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-299502267-879983540-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-299502267-879983540-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {67BBBBAE-B92D-41A0-A9F8-B119C767F2C7}:1.0
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=BLT&o=15554&locale=en_US&q="
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{67BBBBAE-B92D-41A0-A9F8-B119C767F2C7}: C:\Documents and Settings\ronc\Local Settings\Application Data\{67BBBBAE-B92D-41A0-A9F8-B119C767F2C7}\ [2009/01/11 17:15:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}: C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5 [2009/12/21 17:30:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/01 22:11:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/01 22:11:24 | 000,000,000 | ---D | M]

[2009/03/24 22:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Mozilla\Extensions
[2009/03/24 22:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ronc\Application Data\Mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa79}
[2008/12/17 22:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/04/07 09:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Mozilla\Firefox\Profiles\ws8cj3g3.default\extensions
[2009/10/25 12:52:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ronc\Application Data\Mozilla\Firefox\Profiles\ws8cj3g3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/30 21:08:25 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\Mozilla\Firefox\Profiles\ws8cj3g3.default\searchplugins\askcom.xml
[2010/02/23 22:11:53 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\Mozilla\Firefox\Profiles\ws8cj3g3.default\searchplugins\bing.xml
[2010/04/07 09:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/22 23:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/03/26 21:49:11 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Duhiki) - {20001E7A-823D-4E19-ADE2-D6AB53C7C81E} - C:\Program Files\Duhiki\DuhikiToolbar\Duhiki.dll (Market Precision, Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PopUpCop) - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\Program Files\PopUpCop\PopUpCop.dll (EdenSoft ™)
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-299502267-879983540-839522115-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-299502267-879983540-839522115-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKU\S-1-5-21-299502267-879983540-839522115-1004..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\ronc\Start Menu\Programs\Startup\Update Notifier.lnk = C:\Program Files\Update Notifier\updatenotifier.exe (CleanSofts.org)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-299502267-879983540-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-299502267-879983540-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-299502267-879983540-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-299502267-879983540-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\S-1-5-21-299502267-879983540-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.128.12
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-299502267-879983540-839522115-1004 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Documents and Settings\ronc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ronc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2002/12/30 18:36:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 05:00:00 | 001,053,184 | R--- | M] (Microsoft Corporation) - E:\AUTORUN.DLL -- [ CDFS ]
O32 - AutoRun File - [2008/04/14 05:00:00 | 000,018,944 | R--- | M] (Microsoft Corporation) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2008/04/14 05:00:00 | 000,000,064 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/09 16:38:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "PCProxy"
MsConfig - Services: "ioloSystemService"
MsConfig - Services: "ioloFileInfoList"
MsConfig - Services: "N360"
MsConfig - Services: "FirebirdServerDefaultInstance"
MsConfig - Services: "FirebirdGuardianDefaultInstance"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Macro Express 3.lnk - C:\Program Files\Macro Express3\MacExp.exe - (Insight Software Solutions)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Advanced Uninstaller PRO Installation Monitor - hkey= - key= - C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe (Innovative Solutions GRUP SRL)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {2757B1D6-0367-4663-877C-93ECC5C01BF6} - Q324929
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3CE3DEF1-A1EF-7303-11E2-DC271EC53F24} - Microsoft .NET Framework 1.0 Hotfix (KB928367)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {429D8DD3-05E0-4F56-B6D6-AC0730567C02} - Euro Update Tool
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {621FCD24-4498-4324-A81E-07D331376EDF} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66BE9CB3-FCC8-0515-2BEB-0E3F4D94332D} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {98BA0330-9E15-06AB-E511-1F430BA13C45} - Microsoft VM
ActiveX: {9A7883FC-3EC8-FDFC-099F-5A922C607016} - Outlook Express
ActiveX: {A0F24B9E-6ED4-2DC6-451D-DE594ECB220B} - Q813951
ActiveX: {A99EF142-0593-3E03-C4E3-F275380389C6} - Viewpoint Media Player
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {DF95F5F1-C0AE-8966-A2EA-C14DCE84D842} - Vector Graphics Rendering (VML)
ActiveX: {DFCC9DBA-90A6-62C0-C8FD-540BCCF17171} - Q324929
ActiveX: {E6E06A0C-BC31-408A-24E9-76D24F65259A} - DirectX
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: {F9C174E3-3E87-40bc-AA94-B8974F2B9222} - Q813489
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.thx32 - thx32.acm File not found
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.rtmp - Roxio_DivX.dll File not found
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave.dvaudio - dvaudio.drv File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/06 16:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ronc\Application Data\ComodoGroup
[2010/04/01 20:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010/03/31 14:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/30 17:39:49 | 007,172,984 | ---- | C] (Blitware Technology Inc. ) -- C:\Program Files\pcmedkit_setup.exe
[2010/03/30 16:44:47 | 000,040,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInst.dll
[2010/03/30 16:44:46 | 000,035,424 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\e100bmsg.dll
[2010/03/30 16:44:46 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2010/03/30 16:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/03/30 16:25:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2010/03/30 09:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Protexis
[2010/03/30 09:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Nsasoft
[2010/03/29 22:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Product Key Finder Pro
[2010/03/29 11:43:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ronc\Recent
[2010/03/27 11:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2010/03/26 17:16:19 | 000,007,668 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\RKREVEAL150.SYS
[2010/03/25 23:01:55 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/03/25 22:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iTunesDetector
[2010/03/25 22:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/03/23 19:57:07 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/23 19:57:07 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/23 19:57:07 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/23 19:57:06 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/23 19:57:06 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/23 19:57:06 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/23 19:57:06 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/23 19:56:24 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/23 19:56:24 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/22 19:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/21 15:18:25 | 000,150,016 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\Unzip32.dll
[2010/03/19 09:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ronc\My Documents\Driver Dective
[2010/03/17 11:44:26 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/03/16 20:45:46 | 000,008,704 | ---- | C] (ScanSpyware.net) -- C:\WINDOWS\System32\ssbtsr.exe
[2010/03/16 20:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSpyware
[2010/03/16 17:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSpyware v3.8.0.2
[2010/03/16 16:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ronc\Application Data\ScanSpyware
[2010/03/08 21:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/03/02 18:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/03/02 18:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/10 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\J River
[2009/09/12 11:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\BTjunkie
[2009/07/04 11:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\MediaMonkey
[2009/04/27 18:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/04/17 10:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/02/21 12:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/12/16 21:09:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/12/16 21:09:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/12/16 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/12/16 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/02/10 20:20:43 | 000,032,768 | ---- | C] ( ) -- C:\WINDOWS\System32\ShellLnkSSE.dll
[2004/09/10 13:40:38 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DECCHECK.exe
[2004/08/15 20:16:04 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/07 19:46:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/07 19:41:18 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B8215452-FB01-444F-B86F-2AFAA437DB8D}.job
[2010/04/07 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/07 17:00:01 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/04/07 16:50:48 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010/04/07 09:46:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/07 09:11:09 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/04/07 09:10:31 | 000,000,323 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/07 09:10:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/07 09:08:53 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\ronc\Start Menu\Programs\Startup\Update Notifier.lnk
[2010/04/07 09:07:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/07 09:05:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/06 22:09:57 | 000,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx
[2010/04/06 22:09:57 | 000,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx
[2010/04/06 22:09:57 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx
[2010/04/06 22:09:57 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx
[2010/04/06 22:09:57 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx
[2010/04/06 22:09:57 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/04/06 22:09:57 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/04/06 22:09:47 | 018,825,216 | ---- | M] () -- C:\Documents and Settings\ronc\ntuser.dat
[2010/04/06 22:09:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\ronc\ntuser.ini
[2010/04/05 15:14:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2010/04/04 19:40:02 | 1073,274,880 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/04/04 15:59:02 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\ronc\Desktop\dds.scr
[2010/04/03 11:11:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/31 17:37:08 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\ronc\Desktop\OnlineScannerApp.lnk
[2010/03/31 14:49:36 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/30 22:52:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/03/30 22:52:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/03/30 17:54:19 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\PC Medkit.job
[2010/03/30 17:39:57 | 007,172,984 | ---- | M] (Blitware Technology Inc. ) -- C:\Program Files\pcmedkit_setup.exe
[2010/03/30 16:54:48 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster 2010.lnk
[2010/03/30 16:46:05 | 000,916,126 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/30 16:46:05 | 000,714,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/30 16:46:05 | 000,183,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/30 16:26:25 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/03/30 09:50:51 | 000,000,080 | RHS- | M] () -- C:\WINDOWS\System32\3546C0F868.dll
[2010/03/30 09:44:01 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\ronc\Desktop\Product Key Explorer.lnk
[2010/03/29 22:22:03 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Product Key Finder-Pro version.lnk
[2010/03/29 11:46:32 | 000,005,880 | ---- | M] () -- C:\Documents and Settings\ronc\My Documents\cc_20100329_114623.reg
[2010/03/29 11:35:32 | 000,001,593 | ---- | M] () -- C:\Documents and Settings\ronc\Desktop\CCleaner.lnk
[2010/03/28 21:12:54 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/28 12:22:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ronc\defogger_reenable
[2010/03/26 21:49:11 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/26 17:16:19 | 000,007,668 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\RKREVEAL150.SYS
[2010/03/25 22:39:11 | 000,000,166 | ---- | M] () -- C:\WINDOWS\System32\Compress.res
[2010/03/25 22:38:50 | 000,000,232 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010/03/24 23:10:02 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/03/24 16:49:41 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO System - Cleaner.lnk
[2010/03/23 19:57:07 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/03/21 15:18:25 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\ronc\Desktop\Blocklist Manager.lnk
[2010/03/19 10:20:34 | 000,002,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2010/03/17 15:58:30 | 000,020,838 | ---- | M] () -- C:\Documents and Settings\ronc\My Documents\cc_20100317_155824.reg
[2010/03/16 21:45:27 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\ronc\Desktop\Diagnose & Fix.lnk
[2010/03/16 21:45:27 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\ronc\Desktop\ScanSpyware.lnk
[2010/03/16 17:21:43 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\ronc\Desktop\Scan Spyware.lnk
[2010/03/16 16:28:31 | 000,000,801 | ---- | M] () -- C:\WINDOWS\ScanSpyware.INI
[2010/03/10 18:07:40 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/09 03:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/09 03:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 03:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 03:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 03:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 03:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 03:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 03:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 03:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/08 21:28:40 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/03/08 21:28:31 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/05 15:20:11 | 018,825,216 | ---- | C] () -- C:\Documents and Settings\ronc\ntuser.dat
[2010/04/01 20:15:47 | 000,940,896 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/04/01 20:15:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/04/01 20:15:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2010/03/31 17:37:08 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\ronc\Desktop\OnlineScannerApp.lnk
[2010/03/30 17:41:52 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/30 17:41:24 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\PC Medkit.job
[2010/03/30 16:54:47 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster 2010.lnk
[2010/03/30 16:44:53 | 000,005,590 | R--- | C] () -- C:\WINDOWS\System32\e100b325.din
[2010/03/30 16:26:25 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/03/30 09:44:01 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\ronc\Desktop\Product Key Explorer.lnk
[2010/03/29 22:22:39 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\3546C0F868.dll
[2010/03/29 22:22:03 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Product Key Finder-Pro version.lnk
[2010/03/29 11:46:30 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\ronc\My Documents\cc_20100329_114623.reg
[2010/03/28 12:50:02 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\ronc\Desktop\dds.scr
[2010/03/28 12:22:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ronc\defogger_reenable
[2010/03/25 22:39:11 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\Compress.res
[2010/03/25 22:16:00 | 000,000,232 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/03/24 23:10:02 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/03/24 16:49:47 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010/03/24 16:49:41 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO System - Cleaner.lnk
[2010/03/23 19:57:07 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/03/21 15:18:25 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\ronc\Desktop\Blocklist Manager.lnk
[2010/03/17 15:58:27 | 000,020,838 | ---- | C] () -- C:\Documents and Settings\ronc\My Documents\cc_20100317_155824.reg
[2010/03/16 20:45:46 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\ronc\Desktop\Diagnose & Fix.lnk
[2010/03/16 20:45:46 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\ronc\Desktop\ScanSpyware.lnk
[2010/03/16 17:21:43 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\ronc\Desktop\Scan Spyware.lnk
[2010/03/16 16:28:31 | 000,000,801 | ---- | C] () -- C:\WINDOWS\ScanSpyware.INI
[2010/03/10 18:07:40 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/08 21:28:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/03/08 21:28:39 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/02/24 11:18:32 | 000,022,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\ProtoWall.sys
[2010/02/03 17:17:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2010/01/26 18:29:02 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\hrwd8.dll
[2010/01/26 18:25:26 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\winwmbcay.dll
[2010/01/26 18:25:26 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\winint.dll
[2010/01/20 21:18:29 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\mp3codec32win.dll
[2010/01/20 20:35:17 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\lp3codec32win.dll
[2010/01/06 22:34:58 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\llbiirc.dll
[2009/12/28 17:51:55 | 000,006,110 | ---- | C] () -- C:\Documents and Settings\ronc\folderNew.jpg
[2009/12/14 07:35:08 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2009/11/08 21:42:58 | 000,047,620 | ---- | C] () -- C:\Documents and Settings\ronc\Cover.jpg
[2009/09/10 06:10:50 | 000,008,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\PEG.sys
[2009/08/28 22:58:34 | 021,097,984 | ---- | C] () -- C:\Documents and Settings\ronc\Application Data\install_virtualdj_pro_v6.0.2.exe
[2009/08/17 03:09:22 | 000,344,064 | ---- | C] () -- C:\Documents and Settings\ronc\Application Data\setup.exe
[2009/07/07 02:49:38 | 003,420,193 | ---- | C] () -- C:\Documents and Settings\ronc\Application Data\Black Eyed Peas - I Gotta Feeling.zip
[2009/06/16 21:21:29 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/06/08 22:25:56 | 000,000,062 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/06/08 17:06:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Systems.ini
[2009/04/26 15:47:33 | 000,000,093 | ---- | C] () -- C:\WINDOWS\GraphEdt.INI
[2009/04/20 21:53:57 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/03/19 21:30:00 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/02/14 21:18:47 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/01/19 10:15:13 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/12/01 18:16:03 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/09/08 22:39:21 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FinalUninstall.ini
[2008/09/06 16:09:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/06 16:09:24 | 000,026,936 | ---- | C] () -- C:\WINDOWS\System32\dtijaj.dll
[2008/08/30 12:18:16 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2008/08/09 16:35:16 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/08/09 16:35:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/08/09 16:35:11 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/07/26 15:26:20 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\ronc\GoToAssistDownloadHelper.exe
[2008/06/22 20:31:04 | 000,006,110 | ---- | C] () -- C:\Documents and Settings\ronc\folder.jpg
[2008/04/16 18:31:29 | 000,186,830 | ---- | C] () -- C:\Documents and Settings\ronc\AdobeCS3Clean.log
[2008/04/11 16:57:25 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\ronc\Adobe Encore DVD_VUI.pref
[2008/03/31 21:16:23 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2008/02/10 20:20:43 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2008/01/15 19:53:09 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\ronc\Application Data\.C18A67926659B183.sys
[2008/01/12 13:52:58 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\ronc\Application Data\.C18A6792EEEA39DE.sys
[2007/12/19 19:48:58 | 000,036,240 | ---- | C] () -- C:\Documents and Settings\ronc\Graduation Day.jpg
[2007/12/18 22:02:47 | 000,000,496 | ---- | C] () -- C:\WINDOWS\MusicStudio.INI
[2007/12/18 21:47:46 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\ronc\MXCDR.ini
[2007/12/18 21:46:58 | 000,000,046 | ---- | C] () -- C:\WINDOWS\MXCDR.INI
[2007/12/17 21:52:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2007/12/17 17:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2007/12/17 17:40:20 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2007/12/17 17:38:57 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2007/12/17 17:38:26 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/12/06 22:48:31 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\Drv32_16.ini
[2007/12/04 22:27:48 | 000,000,287 | ---- | C] () -- C:\WINDOWS\XMailer.INI
[2007/09/19 20:38:07 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\ronc\mode.status
[2007/07/29 18:10:00 | 000,007,123 | ---- | C] () -- C:\Documents and Settings\ronc\Ain't No Sunshine.jpg
[2007/06/26 20:12:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/26 20:12:52 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/06/19 14:25:08 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
[2007/06/07 17:12:31 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/02/25 20:27:35 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/02/25 20:27:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/02/20 22:57:07 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hasher.dll
[2006/11/07 21:00:59 | 000,000,100 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/03 14:33:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/09/20 20:38:48 | 000,007,722 | ---- | C] () -- C:\Documents and Settings\ronc\UserCustomPreset_Adobe Premiere Elements 2.0.vpr
[2006/09/05 22:47:43 | 000,001,522 | ---- | C] () -- C:\Documents and Settings\ronc\AxxO
[2006/08/19 12:41:14 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\ronc\Application Data\00000D38_VTS_1.IFO
[2006/08/11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/09 09:07:58 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\ronc\Application Data\000000C4_VTS_1.IFO
[2006/07/12 04:22:52 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/12 04:11:08 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/06/15 18:21:29 | 000,105,003 | ---- | C] () -- C:\Documents and Settings\ronc\pwconns.log
[2006/05/23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/05/22 16:59:09 | 000,000,474 | ---- | C] () -- C:\WINDOWS\AudioDVD.INI
[2006/05/14 20:23:09 | 001,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2006/04/27 10:24:24 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2006/04/18 19:51:16 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\ronc\Application Data\000002D0_VTS_1.IFO
[2006/04/01 22:05:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2006/02/21 23:01:40 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/31 21:09:49 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\8D11BC3992.sys
[2005/12/04 12:43:35 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/12/04 12:43:35 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/10/04 20:11:25 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2005/09/19 17:03:10 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/09/19 17:03:10 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/09/19 17:03:10 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/09/19 17:03:09 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/08/11 15:19:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/08/07 19:45:09 | 000,000,124 | ---- | C] () -- C:\WINDOWS\transcode.INI
[2005/07/26 21:04:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2005/06/22 13:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/06/04 20:46:21 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\ronc\default.pls
[2005/05/25 21:27:35 | 000,000,245 | ---- | C] () -- C:\WINDOWS\maketorrent.ini
[2005/04/27 21:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 21:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/04/27 19:52:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\newsticker.ini
[2005/04/24 21:22:32 | 000,000,230 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/03/29 21:13:22 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/01/14 18:07:35 | 000,000,105 | ---- | C] () -- C:\WINDOWS\cgfullsa.ini
[2005/01/13 09:36:03 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2005/01/13 09:36:03 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2004/11/18 21:12:11 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\ronc\Local Settings\Application Data\fusioncache.dat
[2004/11/14 20:52:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ronc\Local Settings\Application Data\imageCache7.db
[2004/10/26 15:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/10/07 21:45:11 | 000,001,144 | ---- | C] () -- C:\WINDOWS\TrayServerData.ini
[2004/10/07 21:30:53 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2004/10/07 21:29:50 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2004/09/10 13:40:38 | 000,005,970 | ---- | C] () -- C:\Program Files\eula.txt
[2004/01/27 21:55:26 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS
[2004/01/27 21:55:26 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS
[2004/01/27 21:55:26 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS
[2004/01/27 21:55:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/01/15 20:40:58 | 000,144,384 | ---- | C] () -- C:\Documents and Settings\ronc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/12/03 20:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2003/12/03 20:52:12 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2003/12/03 20:52:12 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2003/11/05 22:03:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FP_WMP.INI
[2003/10/19 15:51:45 | 000,000,105 | ---- | C] () -- C:\WINDOWS\pd1util.INI
[2003/10/18 13:33:37 | 000,000,080 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2003/10/16 21:06:06 | 000,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini
[2003/09/28 19:05:41 | 000,002,541 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/07/11 17:14:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/05/27 18:46:51 | 000,000,043 | ---- | C] () -- C:\WINDOWS\MixBUda.INI
[2003/05/22 00:50:38 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003/04/22 09:18:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2003/04/07 19:59:36 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2003/04/06 11:40:27 | 000,000,018 | ---- | C] () -- C:\WINDOWS\EpsC40UX.ini
[2003/01/30 19:07:21 | 000,073,772 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/01/27 21:28:34 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/01/24 21:52:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\libOggFLAC++.dll
[2003/01/24 21:52:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\libOggFLAC.dll
[2003/01/24 21:52:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\libFLAC++.dll
[2003/01/24 21:52:14 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2003/01/22 23:38:40 | 000,000,157 | ---- | C] () -- C:\WINDOWS\CoverDes.INI
[2003/01/10 14:34:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Wavlbsys.dll
[2003/01/10 14:33:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Hyperman.dll
[2003/01/09 10:24:27 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/08 15:28:23 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\ronc\NTUSER.dat.LOG
[2003/01/08 15:28:23 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\ronc\ntuser.ini
[2003/01/03 18:22:13 | 000,901,120 | R--- | C] () -- C:\WINDOWS\System32\nvrsao.dll
[2002/12/31 10:07:20 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2002/12/31 10:06:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2002/12/31 10:05:21 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/12/31 09:41:10 | 000,002,697 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2002/12/31 09:41:09 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/06/11 00:08:00 | 000,023,180 | ---- | C] () -- C:\WINDOWS\System32\evgainit.sys
[2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2000/12/13 19:22:24 | 000,100,432 | ---- | C] () -- C:\Program Files\Win2000PPAHotfix.exe
[1995/03/13 21:22:21 | 000,000,080 | --S- | C] () -- C:\WINDOWS\System32\argtmp39.dll

========== LOP Check ==========

[2009/05/13 11:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GPSoftware
[2009/05/28 17:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iolo
[2008/08/14 18:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MailFrontier
[2010/01/28 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/02/06 18:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMSB
[2008/05/31 15:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2007/07/30 20:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/05/21 20:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/12/01 21:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/02/08 15:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Data
[2010/03/30 16:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/11/19 21:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2006/05/22 18:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Goland
[2009/10/30 16:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IndigoRose
[2009/06/18 18:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/04/13 16:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2009/04/13 16:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2009/03/23 21:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intermedia Design
[2010/01/06 18:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intermedia Software
[2010/04/01 20:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/10/23 17:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iZotope
[2008/11/28 17:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2007/11/28 21:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/06/14 22:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2006/09/24 21:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2009/01/28 21:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/06/30 20:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/05/31 15:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/04/23 18:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/03/14 21:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rapidshare Search Tool
[2008/04/08 21:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/03/08 21:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/07/12 15:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G3
[2006/06/30 20:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/12/17 22:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2009/03/23 20:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/26 16:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/03/26 16:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/05 17:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2005/03/19 13:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/25 21:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Voxengo
[2010/03/30 16:26:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/10/26 17:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/05/02 11:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/17 10:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/01/10 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\J River
[2008/12/29 22:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\.LH-ABC
[2006/01/07 12:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\1ClickDVDCopy
[2009/01/11 17:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Ableton
[2008/10/09 21:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\AD ON Multimedia
[2004/10/06 18:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Aladdin Systems
[2008/05/31 16:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Autodesk
[2009/04/25 10:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\AVSMedia
[2005/05/18 18:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Axialis
[2009/03/20 11:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Azureus
[2009/06/04 21:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\BitSpirit
[2009/03/24 22:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Broad Intelligence
[2008/12/01 21:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Cakewalk
[2010/02/09 10:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
[2010/01/21 10:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Conversations Network
[2007/04/18 19:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\CopyToDvd
[2010/03/24 17:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\cspa
[2006/03/20 21:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Cuttermaran
[2004/12/05 18:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\ExplorerPlus
[2009/01/27 22:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Feedreader
[2005/03/22 22:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\FileMaker
[2010/02/19 18:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\foobar2000
[2005/07/21 19:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\GlarySoft
[2006/05/02 07:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\GPSoftware
[2009/10/30 17:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\IndigoRose
[2009/03/23 21:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Intermedia Design
[2010/01/06 18:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Intermedia Software
[2009/03/19 21:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\iolo
[2010/03/01 23:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\iZotope
[2010/02/21 16:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\J River
[2004/01/29 17:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Kontiki
[2004/08/09 15:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Leadertech
[2009/06/27 15:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\LimeWire
[2009/01/25 19:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Music Label
[2006/05/21 19:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\NetMedia Providers
[2008/12/23 22:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\OpenOffice.org
[2005/05/23 18:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Opera
[2009/06/30 20:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\PACE Anti-Piracy
[2009/12/03 18:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Panda Security
[2006/05/16 18:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\PC Magazine Utilities
[2005/07/11 19:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Pegasys Inc
[2004/11/10 22:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\PopupCop
[2007/08/08 08:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Publish Providers
[2009/12/17 22:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\REAPER
[2005/09/21 13:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\River Past G3
[2007/11/19 18:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\RssBandit
[2008/04/08 21:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\RTPlayer
[2010/03/16 20:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\ScanSpyware
[2005/09/02 20:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Simple Star
[2005/04/28 19:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Snapfish
[2008/12/17 22:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Songbird2
[2008/11/28 17:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Sony
[2009/02/16 20:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Steinberg
[2007/11/12 17:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Supreme Auction
[2010/01/05 21:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Thinstall
[2010/03/30 16:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Uniblue
[2010/04/07 19:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\uTorrent
[2010/01/09 17:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\VitySoft
[2010/01/25 18:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Voxengo
[2006/01/18 22:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\VSO_HWE
[2007/10/13 11:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Waves Audio
[2009/05/12 19:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\WinFF
[2009/12/05 17:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\wsInspector
[2003/08/17 16:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc.COMPUTECH\Application Data\Kazaa Lite
[2003/04/21 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc.COMPUTECH\Application Data\NetMedia Providers
[2004/01/01 21:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc.COMPUTECH\Application Data\PopupCop
[2003/04/21 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc.COMPUTECH\Application Data\Publish Providers
[2010/03/30 17:54:19 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\PC Medkit.job
[2010/04/07 17:00:01 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/04/07 09:11:09 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2010/03/08 21:28:40 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010/04/07 17:01:00 | 000,032,422 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/04/07 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/04/05 15:14:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/04/05 15:14:30 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2008/04/05 17:51:56 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser.job
[2010/04/07 19:41:18 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B8215452-FB01-444F-B86F-2AFAA437DB8D}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2010/03/10 18:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2005/05/23 18:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2005/09/08 21:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2010/01/28 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/02/06 18:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMSB
[2009/02/14 21:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/06/06 11:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/05/31 15:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/12/16 21:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2009/04/22 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2007/07/30 20:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/05/21 20:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/12/01 21:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/12/09 10:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2005/04/07 14:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/02/08 15:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Data
[2010/03/30 16:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/03/21 21:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2007/11/19 21:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/05/08 17:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/05/07 19:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnetBAK
[2006/05/22 18:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Goland
[2008/01/21 20:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/12/01 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Identities
[2009/10/30 16:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IndigoRose
[2009/06/18 18:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/04/13 16:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2009/04/13 16:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2006/11/07 20:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/03/23 21:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intermedia Design
[2010/01/06 18:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intermedia Software
[2010/04/01 20:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/10/23 17:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iZotope
[2006/04/09 15:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2008/11/28 17:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2007/11/28 21:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/09/07 19:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/14 22:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2010/03/30 16:50:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/02/16 21:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2006/09/24 21:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2003/03/20 10:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/10/26 19:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/10/26 17:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/12/16 23:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/01/28 21:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/06/30 20:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/05/31 15:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/04/23 18:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/03/30 09:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Protexis
[2003/12/25 22:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/03/14 21:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rapidshare Search Tool
[2008/04/08 21:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2005/04/28 17:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2010/03/08 21:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/07/12 15:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G3
[2006/06/30 20:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/12/17 22:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2009/03/23 20:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/26 16:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/03/17 15:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/14 19:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/26 19:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/03/26 16:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/05 17:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2005/03/19 13:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/25 21:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Voxengo
[2008/11/30 16:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2007/12/30 21:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
[2008/05/05 18:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/28 09:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\_comodo_
[2010/03/30 16:26:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/10/26 17:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/05/02 11:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/07/05 20:23:06 | 002,653,048 | ---- | M] (Uniblue Systems Ltd. ) -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
[2008/10/08 22:51:17 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\3E39C89\2FB6E586\DriverScannerApi.exe
[2008/11/14 06:32:18 | 000,212,992 | ---- | M] (Uniblue Systems) -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\5C40AA7E\8F9F9DCD\DriverScanner.exe
[2008/08/27 05:45:58 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\CD77AC88\3DFD6AB6\DriverScannerApi.exe
[2009/02/04 13:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}\x64\DifXInstall64.exe
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}\x86\DifXInstall32.exe
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
[2007/09/11 00:40:02 | 001,581,056 | ---- | M] (Macromedia, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\6.0\Flash Galleries\Dynamic\flashplayer\windows\SAFlashPlayer.exe
[2007/09/11 00:40:38 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\6.0\Flash Galleries\GeoWeb Gallery\gallery\resources\AuthSWF.exe
[2009/06/06 11:13:21 | 000,075,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
[2009/06/23 12:47:50 | 000,478,624 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IndigoRose\AutoPlay Media Studio\7.0\Update.exe
[2006/11/21 11:17:26 | 000,176,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MAGIX\SamplitudeMusicStudio14Downloadversion\MagixRestart.exe
[2006/02/27 11:43:58 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MAGIX\SamplitudeMusicStudio14Downloadversion\Validation.exe
[2006/02/27 11:43:58 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MAGIX\SamplitudeMusicStudio14Downloadversion\Default\Validation.exe
[2010/01/08 14:06:31 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2007/12/19 18:33:36 | 000,155,648 | ---- | M] (RapidSolution Software) -- C:\Documents and Settings\All Users\Application Data\RapidSolution\Radiotracker4\RSAutoTag.exe

< %APPDATA%\*. >
[2008/12/29 22:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\.LH-ABC
[2006/01/07 12:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\1ClickDVDCopy
[2009/01/11 17:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Ableton
[2008/11/20 13:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\AccurateRip
[2008/10/09 21:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\AD ON Multimedia
[2010/02/21 16:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Adobe
[2005/04/10 20:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\AdobeAUM
[2008/05/28 08:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\AdobeUM
[2005/09/26 18:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Ahead
[2004/10/06 18:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Aladdin Systems
[2009/02/14 21:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Apple Computer
[2008/05/31 16:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\ATI
[2008/05/31 16:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Autodesk
[2009/04/25 10:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\AVSMedia
[2005/05/18 18:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Axialis
[2009/03/20 11:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Azureus
[2009/06/04 21:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\BitSpirit
[2009/03/24 22:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Broad Intelligence
[2008/12/01 21:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Cakewalk
[2010/02/09 10:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
[2009/10/29 19:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Comodo
[2010/04/06 16:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\ComodoGroup
[2010/01/21 10:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Conversations Network
[2007/04/18 19:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\CopyToDvd
[2007/02/25 20:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Creative
[2010/03/24 17:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\cspa
[2006/03/20 21:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Cuttermaran
[2005/04/07 14:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\CyberLink
[2006/10/18 18:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\DivX
[2005/04/25 18:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\DVD Shrink
[2005/04/25 18:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\DVD Shrink 3.0
[2007/03/21 22:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\dvdcss
[2004/12/05 18:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\ExplorerPlus
[2009/01/27 22:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Feedreader
[2005/03/22 22:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\FileMaker
[2010/02/19 18:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\foobar2000
[2005/07/21 19:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\GlarySoft
[2006/05/02 07:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\GPSoftware
[2004/01/09 20:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Help
[2004/01/21 19:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Hewlett-Packard
[2003/01/08 15:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Identities
[2009/10/30 17:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\IndigoRose
[2009/02/14 21:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\InstallShield
[2009/03/23 21:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Intermedia Design
[2010/01/06 18:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Intermedia Software
[2009/03/19 21:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\iolo
[2010/03/01 23:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\iZotope
[2010/02/21 16:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\J River
[2004/01/29 17:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Kontiki
[2004/08/09 15:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Leadertech
[2009/06/27 15:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\LimeWire
[2007/06/06 16:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Macromedia
[2008/09/07 19:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Malwarebytes
[2008/04/10 16:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Media Player Classic
[2010/02/23 21:34:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\ronc\Application Data\Microsoft
[2005/06/06 19:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Microsoft Corporation
[2009/08/30 21:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\MixMeister Technology
[2008/12/17 22:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Mozilla
[2004/11/29 23:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\MSN6
[2009/01/25 19:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Music Label
[2006/05/21 19:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\NetMedia Providers
[2008/12/23 22:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\OpenOffice.org
[2005/05/23 18:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Opera
[2009/06/30 20:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\PACE Anti-Piracy
[2009/12/03 18:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Panda Security
[2006/05/16 18:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\PC Magazine Utilities
[2005/07/11 19:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Pegasys Inc
[2004/11/10 22:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\PopupCop
[2007/08/08 08:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Publish Providers
[2008/04/01 17:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Real
[2009/12/17 22:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\REAPER
[2005/09/21 13:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\River Past G3
[2005/04/17 22:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Roxio
[2007/11/19 18:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\RssBandit
[2008/04/08 21:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\RTPlayer
[2010/03/16 20:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\ScanSpyware
[2005/09/02 20:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Simple Star
[2005/04/28 19:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Snapfish
[2008/12/17 22:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Songbird2
[2008/10/09 19:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Sonic
[2006/05/21 19:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Sonic Foundry
[2008/11/28 17:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Sony
[2009/02/16 20:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Steinberg
[2005/09/07 18:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Sun
[2009/05/08 14:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\SUPERAntiSpyware.com
[2007/11/12 17:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Supreme Auction
[2004/01/13 20:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Syntrillium
[2010/01/05 21:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Thinstall
[2010/03/23 19:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\U3
[2010/03/30 16:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Uniblue
[2010/04/07 19:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\uTorrent
[2010/01/09 17:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\VitySoft
[2010/03/30 16:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\vlc
[2010/01/25 18:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Voxengo
[2006/01/18 22:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\VSO_HWE
[2007/10/13 11:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Waves Audio
[2008/11/30 16:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\Webroot
[2009/05/12 19:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\WinFF
[2008/09/07 22:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\WinRAR
[2009/12/05 17:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ronc\Application Data\wsInspector

< %APPDATA%\*.exe /s >
[2009/08/28 22:58:34 | 021,097,984 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\install_virtualdj_pro_v6.0.2.exe
[2009/08/17 03:09:22 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\setup.exe
[2008/05/27 21:57:46 | 019,900,192 | ---- | M] ( ) -- C:\Documents and Settings\ronc\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe
[2007/12/24 16:55:10 | 005,456,862 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\Azureus\plugins\azemp\azmplay.exe
[2004/07/14 11:47:46 | 001,019,904 | ---- | M] (Easeweb) -- C:\Documents and Settings\ronc\Application Data\Macromedia\Flash MX\Configuration\Importers\Swift3DImporterReadme.exe
[2009/11/17 20:52:35 | 000,038,208 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009/10/18 15:17:46 | 000,003,584 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2008/01/15 20:23:49 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{2D314071-26CD-47EA-A01E-82FADDE951C5}\ARPPRODUCTICON.exe
[2008/01/15 20:23:49 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{2D314071-26CD-47EA-A01E-82FADDE951C5}\LiquidInstrument.exe_2D31407126CD47EAA01E82FADDE951C5.exe
[2009/03/28 15:13:17 | 000,003,638 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_375698F2AAFD2C1E7FA1BC.exe
[2009/03/28 15:13:17 | 000,003,638 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_6FEFF9B68218417F98F549.exe
[2009/03/28 15:13:17 | 000,003,638 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_8558C8A0BCDE26BB5381A1.exe
[2009/03/28 15:13:17 | 000,001,406 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_CE61F9F35DBEC87A3354B8.exe
[2009/03/28 15:13:17 | 000,003,638 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_FE8D9346612A3FA1CA6C54.exe
[2006/06/04 18:47:09 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{32E1665E-D348-4B4B-A073-3D58C75E31FF}\ARPPRODUCTICON.exe
[2006/06/04 18:47:09 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{32E1665E-D348-4B4B-A073-3D58C75E31FF}\NewShortcut1_32E1665ED3484B4BA0733D58C75E31FF.exe
[2009/01/19 10:29:11 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
[2008/10/14 17:17:32 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{684DB7F3-62AF-4FAF-BF8D-1CB50D021F70}\_564C167B3FB5B84C460548.exe
[2008/10/14 17:17:32 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{684DB7F3-62AF-4FAF-BF8D-1CB50D021F70}\_5AC44D43700A2BB59D72B7.exe
[2008/10/14 17:17:32 | 000,003,310 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{684DB7F3-62AF-4FAF-BF8D-1CB50D021F70}\_644FDC7D11294AFDAA286D.exe
[2008/10/14 17:17:32 | 000,003,310 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{684DB7F3-62AF-4FAF-BF8D-1CB50D021F70}\_6FEFF9B68218417F98F549.exe
[2008/10/14 17:17:32 | 000,003,310 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{684DB7F3-62AF-4FAF-BF8D-1CB50D021F70}\_ABD259BD81C46F05E63DCC.exe
[2006/02/21 08:37:58 | 000,174,246 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{78EFA95D-3310-4035-815B-A46BA4D0C6FA}\_6FEFF9B68218417F98F549.exe
[2006/02/21 08:37:58 | 000,174,246 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{78EFA95D-3310-4035-815B-A46BA4D0C6FA}\_CC01BC1781773B8F1DA159.exe
[2006/03/20 21:43:51 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{7A7ACDE8-21FA-4CDF-ADA1-0D8D74F4E199}\_16496df1.exe
[2006/03/20 21:43:51 | 000,002,238 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{7A7ACDE8-21FA-4CDF-ADA1-0D8D74F4E199}\_26e91eb.exe
[2006/03/20 21:43:51 | 000,002,238 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{7A7ACDE8-21FA-4CDF-ADA1-0D8D74F4E199}\_5af141bb.exe
[2006/03/20 21:43:51 | 000,002,238 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{7A7ACDE8-21FA-4CDF-ADA1-0D8D74F4E199}\_69525f90.exe
[2009/11/29 12:47:52 | 000,067,646 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{913F9C2B-D1DD-4877-ABA2-0FB75FAE477C}\33.exe
[2005/07/31 20:04:14 | 000,013,518 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{998B0DBF-BBE7-4F62-982B-64ACA8A7E174}\_124305e.exe
[2005/07/31 20:04:14 | 000,013,518 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{998B0DBF-BBE7-4F62-982B-64ACA8A7E174}\_154754de.exe
[2005/07/31 20:04:14 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{998B0DBF-BBE7-4F62-982B-64ACA8A7E174}\_440d491c.exe
[2005/07/31 20:04:14 | 000,013,518 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{998B0DBF-BBE7-4F62-982B-64ACA8A7E174}\_4d064db7.exe
[2005/10/04 19:46:55 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{ABB111BA-EBA0-4E05-BA73-FE6B54A43B15}\ARPPRODUCTICON.exe
[2005/10/04 19:46:55 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{ABB111BA-EBA0-4E05-BA73-FE6B54A43B15}\NewShortcut1_76A37B3B8CFD4D6C9C5E5A4881E45629.exe
[2005/10/04 19:46:55 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{ABB111BA-EBA0-4E05-BA73-FE6B54A43B15}\NewShortcut2_76A37B3B8CFD4D6C9C5E5A4881E45629.exe
[2005/10/04 19:46:55 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{ABB111BA-EBA0-4E05-BA73-FE6B54A43B15}\NewShortcut3_76A37B3B8CFD4D6C9C5E5A4881E45629.exe
[2009/12/29 22:58:18 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}\ARPPRODUCTICON.exe
[2009/08/30 21:59:05 | 000,000,766 | R--- | M] () -- C:\Documents and Settings\ronc\Application Data\Microsoft\Installer\{E89B484C-B913-49A0-959B-89E836001658}\ARPPRODUCTICON.exe
[2008/03/29 10:11:39 | 000,054,816 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\Real\Update\setup\schedule.exe
[2008/03/29 10:11:39 | 000,353,840 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\ronc\Application Data\Real\Update\setup\setup.exe
[1998/10/29 17:45:06 | 000,306,688 | ---- | M] (InstallShield Software Corporation) --
[2002/09/26 18:34:26 | 000,153,088 | ---- | M] () --
[2002/09/26 18:34:26 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\Thinstall\Steinberg WaveLab 5.01b\%SystemSystem%\IWUninstall.exe
[2004/08/03 22:49:32 | 000,092,224 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ronc\Application Data\Thinstall\Steinberg WaveLab 5.01b\%SystemSystem%\KRNL386.EXE
[2009/02/05 18:42:42 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\Thinstall\Steinberg WaveLab 5.01b\300000003400002i\dwwin.exe
[2009/02/05 18:42:41 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\Thinstall\Steinberg WaveLab 5.01b\4000002b00002i\IWUNINSTALL.EXE
[2009/02/04 20:26:37 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\Thinstall\Steinberg WaveLab 5.01b\40000048600002i\WaveLab-app.exe
[2009/02/05 18:39:59 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\Thinstall\Steinberg WaveLab 5.01b\f000000a700003i\ntvdm.exe
[2006/05/23 18:05:50 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\U3\0B008B6170D269E8\cleanup.exe
[2006/07/16 20:07:20 | 002,600,960 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\U3\0B008B6170D269E8\Launchpad.exe
[2006/01/29 19:19:36 | 000,438,272 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\U3\0B008B6170D269E8\F341CFFF-7836-4016-A7D6-E203E64100C7\Exec\U3LolaHostConfig.exe
[2006/01/24 15:16:32 | 003,368,413 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\U3\0B008B6170D269E8\F341CFFF-7836-4016-A7D6-E203E64100C7\Exec\u3_demo.exe
[2006/05/23 19:05:50 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\ronc\Application Data\U3\temp\cleanup.exe

< %SYSTEMDRIVE%\*.exe >
[2007/12/02 18:39:48 | 000,140,648 | ---- | M] (Microsoft Corporation) -- C:\307545.exe
[2006/10/25 19:09:04 | 000,758,352 | ---- | M] (COMODO) -- C:\fwconfig.exe


< MD5 for: AGP440.SYS >
[2008/08/14 17:49:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/14 17:49:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/08/14 17:49:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/14 17:49:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IDECHNDR.SYS >
[2002/08/14 01:00:00 | 000,093,594 | ---- | M] (Intel Corporation) MD5=E1B24E6478AB2E5E09C21D2028E2F208 -- C:\Program Files\Intel\Intel Application Accelerator\Driver\idechndr.sys
[2002/08/14 01:00:00 | 000,093,594 | ---- | M] (Intel Corporation) MD5=E1B24E6478AB2E5E09C21D2028E2F208 -- C:\WINDOWS\system32\drivers\IdeChnDr.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 05:41:52 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 984 bytes -> C:\Documents and Settings\ronc\Local Settings\Application Data\LK6P12syT:1BVtvONfN8hofODSpWgqt
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 943 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:kzAlxO8OFnwEuElUwC
@Alternate Data Stream - 938 bytes -> C:\Program Files\Outlook Express:NudDvD3PVXqxeA665lykm
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1749E567
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB923A2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
@Alternate Data Stream - 1157 bytes -> C:\Documents and Settings\ronc\Cookies:o04vvBscf2zn0s2a
@Alternate Data Stream - 1152 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:v7kMhujqQiS34c76XHhjk
@Alternate Data Stream - 1137 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:8mY2YtWonSTzjWbbBWyvuDqKCEl
@Alternate Data Stream - 1085 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:QFDi97sUfQLbqsEkTH
@Alternate Data Stream - 1067 bytes -> C:\Program Files\Outlook Express:IMMubQuZn111x1UJQ3LWnVY5
@Alternate Data Stream - 1018 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Gt3dKm652dY2A1kpKJnfidvgMq
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBC2DB92
< End of report >









OTL Extras logfile created on: 4/7/2010 7:35:54 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\ronc\My Documents\My Completed Downloads\Bleeping Computer Programs\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 284.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.51 Gb Total Space | 4.70 Gb Free Space | 2.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 544.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 465.75 Gb Total Space | 301.85 Gb Free Space | 64.81% Space Free | Partition Type: NTFS





Computer Name: DRMP3HOME
Current User Name: ronc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-299502267-879983540-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [ExplorerPlus FastFind...] -- C:\Program Files\Novatix\ExplorerPlus\NXFind.exe /PATH:%1 (Novatix Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files\foobar2000\foobar2000.exe" /add "%1" ()
Directory [foobar2000.play] -- "C:\Program Files\foobar2000\foobar2000.exe" "%1" ()
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OtsMedia.Surf] -- Reg Error: Key error.
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6889:TCP" = 6889:TCP:*:Enabled:6889
"49152:TCP" = 49152:TCP:*:Enabled:BitComet 49152 TCP
"49152:UDP" = 49152:UDP:*:Enabled:BitComet 49152 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Electric Rain\Swift 3D\Version 4.00\Program\Swift3D.exe" = C:\Program Files\Electric Rain\Swift 3D\Version 4.00\Program\Swift3D.exe:*:Enabled:Swift 3D -- (Electric Rain, Inc.)
"C:\Program Files\Microsoft ASP.NET Web Matrix\v0.6.812\WebServer.exe" = C:\Program Files\Microsoft ASP.NET Web Matrix\v0.6.812\WebServer.exe:*:Enabled:WebServer -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\RssBandit\RSSBandit.exe" = C:\Program Files\RssBandit\RSSBandit.exe:*:Enabled:RSS Bandit -- ( )
"C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"\\STREAMER\STREAMER (F)\GoodPrograms\Exeem\eXeem BETA 0.25\client.dll" = \\STREAMER\STREAMER (F)\GoodPrograms\Exeem\eXeem BETA 0.25\client.dll:*:Disabled:client.dll
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit -- (Autodesk, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent -- (BitTorrent, Inc.)
"[|" = [|:*:Enabled:Windows Service Processor
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe" = C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" = C:\Program Files\Alwil Software\Avast5\AvastUI.exe:*:Enabled:avast! Free Antivirus -- (ALWIL Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{02383859-C71C-4AE0-80C9-12552ADA6B1E}" = Adobe Setup
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{07195ED5-FDB4-4048-A775-6B2B16F07CE5}" = USBCV13
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{169F8893-C1C5-4847-972C-EA1E008112AC}" =
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D03DE2-D142-4A6C-B346-2FA7C8D76A57}" = BassStation
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}" = InterLok Driver Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236FADD8-58FD-11D6-A285-00A0CC51B2FE}" =
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A0E8EB8-85C9-461A-B0C1-0DB7C21FA89A}" = SonicStage Simple Burner 1.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D314071-26CD-47EA-A01E-82FADDE951C5}" = LiquidInstrument Standalone 1.1
"{2D57FB4E-6277-4A6D-8739-304C38051B89}" = Jitbit Macro Recorder LITE
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{2ECE7ECE-D15B-4999-8B8D-01C998F489D5}" = Adobe Encore DVD 2.0
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{32E1665E-D348-4B4B-A073-3D58C75E31FF}" = Drive Speed Checker
"{353073E8-1185-4823-8F3A-A1F4AF6DD2CD}" = Sonic DVDit Pro
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4218F0E1-CBAF-4D68-B6FE-B3504770829F}" = AutoStreamer
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{435E969D-867E-4364-8E74-3DC8A69C5BDB}" =
"{43CF15E8-E3CF-4BCF-8AAC-19162268276A}_3.9.1.9_is1" = ScanSpyware 3.9.1.9
"{43ED196F-AAC3-4981-A7E9-4423DD55FD77}_is1" = DAudioK 0.1.9 beta
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{476E9A2B-7A33-4634-9B39-815B7C376F8E}" = Avid DIO Runtime
"{487E76B4-8A45-4C2E-B20A-218D33A8EA7D}_is1" = DivxToDVD 1.99.23
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{51F370EF-5952-4F03-A77A-4910A8D0FB07}" = Windows Media Player 9 Series Add-in for Microsoft FrontPage
"{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}" =
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{556DF27F-5B74-11D5-B876-004005E12EF1}" = GPSoftware Directory Opus
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.80
"{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1" = DVD Rebuilder
"{5933921D-4253-40B6-B4D9-B7D680F1B6EC}" =
"{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}" =
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{621FCD24-4498-4324-A81E-07D331376EDF}" = PixiePack Codec Pack
"{62369F2F77534556AEF4C58152E3BDE5}" = Dr.DivX
"{62F33B80-6244-4A70-A233-0DA13B640364}" = OpenMG Secure Module 3.2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{684DB7F3-62AF-4FAF-BF8D-1CB50D021F70}" = DC7
"{689404D2-1C94-44B3-9203-BEC5594FDA7A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{6DDB8CC8-3F13-4E72-8203-51AA081E7DE0}" = MixMeister Fusion Demo
"{6E5C9B5E-8AB6-4D49-9DF7-1A48B29BB9E1}" = Windows Resource Kit Tools - DelProf.exe
"{6EC5D2BB-C70D-4A1E-9E0E-384568CA5E97}" = Intel® PRO Intelligent Installer
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{729518C0-BF90-4653-B1A2-CD0193D14CE6}}_is1" = Helium Music Manager 7 (build 7847)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}" =
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{78EFA95D-3310-4035-815B-A46BA4D0C6FA}" = VOB2MPG 2.2
"{7A7ACDE8-21FA-4CDF-ADA1-0D8D74F4E199}" = Cuttermaran 1.66
"{7A900EAB-DA37-4554-AF19-9C337476D05D}" =
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}" =
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Digidesign Free Bomb Factory Plug-Ins 7.4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3}" =
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{913F9C2B-D1DD-4877-ABA2-0FB75FAE477C}" = PE GUARD V1.1
"{9154ED7C-926E-49CC-B677-0CF3C5267457}" =
"{92F027CB-BDF9-4047-A654-13A050908158}" = ElastikVst
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{998B0DBF-BBE7-4F62-982B-64ACA8A7E174}" = RssBandit
"{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}" =
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9CD89DD7-234A-4801-9D87-3DE352E146A0}" = TMPGEnc DVD Author 1.6
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1185190-514F-11D6-A285-00A0CC51B2FE}" =
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2453C21-B185-437A-933D-EAFC19D0E2D2}" = LiquidInstrumentVst 1.1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA439D62-71BA-4BAA-A46E-C453801A6D4D}_is1" = Encoders for Helium Music Manager
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{ABB111BA-EBA0-4E05-BA73-FE6B54A43B15}" = CDMenuPro V5
"{AC157741-3285-4D6A-B934-9174587A3493}" =
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}" =
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF2FA20-6886-483C-8CC6-3310A1A636E5}" = ElastikVst
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE3EA2B9-9C44-45C1-9B8A-D82CA5A04C3D}" = avi.NET
"{BEB3AD23-250E-4BD2-BBC9-27D4BB42DE07}" = COMODO System - Cleaner
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1976CB8-C1B7-4E5A-B66D-3C355520303C}" = LiquidInstrumentVst 1.1
"{C34E19B2-F4D4-4C1F-A565-BA92627178D8}" = Sony Media Manager 2.0
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C48B121E-9175-4D1F-90DA-BCBA928E5187}" = Radiotracker
"{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}" =
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{C9BB0122-EB81-4C55-AF0E-39B9925E08CF}}_is1" = Helium Music Manager 2009 (build 6910)
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}" = Adobe Audition 3.0.1 Patch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7F8FF50-EEED-4F79-BE51-ADA945AA17ED}" = AutoPlay Media Studio 7.5
"{DCBE96DF-822C-401C-8DD2-0F3539637ADE}" = Microsoft ASP.NET Web Matrix
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector for Windows
"{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}" =
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E39DF79E-B969-47E2-BB64-071A68871C6F}" = MixMeister Pro 6
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{EABACFC4-1CB1-438E-A418-0A3B21CD30D3}" = Waves Restoration
"{EC0D1AE6-BFF2-4095-9802-789CAFA433F4}" = StuffIt Deluxe
"{ECB74828-944D-473A-BF6E-FBF596166815}" = Sony PSP Media Manager 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE4E4A40-0296-4CB0-AD59-62FDB96E00B0}_is1" = Encoders for Helium Music Manager 2008
"{EE6699B3-E5AD-4E59-8F2B-207DF630670C}" =
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}" =
"{FD851F7E-F887-405D-9E1C-488811113EF3}" =
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"7-Zip" = 7-Zip 4.65
"AC3ACM" = AC-3 ACM Codec
"AC3Filter" = AC3Filter (remove only)
"Active Disk" = Active Disk
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Audition 2.0" = Adobe Audition 2.0
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Encore DVD 2.0" = Adobe Encore DVD 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_5a2cf0498f0f8a9d712b9c8926ae172" = Adobe Soundbooth CS4
"Advanced Crossfading" = Advanced Crossfading 1.7.6.1180
"All ATI Software" = ATI - Software Uninstall Utility
"AnalogX DXMan" = AnalogX DXMan
"Antares Tube v1.0" = Antares Tube v1.0
"AOpen Multimedia Utilities" = AOpen Multimedia Utilities
"ASAPI Update" = ASAPI Update
"ASIO4ALL" = ASIO4ALL
"AsusUpdate" = AsusUpdate
"ATI Display Driver" = ATI Display Driver
"AU9_is1" = Advanced Uninstaller PRO - Version 9
"Audio DVD Creator_is1" = Audio DVD Creator 1.9.1.0
"Audio Stream Recorder2" =
"AudioConSole" = Creative Audio Console
"AudioHQ" =
"avast5" = avast! Free Antivirus
"AVIcodec" = AVIcodec (remove only)
"AviScript 2.9 (Fullversion)_is1" = AviScript 2.9 (Fullversion)
"AviSynth" = AviSynth 2.5
"AVS VideoConverter 3.1_is1" = AVS VideoConverter 3.1.1.151
"BootLog XP_is1" = BootLog XP
"CachemanXP 1.8.0.14" = CachemanXP 1.8.0.14
"CCE SP Trial Version" = CCE SP Trial Version
"CCleaner" = CCleaner
"Cinema Craft Encoder SP v2.67.00.27 RETAIL dONGLE cRACKED" = Cinema Craft Encoder SP v2.67.00.27 RETAIL dONGLE cRACKED
"Clean 5" = Clean 5
"CloneDVD.exe_is1" = CloneDVD 3.6
"Comodo HopSurf Toolbar" = Comodo HopSurf
"COMODO Internet Security" = COMODO Internet Security
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"Creative MediaSource" =
"Creative MiniDisc Center" =
"Creative Restore Defaults" =
"Creative WaveStudio" =
"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
"dBpowerAMP WMA V9 Codec" = dBpowerAMP WMA V9 Codec
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DeClicker" = Steinberg DeClicker v1.21
"Diagnostics_Audigy2" =
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DMM" = TDK Digital MixMaster
"Driver Magician_is1" = Driver Magician 3.22
"DriverAgent.exe" = DriverAgent by TouchStone Software
"DuhikiToolbar" = Duhiki Toolbar
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD slideshow GUI_is1" = DVD slideshow GUI 0.84
"DVD-lab PRO 2.0_is1" = DVD-lab PRO 2.0
"DVD-lab PRO_is1" = DVD-lab PRO 1.53
"EAX" =
"Elecard Codec SDK G4 1.0.1.80507 Eval" = Elecard Codec SDK G4 Eval
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"exPressit S.E. 2.1" = exPressit S.E. 2.1
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"ffdshow_is1" = ffdshow [rev 1405] [2007-08-04]
"Filetopia Client v3.04d" = Filetopia Client v3.04d
"FixTunes" = FixTunes (remove only)
"FLAC" = FLAC 1.1.0 (remove only)
"Flash-SWF to AVI GIF Converter_is1" = Flash-SWF to AVI GIF Converter v1.412 (Release date: 05-11-18)
"foobar2000" = foobar2000 v0.9.6.8
"Google Chrome" = Google Chrome
"GSpot" = GSpot Codec Information Appliance
"Har-Bal Equalization System v2.3" = Har-Bal Equalization System v2.3
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"HP OfficeJet-PSC Scrubber" = HP OfficeJet/PSC Scrubber
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IL Download Manager" = IL Download Manager
"ImageDrive!UninstallKey" = ImageDrive (ahead software)
"InstallShield Uninstall Information" =
"InstallShield_{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5
"InstallShield_{604B0B0F-68C6-440D-AA74-B69314F86ADA}" = Swift 3D Version 4.00
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Iomega App Services" = Iomega App Services
"IomegaWare" = IomegaWare
"IsoBuster_is1" = IsoBuster 1.3
"iZotope Alloy_is1" = iZotope Alloy
"iZotope Ozone 3_is1" = iZotope Ozone 3
"iZotope Ozone 4_is1" = iZotope Ozone 4
"iZotope RX_is1" = iZotope RX
"iZotope Trash_is1" = iZotope Trash
"LameACM" = Lame ACM MP3 Codec
"Live 7.0.3" = Live 7.0.3
"LogonStudio" = LogonStudio
"Macro Express 3" = Macro Express 3
"Magic ISO Maker v5.3 (build 0229)" = Magic ISO Maker v5.3 (build 0229)
"MAGIX Audio Cleaning Lab 12 US" = MAGIX Audio Cleaning Lab 12 8.0.1.0 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mastering Edition" = Steinberg Mastering Edition v1.0
"MediaCoder Audio Edition" = MediaCoder Audio Edition 0.6.2
"MediaCoder iPhone Edition" = MediaCoder iPhone Edition
"MediaKey" = MediaKey
"MediaMonkey_is1" = MediaMonkey 3.2
"MediaSource CD-ROM Burner Component" =
"MediaSource Detector" =
"MediaSource DVD-Audio Player" =
"MediaSource Go!" =
"MediaSource Nomad Jukebox 3 Component" =
"MediaSource RemoteControl Component" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"MixMeister Studio 7.2.2_is1" = MixMeister Studio 7.2.2
"mmfsetup_is1" = MixMeister Fusion 7.3.5
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3Doctor PRO_is1" = Mp3Doctor PRO
"Mp3Doctor_is1" = Mp3Doctor 5.11.057
"Mp3Gain PRO_is1" = Mp3Gain PRO
"MPEG Video Wizard" = MPEG Video Wizard
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Music NFO Builder_is1" = Music NFO Builder v1.20
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"MVApplication1" = SureThing CD Labeler Deluxe 4
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"Noise Reduction Plug-In 2.0" = Sonic Foundry Noise Reduction Plug-In 2.0a
"Numark Cue (Atomix Productions)" = Numark Cue (Atomix Productions)
"NVIDIA WDM Drivers" = AOpen WDM Capture Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenMG HotFix3.2-03-01-16-01" = OpenMG Limited Patch 3.2-03-02-07-01
"OpenMG HotFix3.2-03-01-16-02" = OpenMG Limited Patch 3.2-03-01-31-01
"OrangeVocoder" = OrangeVocoder
"Orb" = Orb
"PCDJ FX VRM" = PCDJ FX VRM
"PCHealth" =
"PopUpCop" = PopUpCop
"PowerISO" = PowerISO
"ProcessLibrary.com Quick Access_is1" = Uniblue Quick Access
"Product Key Explorer_is1" = Product Key Explorer 2.3
"Professional Screen Saver Producer" = Axialis Professional Screen Saver Producer 3.6
"PROSet" = Intel® Network Connections Drivers
"PSP Video 9" = PSP Video 9 1.74
"PSP VintageWarmer v1.5d" = PSP VintageWarmer v1.5d
"PSPMovieCreator" = PSP Movie Creator(remove only)
"RealPlayer 6.0" = RealPlayer
"REAPER" = REAPER
"RegCure" = RegCure 2.0.0.0
"Revo Uninstaller" = Revo Uninstaller 1.83
"Samplitude Music Studio 14 Download version US" = Samplitude Music Studio 14 Download version 14.0.2.0 (US)
"save2pc_is1" = save2pc 3.0
"SB Audigy 2 Getting Started Demo" =
"Scan Spyware_is1" = ScanSpyware v3.8.0.2
"SCDNAS" = SHOUTcast DNAS (remove only)
"Secunia PSI" = Secunia PSI
"Security Task Manager" = Security Task Manager 1.6
"SereneScene Marine Aquarium 2" = SereneScene Marine Aquarium 2
"SFBM" = SoundFont Bank Manager
"SHOUTcastDSP" = SHOUTcast Source DSP 1.8.2 (remove only)
"ShowAnalyzer_is1" = ShowAnalyzer
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"Sonalksis FreeG Plug-Ins for Windows_is1" = Sonalksis FreeG Plug-Ins for Windows 1.10
"SONAR7Producer_is1" = SONAR 7 Producer Edition
"Songbird 20081124" = Songbird 1.0.0 (20081124)
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"Sound Blaster Audigy 2 Web Driver Windows Drivers" =
"Sound Blaster Audigy 2 Windows Drivers" =
"SPEAKER" =
"SPKR_CALIBRATOR" =
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SqrSoftACFDW" = SqrSoft Advanced Crossfading (remove only)
"S-Spline Pro" = Shortcut PhotoZoom Pro
"StartEd" = StartEd 5.3.0.2
"Steinberg Denoiser v1.51" = Steinberg Denoiser v1.51
"Steinberg Loudness Maximizer v1.20" = Steinberg Loudness Maximizer v1.20
"Steinberg MultiPlugInSetup" = Steinberg MultiPlugInSetup
"Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b
"Super Email Sender_is1" = Super Email Sender
"Super Video Splitter_is1" = Super Video Splitter 3.2
"SuperMp3Normalizer_is1" = SuperMp3Normalizer
"SURMIXER" =
"SWiSH Max2" = SWiSH Max2
"SWiSHpix" = SWiSHpix
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"Tag&Rename_is1" = Tag&Rename 3.5.1
"TC Bundle" = TC Bundle v2.0
"The Blocklist Manager_is1" = BLM 2.7.7
"ThreatExpert Memory Scanner_is1" = ThreatExpert Memory Scanner 1.0
"Torrent Harvester" = Torrent Harvester
"UltilitiesForAMS" = Ultility Pack for AutoPlay Media Studio
"UltraISO_is1" = UltraISO Premium V9.0
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Update Notifier" = Update Notifier
"uTorrent" = Torrent
"Video Fixer 3.23_is1" = Video Fixer 3.23
"Vidomi" = Vidomi (remove only)
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.1
"VobSub" = VobSub v2.23 (Remove Only)
"Waves MaxxBass" = Waves MaxxBass
"Waves Mercury Bundle" = Waves Mercury Bundle
"Waves Native Gold Bundle v3.01" = Waves Native Gold Bundle v3.01
"Waves Renaissance Collection 2" = Waves Renaissance Collection 2
"Waves Renaissance Compressor v1.0" = Waves Renaissance Compressor v1.0
"WebDesigner" = Microsoft Expression Web
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Product Key Finder-Pro version_is1" = Windows XP Product Key Finder-Pro version 1.0.0 - software for
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFF_is1" = WinFF 1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP TCP/IP Repair_is1" = XP TCP/IP Repair
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zortam Mp3 Center_is1" = Zortam Mp3 Center 1.30

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-879983540-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)
"uTorrent" = Torrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/4/2010 9:40:06 PM | Computer Name = DRMP3HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/4/2010 9:40:06 PM | Computer Name = DRMP3HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/4/2010 9:43:36 PM | Computer Name = DRMP3HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module unknown, version 0.0.0.0, fault address 0x71aa1950.

Error - 4/4/2010 10:42:45 PM | Computer Name = DRMP3HOME | Source = ESENT | ID = 485
Description = svchost (1004) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/4/2010 10:42:45 PM | Computer Name = DRMP3HOME | Source = ESENT | ID = 485
Description = svchost (1004) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/4/2010 10:42:47 PM | Computer Name = DRMP3HOME | Source = ESENT | ID = 485
Description = svchost (1004) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/4/2010 10:44:19 PM | Computer Name = DRMP3HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/4/2010 10:44:19 PM | Computer Name = DRMP3HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/4/2010 10:44:19 PM | Computer Name = DRMP3HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/4/2010 10:44:19 PM | Computer Name = DRMP3HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 4/7/2010 10:41:15 PM | Computer Name = DRMP3HOME | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/7/2010 10:41:15 PM | Computer Name = DRMP3HOME | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/7/2010 10:42:07 PM | Computer Name = DRMP3HOME | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/7/2010 10:52:12 PM | Computer Name = DRMP3HOME | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/7/2010 10:56:14 PM | Computer Name = DRMP3HOME | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/7/2010 10:56:14 PM | Computer Name = DRMP3HOME | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/7/2010 10:56:14 PM | Computer Name = DRMP3HOME | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/7/2010 10:56:14 PM | Computer Name = DRMP3HOME | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/7/2010 10:56:15 PM | Computer Name = DRMP3HOME | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/7/2010 11:02:17 PM | Computer Name = DRMP3HOME | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 07 April 2010 - 10:36 PM

Hi again Ron Cooper,

It's getting quite late here, so I'll review the logs tomorrow. From a quick look you don't appear to have posted the GMER log, please do that.

Thanks. In the meantime, it would be best if you refrain from using the computer too much.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Ron Cooper

Ron Cooper
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 08 April 2010 - 02:10 PM

Hello From Ron Cooper in Portland, OR USA


I attached ARK.txt

Thanks Again
Ron






#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 08 April 2010 - 06:23 PM

Hello.

Thanks for those logs, let's see what we can do here. Please download and run Combofix by referring to the instructions below...

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.



Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 Ron Cooper

Ron Cooper
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 08 April 2010 - 07:57 PM

Hello from Ron
Followed ComboFix instructions
I already had Recovery Console woking
I ran

Got the Screen " It will take 10 minutes" Started Scanning....

Got the blue Screen of death.

I had to do a restore to get it to boot
The blue screen said that a driver was stopped and started again.

Should i Try it again??


Thanks
Ron



#10 Ron Cooper

Ron Cooper
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 08 April 2010 - 08:53 PM

Hello From Ron

I tried it again and got the blue screen

The blue screen said "mbr.sys"

after i booted
serious error said

BCCode : ce BCP1 : F7C34838 BCP2 : 00000000 BCP3 : F7C34838
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

C:\DOCUME~1\ronc\LOCALS~1\Temp\WERfaed.dir00\Mini040810-03.dmp
C:\DOCUME~1\ronc\LOCALS~1\Temp\WERfaed.dir00\sysdata.xml


will check back in about 1 HR
Ron


#11 Ron Cooper

Ron Cooper
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 09 April 2010 - 01:04 AM

Getting Late Here in Portland.

i used msconfig and used basic startup option

combofix ran and here is the attached log.

IE started with a empty screen and then quit with the same error

closer to fixing it.

talk in the morning.

Ron



#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 09 April 2010 - 08:53 PM

Hello again,

Quite a few things we need to do here...

First...

Download and Run GooredFix

Please download GooredFix and save it to your Desktop if you lost your copy.
Alternative Download Mirror #1

Please make sure all instances of Firefox are closed at this point before proceeding.
  • Ensure all Firefox windows are closed at this time.
  • Please double-click GooredFix.exe on your Desktop to run it. If you are using Vista, please right-click and select run as administartor
  • When prompted to run the scan, click Yes.
  • The removal process will begin, please be paitent until it finishes.
  • A log will open with the file after completion, please post the contents of that log in your next reply
*Note: The log can also be found on your desktop called GooredFix.txt

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    CODE
    RenV::
    c:\program files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
    c:\program files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
    Driver::
    MarxDev1
    MarxDev2
    MarxDev3
    RegLock::
    [HKEY_USERS\S-1-5-21-299502267-879983540-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    RegNull::
    [HKEY_USERS\S-1-5-21-299502267-879983540-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE7AB658-0103-A24D-D89E-51D190EC3898}*]
    [HKEY_USERS\S-1-5-21-299502267-879983540-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8D54FB4-0FCE-B483-739E-C6CA5F64D6CF}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)

    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Next...

Download and Run GMER

We will use GMER to scan for rootkits.
  • Please download GMER from one of the following locations, and save it to your desktop:
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click or on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK ONLY the following:
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 Ron Cooper

Ron Cooper
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 11 April 2010 - 12:52 PM

Hello From Ron
This has been one "heck" of a weekend with these programs
ComboFix crashed many times with MBR.sys blue screen error.
I got it to run under Min Sys Boot in MsConfig.
Attached is ComboFix.txt

Gmer ran "But" it would not let me save it
Out of System Resources. In regular mode and safe mode.
maybe we can get it running when more is fixed.

Thanks Again
Waiting For your instructions

Ron

ComboFix 10-04-10.02 - ronc 04/10/2010 15:33:32.3.1 - x86
Running from: c:\documents and settings\ronc\My Documents\My Completed Downloads\Bleeping Computer Programs\ComboFix\ComboFix.exe
Command switches used :: c:\documents and settings\ronc\My Documents\My Completed Downloads\Bleeping Computer Programs\ComboFix\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MARXDEV1
-------\Legacy_MARXDEV2
-------\Legacy_MARXDEV3
-------\Service_MarxDev1
-------\Service_MarxDev2
-------\Service_MarxDev3


((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-07 04:52 . 2010-04-07 04:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-06 23:59 . 2010-04-06 23:59 -------- d-----w- c:\documents and settings\ronc\Application Data\ComodoGroup
2010-04-02 03:15 . 2009-05-29 22:40 940896 ----a-w- c:\windows\system32\Incinerator.dll
2010-04-02 03:15 . 2009-02-17 18:31 28672 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-04-02 03:15 . 2009-02-17 18:26 8192 ----a-w- c:\windows\system32\smrgdf.exe
2010-04-02 03:15 . 2010-04-02 03:15 -------- d-----w- c:\program files\iolo
2010-03-31 00:39 . 2010-03-31 00:39 7172984 ----a-w- c:\program files\pcmedkit_setup.exe
2010-03-30 23:44 . 2007-11-29 14:38 40056 ----a-w- c:\windows\system32\NicInst.dll
2010-03-30 23:44 . 2007-12-15 04:05 35424 ----a-w- c:\windows\system32\e100bmsg.dll
2010-03-30 23:44 . 2007-08-07 15:28 28272 ----a-w- c:\windows\system32\NicCo2.dll
2010-03-30 23:26 . 2010-03-30 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-03-30 23:25 . 2010-03-30 23:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-03-30 16:45 . 2010-03-30 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
2010-03-30 16:43 . 2010-03-30 16:43 -------- d-----w- c:\program files\Nsasoft
2010-03-30 05:22 . 2010-03-30 05:22 -------- d-----w- c:\program files\Product Key Finder Pro
2010-03-27 18:46 . 2010-03-31 06:02 -------- d-----w- c:\program files\ACW
2010-03-27 00:16 . 2010-03-27 00:16 7668 ----a-w- c:\windows\system32\drivers\RKREVEAL150.SYS
2010-03-26 23:31 . 2010-03-26 23:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-03-26 06:01 . 2010-03-26 06:01 -------- d-----w- C:\spoolerlogs
2010-03-26 05:34 . 2010-03-27 04:30 -------- d-----w- c:\program files\Common Files\iTunesDetector
2010-03-26 05:15 . 2010-03-26 17:08 -------- d-----w- c:\program files\Reimage
2010-03-25 06:10 . 2010-03-25 06:10 262144 ----a-w- c:\windows\system32\default_user_class.dat
2010-03-24 02:57 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-24 02:57 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-24 02:57 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-24 02:57 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-24 02:57 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-24 02:57 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-24 02:57 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-24 02:56 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-24 02:56 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-23 02:42 . 2010-03-23 02:42 -------- d-----w- c:\program files\ESET
2010-03-21 22:18 . 2000-10-30 00:34 150016 ----a-w- c:\windows\system32\Unzip32.dll
2010-03-18 00:41 . 2010-03-31 21:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-17 18:44 . 2008-11-06 09:03 -------- d-----w- C:\SDFix
2010-03-17 03:45 . 2008-09-08 00:22 8704 ----a-w- c:\windows\system32\ssbtsr.exe
2010-03-17 03:45 . 2010-03-17 03:45 -------- d-----w- c:\program files\ScanSpyware
2010-03-17 00:21 . 2010-03-23 21:39 -------- d-----w- c:\program files\ScanSpyware v3.8.0.2
2010-03-16 23:21 . 2010-03-17 03:50 -------- d-----w- c:\documents and settings\ronc\Application Data\ScanSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 22:46 . 2009-05-08 21:52 117760 ----a-w- c:\documents and settings\ronc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-10 22:11 . 2005-10-10 04:51 -------- d-----w- c:\program files\PeerGuardian2
2010-04-09 22:36 . 2007-10-06 00:06 -------- d-----w- c:\documents and settings\ronc\Application Data\uTorrent
2010-04-07 04:52 . 2008-09-08 02:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 21:17 . 2010-04-07 04:21 8530 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat
2010-04-02 03:15 . 2009-03-20 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-03-30 23:54 . 2008-04-04 23:03 -------- d-----w- c:\documents and settings\ronc\Application Data\Uniblue
2010-03-30 23:54 . 2007-08-12 21:55 -------- d-----w- c:\program files\Uniblue
2010-03-30 23:23 . 2005-06-22 05:02 -------- d-----w- c:\documents and settings\ronc\Application Data\vlc
2010-03-26 23:20 . 2006-11-16 05:07 -------- d-----w- c:\program files\DAP
2010-03-26 23:19 . 2008-09-07 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-03-26 23:04 . 2007-04-01 21:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-25 00:05 . 2009-06-01 04:43 -------- d-----w- c:\documents and settings\ronc\Application Data\cspa
2010-03-24 23:49 . 2009-05-29 16:19 -------- d-----w- c:\program files\COMODO
2010-03-24 02:28 . 2006-12-28 00:07 -------- d-----w- c:\documents and settings\ronc\Application Data\U3
2010-03-23 21:30 . 2010-01-27 01:25 -------- d-----w- c:\program files\Mp3Doctor
2010-03-21 22:18 . 2005-09-08 04:37 -------- d-----w- c:\program files\Bluetack
2010-03-17 22:56 . 2003-07-31 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-15 04:17 . 2002-12-31 16:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-15 04:11 . 2010-01-10 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Rapidshare Search Tool
2010-03-09 04:29 . 2009-04-06 01:24 -------- d-----w- c:\program files\RegCure
2010-03-09 04:28 . 2010-03-09 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-03-08 17:13 . 2007-10-06 00:06 -------- d-----w- c:\program files\uTorrent
2010-03-03 20:53 . 2009-11-30 03:52 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2010-03-03 01:27 . 2005-04-18 04:35 -------- d-----w- c:\program files\DivX
2010-03-03 01:26 . 2009-04-21 00:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-03 01:26 . 2005-02-03 03:50 -------- d-----w- c:\program files\Google
2010-03-02 06:08 . 2009-07-01 03:09 -------- d-----w- c:\documents and settings\ronc\Application Data\iZotope
2010-03-02 05:58 . 2010-03-02 05:58 -------- d-----w- c:\program files\Common Files\VST3
2010-03-02 05:58 . 2007-10-19 03:33 -------- d-----w- c:\program files\iZotope
2010-03-01 04:25 . 2010-03-01 04:25 -------- d-----w- c:\program files\Microsoft Windows Script
2010-02-24 19:07 . 2010-02-24 04:26 -------- d-----w- c:\program files\Windows Live
2010-02-24 04:30 . 2010-02-24 04:30 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-24 04:29 . 2010-02-17 04:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-24 04:27 . 2010-02-24 04:27 -------- d-----w- c:\program files\Microsoft
2010-02-24 04:27 . 2010-02-24 04:27 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-24 04:21 . 2010-02-24 04:21 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-21 23:16 . 2010-01-07 05:34 -------- d-----w- c:\program files\J River
2010-02-21 23:13 . 2010-02-21 23:13 -------- d-----w- c:\documents and settings\ronc\Application Data\J River
2010-02-20 01:39 . 2009-01-02 06:27 -------- d-----w- c:\documents and settings\ronc\Application Data\foobar2000
2010-02-18 03:54 . 2004-05-18 04:20 163568 ----a-w- c:\documents and settings\ronc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 17:04 . 2007-12-10 05:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-17 04:39 . 2004-12-08 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-17 04:27 . 2010-02-17 04:27 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-02-17 04:18 . 2010-02-17 04:18 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-02-06 20:28 . 2009-12-30 20:51 52224 ----a-w- c:\documents and settings\ronc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-02 17:28 . 2009-12-08 19:15 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-02 17:27 . 2009-12-08 19:15 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-28 17:28 . 2009-12-08 19:15 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-28 17:28 . 2009-12-08 19:15 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2004-09-10 20:40 . 2004-09-10 20:40 75264 ----a-w- c:\program files\DECCHECK.exe
2004-09-10 20:40 . 2004-09-10 20:40 5970 ----a-w- c:\program files\eula.txt
2003-08-27 21:19 . 2004-08-16 03:16 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2000-12-12 19:17 . 2000-12-14 02:22 100432 ----a-w- c:\program files\Win2000PPAHotfix.exe
2002-08-01 02:55 . 2008-04-01 04:16 106 --sha-w- c:\windows\WSYS049.SYS
2006-02-01 04:20 . 2006-02-01 04:09 56 --sha-r- c:\windows\system32\8D11BC3992.sys
2004-01-25 08:00 . 2004-01-25 08:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-02-28 02:25 . 2006-02-22 06:01 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2005-02-28 20:16 . 2005-02-28 20:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 08:00 . 2004-01-25 08:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 05:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2006-01-30 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Macro Express 3.lnk]
backup=c:\windows\pss\Macro Express 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ronc^Start Menu^Programs^Startup^Update Notifier.lnk]
path=c:\documents and settings\ronc\Start Menu\Programs\Startup\Update Notifier.lnk
backup=c:\windows\pss\Update Notifier.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 23:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Uninstaller PRO Installation Monitor]
2008-09-03 16:48 920976 ----a-w- c:\program files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-05-14 03:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2009-09-27 07:32 83312 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2010-01-28 17:28 1800464 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 19:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-11 09:50 20992 ----a-w- c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
2005-09-19 01:40 1421824 ----a-w- c:\program files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-05-25 17:55 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PCProxy"=3 (0x3)
"N360"=2 (0x2)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"xmlprov"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"UPS"=3 (0x3)
"UPHClean"=2 (0x2)
"TrkWks"=2 (0x2)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"SeaPort"=3 (0x3)
"Schedule"=2 (0x2)
"SamSs"=2 (0x2)
"RasMan"=2 (0x2)
"RasAuto"=2 (0x2)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"Nla"=2 (0x2)
"NetTcpPortSharing"=2 (0x2)
"Netman"=2 (0x2)
"Netlogon"=2 (0x2)
"MSIServer"=2 (0x2)
"Messenger"=2 (0x2)
"LmHosts"=2 (0x2)
"LanmanWorkstation"=2 (0x2)
"LanmanServer"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"gupdate1caba70678a18cc"=2 (0x2)
"getPlusHelper"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"EventSystem"=2 (0x2)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"COMSysApp"=2 (0x2)
"cmdAgent"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"ClipSrv"=3 (0x3)
"CiSvc"=3 (0x3)
"CachemanXPService"=3 (0x3)
"Browser"=2 (0x2)
"BootlogService"=2 (0x2)
"BITS"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AppMgmt"=2 (0x2)
"ALG"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Iomega Drive Icons"=c:\program files\Iomega\DriveIcons\ImgIcon.exe
"Iomega Startup Options"=c:\program files\Iomega\Common\ImgStart.exe
"Realtime Audio Engine"=mmrtkrnl.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electric Rain\\Swift 3D\\Version 4.00\\Program\\Swift3D.exe"=
"c:\\Program Files\\Microsoft ASP.NET Web Matrix\\v0.6.812\\WebServer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\RssBandit\\RSSBandit.exe"=
"c:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"\\\\STREAMER\\STREAMER (F)\\GoodPrograms\\Exeem\\eXeem BETA 0.25\\client.dll"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6889:TCP"= 6889:TCP:6889
"49152:TCP"= 49152:TCP:BitComet 49152 TCP
"49152:UDP"= 49152:UDP:BitComet 49152 UDP

R0 Fasttrak;Fasttrak;c:\windows\system32\drivers\Fasttrak.sys [12/20/2001 11:49 AM 70528]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [1/9/2003 11:27 AM 11264]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/23/2010 7:57 PM 162640]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12/8/2009 12:15 PM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/8/2009 12:15 PM 25160]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [1/19/2003 2:26 PM 13294]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/23/2010 7:57 PM 19024]
R2 PEG;PEG;c:\windows\system32\drivers\PEG.sys [9/10/2009 6:10 AM 8064]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2/16/2009 8:24 PM 33792]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [12/30/2002 11:53 AM 18840]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S2 nvtvSND;AOpen NVIDIA WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [12/31/2002 9:57 AM 14048]
S3 cpuz128;cpuz128;\??\c:\docume~1\ronc\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\ronc\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 hcdriver;EHCI;c:\windows\system32\drivers\hcdriver.sys [6/4/2006 5:28 PM 50432]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2/16/2004 3:19 PM 571776]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\drivers\ProtoWall.sys [2/24/2010 11:18 AM 22912]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 4:03 AM 7808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
S4 BootlogService;BootlogService;c:\program files\Greatis\BootLog XP\BootLogService.exe [1/6/2010 5:41 PM 65248]
S4 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [1/5/2010 8:56 PM 355840]
S4 gearsec;gearsec;c:\windows\system32\gearsec.exe [12/1/2003 3:27 PM 53248]
S4 gupdate1caba70678a18cc;Google Update Service (gupdate1caba70678a18cc);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2010 6:25 PM 133104]
S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/1/2010 8:15 PM 600944]
S4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/1/2010 8:15 PM 600944]
S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536]
S4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 5:28 AM 4639136]
S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [11/30/2008 4:16 PM 598856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 17:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-04-09 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 22:41]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 01:25]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 01:25]

2010-04-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-03-09 02:58]

2010-04-10 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-03-09 02:58]

2010-03-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-03-09 02:58]

2010-04-10 c:\windows\Tasks\User_Feed_Synchronization-{B8215452-FB01-444F-B86F-2AFAA437DB8D}.job
- c:\windows\system32\msfeedssync.exe [2008-09-07 02:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
FF - ProfilePath - c:\documents and settings\ronc\Application Data\Mozilla\Firefox\Profiles\ws8cj3g3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BLT&o=15554&locale=en_US&q=
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 15:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys Fasttrak.sys >>UNKNOWN [0x847288C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf762df28
\Driver\ACPI -> ACPI.sys @ 0xf7580cb8
\Driver\atapi -> atapi.sys @ 0xf74fc852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|"|w*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||w*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9a,ac,d9,89,84,ec,51,9d,50,f3,8c,0a,35,fe,0f,b3,6a,46,54,50,a1,
84,a6,7a,06,dc,35,67,f2,7c,60,e7,5a,45,f1,ea,db,bf,0a,63,44,fe,ad,06,a2,62,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\ronc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\ronc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(488)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Illustrate\dBpowerAMP\dBShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2010-04-10 16:00:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-10 23:00
ComboFix2.txt 2010-04-10 19:57
ComboFix3.txt 2010-04-09 05:33

Pre-Run: 9,055,707,136 bytes free
Post-Run: 8,761,556,992 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - E2DE24555EAB3BAE388BEDF6AED64AF7

Edited by Ron Cooper, 11 April 2010 - 12:56 PM.


#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 11 April 2010 - 01:05 PM

Try uninstalling your security program -Comodo (as that causes some problems). Once you uninstall it, try GMER once more. If it still doesn't work let me know.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 Ron Cooper

Ron Cooper
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 11 April 2010 - 09:02 PM

Here is the Gmer story

I had to run it in Minimum setup mode with msconfig.
It took about 1.5 hrs to run.

It poped up with:

Gmer has found system modification caused by Rootkit Activity.

I don't know if it did something about it.

the Report ran to completion "But"
I could not save it at all. i think the rootkit was very smart.

I saw some parts of the report on certain software and i Deleted them from the system.

At this time the rootkit is winning.

can we look for the Rootkit next. So i can give u a real report.

i have a program called bootlog and i ran it and attached it for you.

Woops i am out of space on your server. I will see if i can fix it.

Could not delete any attachments.
I ran ComboFix again. It poped up and said if found a rootkit and rebooted.


ComboFix 10-04-11.01 - ronc 04/11/2010 22:17:44.4.1 - x86
Running from: c:\documents and settings\ronc\My Documents\My Completed Downloads\Bleeping Computer Programs\ComboFix\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
.

2010-04-12 03:52 . 2010-04-12 03:52 -------- dc-h--w- c:\windows\ie8
2010-04-12 02:59 . 2010-04-12 02:59 -------- d-----w- C:\found.000
2010-04-07 04:52 . 2010-04-07 04:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-06 23:59 . 2010-04-06 23:59 -------- d-----w- c:\documents and settings\ronc\Application Data\ComodoGroup
2010-04-02 03:15 . 2009-05-29 22:40 940896 ----a-w- c:\windows\system32\Incinerator.dll
2010-04-02 03:15 . 2009-02-17 18:31 28672 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-04-02 03:15 . 2009-02-17 18:26 8192 ----a-w- c:\windows\system32\smrgdf.exe
2010-04-02 03:15 . 2010-04-02 03:15 -------- d-----w- c:\program files\iolo
2010-03-31 00:39 . 2010-03-31 00:39 7172984 ----a-w- c:\program files\pcmedkit_setup.exe
2010-03-30 23:44 . 2007-11-29 14:38 40056 ----a-w- c:\windows\system32\NicInst.dll
2010-03-30 23:44 . 2007-12-15 04:05 35424 ----a-w- c:\windows\system32\e100bmsg.dll
2010-03-30 23:44 . 2007-08-07 15:28 28272 ----a-w- c:\windows\system32\NicCo2.dll
2010-03-30 23:24 . 2006-12-01 22:26 57856 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\Windows\winsxs\7z1v718o.6n8\mfcm80u.dll
2010-03-30 16:45 . 2010-03-30 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
2010-03-30 16:43 . 2010-03-30 16:43 -------- d-----w- c:\program files\Nsasoft
2010-03-30 05:22 . 2010-03-30 05:22 -------- d-----w- c:\program files\Product Key Finder Pro
2010-03-27 18:46 . 2010-03-31 06:02 -------- d-----w- c:\program files\ACW
2010-03-27 00:16 . 2010-03-27 00:16 7668 ----a-w- c:\windows\system32\drivers\RKREVEAL150.SYS
2010-03-26 23:31 . 2010-03-26 23:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-03-26 06:01 . 2010-03-26 06:01 -------- d-----w- C:\spoolerlogs
2010-03-26 05:34 . 2010-03-27 04:30 -------- d-----w- c:\program files\Common Files\iTunesDetector
2010-03-26 05:15 . 2010-03-26 17:08 -------- d-----w- c:\program files\Reimage
2010-03-25 06:10 . 2010-03-25 06:10 262144 ----a-w- c:\windows\system32\default_user_class.dat
2010-03-24 02:57 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-24 02:57 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-24 02:57 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-24 02:57 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-24 02:57 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-24 02:57 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-24 02:57 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-24 02:56 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-24 02:56 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-24 02:28 . 2006-01-30 02:19 438272 ----a-w- c:\documents and settings\ronc\Application Data\U3\0B008B6170D269E8\F341CFFF-7836-4016-A7D6-E203E64100C7\Exec\U3LolaHostConfig.exe
2010-03-24 02:28 . 2006-01-24 22:16 3368413 ----a-w- c:\documents and settings\ronc\Application Data\U3\0B008B6170D269E8\F341CFFF-7836-4016-A7D6-E203E64100C7\Exec\u3_demo.exe
2010-03-23 02:42 . 2010-03-23 02:42 -------- d-----w- c:\program files\ESET
2010-03-21 22:18 . 2000-10-30 00:34 150016 ----a-w- c:\windows\system32\Unzip32.dll
2010-03-18 00:41 . 2010-03-31 21:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-17 18:44 . 2008-11-06 09:03 -------- d-----w- C:\SDFix
2010-03-17 03:45 . 2008-09-08 00:22 8704 ----a-w- c:\windows\system32\ssbtsr.exe
2010-03-17 03:45 . 2010-03-17 03:45 -------- d-----w- c:\program files\ScanSpyware
2010-03-17 00:21 . 2010-03-23 21:39 -------- d-----w- c:\program files\ScanSpyware v3.8.0.2
2010-03-16 23:21 . 2010-03-17 03:50 -------- d-----w- c:\documents and settings\ronc\Application Data\ScanSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 05:14 . 2009-05-08 21:52 117760 ----a-w- c:\documents and settings\ronc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-12 04:11 . 2005-10-10 04:51 -------- d-----w- c:\program files\PeerGuardian2
2010-04-11 23:41 . 2004-02-13 02:46 -------- d-----w- c:\program files\Macromedia
2010-04-11 23:36 . 2002-12-31 16:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-11 20:45 . 2009-05-29 16:19 -------- d-----w- c:\program files\COMODO
2010-04-09 22:36 . 2007-10-06 00:06 -------- d-----w- c:\documents and settings\ronc\Application Data\uTorrent
2010-04-07 04:52 . 2008-09-08 02:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 21:17 . 2010-04-07 04:21 8530 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat
2010-04-02 03:15 . 2009-03-20 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-03-30 23:54 . 2008-04-04 23:03 -------- d-----w- c:\documents and settings\ronc\Application Data\Uniblue
2010-03-30 23:54 . 2007-08-12 21:55 -------- d-----w- c:\program files\Uniblue
2010-03-30 23:27 . 2010-03-30 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-03-30 23:26 . 2010-03-30 23:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-03-30 23:23 . 2005-06-22 05:02 -------- d-----w- c:\documents and settings\ronc\Application Data\vlc
2010-03-26 23:20 . 2006-11-16 05:07 -------- d-----w- c:\program files\DAP
2010-03-26 23:19 . 2008-09-07 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-03-26 23:04 . 2007-04-01 21:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-25 00:05 . 2009-06-01 04:43 -------- d-----w- c:\documents and settings\ronc\Application Data\cspa
2010-03-24 02:28 . 2006-12-28 00:07 -------- d-----w- c:\documents and settings\ronc\Application Data\U3
2010-03-23 21:30 . 2010-01-27 01:25 -------- d-----w- c:\program files\Mp3Doctor
2010-03-21 22:18 . 2005-09-08 04:37 -------- d-----w- c:\program files\Bluetack
2010-03-17 22:56 . 2003-07-31 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-15 04:17 . 2002-12-31 16:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-15 04:11 . 2010-01-10 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Rapidshare Search Tool
2010-03-11 12:38 . 2010-03-11 12:38 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-09 04:29 . 2009-04-06 01:24 -------- d-----w- c:\program files\RegCure
2010-03-09 04:28 . 2010-03-09 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-03-08 17:13 . 2007-10-06 00:06 -------- d-----w- c:\program files\uTorrent
2010-03-03 20:53 . 2009-11-30 03:52 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2010-03-03 01:27 . 2005-04-18 04:35 -------- d-----w- c:\program files\DivX
2010-03-03 01:26 . 2009-04-21 00:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-03 01:26 . 2005-02-03 03:50 -------- d-----w- c:\program files\Google
2010-03-02 06:08 . 2009-07-01 03:09 -------- d-----w- c:\documents and settings\ronc\Application Data\iZotope
2010-03-02 05:58 . 2010-03-02 05:58 -------- d-----w- c:\program files\Common Files\VST3
2010-03-02 05:58 . 2007-10-19 03:33 -------- d-----w- c:\program files\iZotope
2010-03-01 04:25 . 2010-03-01 04:25 -------- d-----w- c:\program files\Microsoft Windows Script
2010-02-25 06:24 . 2006-11-16 04:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 19:07 . 2010-02-24 04:26 -------- d-----w- c:\program files\Windows Live
2010-02-24 04:30 . 2010-02-24 04:30 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-24 04:29 . 2010-02-17 04:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-24 04:27 . 2010-02-24 04:27 -------- d-----w- c:\program files\Microsoft
2010-02-24 04:27 . 2010-02-24 04:27 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-24 04:21 . 2010-02-24 04:21 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-21 23:16 . 2010-01-07 05:34 -------- d-----w- c:\program files\J River
2010-02-21 23:13 . 2010-02-21 23:13 -------- d-----w- c:\documents and settings\ronc\Application Data\J River
2010-02-20 01:39 . 2009-01-02 06:27 -------- d-----w- c:\documents and settings\ronc\Application Data\foobar2000
2010-02-18 03:54 . 2004-05-18 04:20 163568 ----a-w- c:\documents and settings\ronc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 17:04 . 2007-12-10 05:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-17 04:39 . 2004-12-08 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-17 04:27 . 2010-02-17 04:27 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-02-17 04:18 . 2010-02-17 04:18 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-02-06 20:28 . 2009-12-30 20:51 52224 ----a-w- c:\documents and settings\ronc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2004-09-10 20:40 . 2004-09-10 20:40 75264 ----a-w- c:\program files\DECCHECK.exe
2004-09-10 20:40 . 2004-09-10 20:40 5970 ----a-w- c:\program files\eula.txt
2003-08-27 21:19 . 2004-08-16 03:16 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2000-12-12 19:17 . 2000-12-14 02:22 100432 ----a-w- c:\program files\Win2000PPAHotfix.exe
2002-08-01 02:55 . 2008-04-01 04:16 106 --sha-w- c:\windows\WSYS049.SYS
2006-02-01 04:20 . 2006-02-01 04:09 56 --sha-r- c:\windows\system32\8D11BC3992.sys
2004-01-25 08:00 . 2004-01-25 08:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-02-28 02:25 . 2006-02-22 06:01 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2005-02-28 20:16 . 2005-02-28 20:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 08:00 . 2004-01-25 08:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-09_05.28.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-25 04:13 . 2009-08-07 02:24 53472 c:\windows\system32\wuauclt.exe
+ 2008-09-07 06:15 . 2009-03-08 11:31 46592 c:\windows\system32\pngfilt.dll
- 2008-09-07 06:15 . 2007-08-14 02:01 48128 c:\windows\system32\mshtmler.dll
+ 2008-09-07 06:15 . 2009-03-08 11:31 48128 c:\windows\system32\mshtmler.dll
+ 2008-09-07 06:15 . 2009-03-08 11:31 66560 c:\windows\system32\mshtmled.dll
- 2008-09-07 06:15 . 2007-08-14 02:32 45568 c:\windows\system32\mshta.exe
+ 2008-09-07 06:15 . 2009-03-08 11:31 45568 c:\windows\system32\mshta.exe
+ 2008-09-07 06:15 . 2009-03-08 11:31 13312 c:\windows\system32\msfeedssync.exe
+ 2006-10-27 23:09 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-09-07 06:15 . 2009-03-08 11:34 43008 c:\windows\system32\licmgr10.dll
+ 2008-09-07 06:15 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2008-09-07 06:15 . 2009-03-08 11:32 94720 c:\windows\system32\inseng.dll
+ 2008-09-07 06:15 . 2009-03-08 11:31 34816 c:\windows\system32\imgutil.dll
+ 2006-10-27 10:44 . 2009-03-08 11:32 36864 c:\windows\system32\ieudinit.exe
+ 2008-09-07 06:15 . 2009-03-08 11:32 71680 c:\windows\system32\iesetup.dll
+ 2008-09-07 06:15 . 2009-03-08 11:32 55808 c:\windows\system32\iernonce.dll
+ 2006-10-17 20:58 . 2009-03-08 11:31 59904 c:\windows\system32\icardie.dll
+ 2009-06-10 19:45 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-10 19:45 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-02-25 04:13 . 2009-08-07 02:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-09-07 06:15 . 2009-03-08 11:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2008-09-07 06:15 . 2007-08-14 02:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2008-09-07 06:15 . 2009-03-08 11:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2008-09-07 06:15 . 2009-03-08 11:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-09-07 06:15 . 2007-08-14 02:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-09-07 06:15 . 2009-03-08 11:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-09-07 06:06 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-09-07 06:15 . 2009-03-08 11:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-09-07 06:15 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-09-07 06:15 . 2009-03-08 11:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2008-09-07 06:15 . 2009-03-08 11:31 34816 c:\windows\system32\dllcache\imgutil.dll
- 2008-09-07 06:06 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-09-07 06:06 . 2010-03-10 13:18 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-09-07 06:15 . 2009-03-08 11:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2008-09-07 06:15 . 2009-03-08 11:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2010-03-11 12:38 . 2010-03-11 12:38 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-05-07 03:07 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-05-07 03:08 . 2010-02-16 04:50 64000 c:\windows\system32\dllcache\iecompat.dll
+ 2008-09-07 06:06 . 2009-03-08 11:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2008-09-06 23:10 . 2009-03-08 11:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2008-09-07 06:15 . 2009-03-08 11:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2010-02-25 04:13 . 2009-08-07 02:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-09-07 06:15 . 2009-03-08 11:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2008-09-07 06:15 . 2009-03-08 11:33 18944 c:\windows\system32\corpol.dll
+ 2010-02-25 04:13 . 2009-08-07 02:24 96480 c:\windows\system32\cdm.dll
+ 2008-09-07 06:15 . 2009-03-08 11:32 72704 c:\windows\system32\admparse.dll
- 2010-02-10 01:28 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\ab0676fe50d78a2ee35a6cca883a9b02\update\spcustom.dll
- 2010-02-10 01:28 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\ab0676fe50d78a2ee35a6cca883a9b02\spmsg.dll
+ 2010-04-12 03:53 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-04-12 03:53 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-04-12 03:53 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2010-04-12 03:52 . 2009-03-08 21:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 44544 c:\windows\ie8\pngfilt.dll
+ 2010-04-12 03:52 . 2007-08-14 02:01 48128 c:\windows\ie8\mshtmler.dll
+ 2010-04-12 03:52 . 2007-08-14 02:32 45568 c:\windows\ie8\mshta.exe
+ 2010-04-12 03:52 . 2007-08-14 02:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2010-04-12 03:52 . 2009-02-20 18:09 52224 c:\windows\ie8\msfeedsbs.dll
+ 2010-04-12 03:52 . 2007-08-14 02:44 40960 c:\windows\ie8\licmgr10.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 27648 c:\windows\ie8\jsproxy.dll
+ 2010-04-12 03:52 . 2007-08-14 02:39 92672 c:\windows\ie8\inseng.dll
+ 2010-04-12 03:52 . 2007-08-14 02:36 36352 c:\windows\ie8\imgutil.dll
+ 2010-04-12 03:52 . 2007-08-14 02:39 55296 c:\windows\ie8\iesetup.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 44544 c:\windows\ie8\iernonce.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 78336 c:\windows\ie8\ieencode.dll
+ 2010-04-12 03:52 . 2009-02-20 10:20 70656 c:\windows\ie8\ie4uinit.exe
+ 2010-04-12 03:52 . 2009-02-20 18:09 63488 c:\windows\ie8\icardie.dll
+ 2010-04-12 03:52 . 2007-08-14 01:18 60416 c:\windows\ie8\hmmapi.dll
+ 2010-04-12 03:52 . 2007-08-14 01:42 17408 c:\windows\ie8\corpol.dll
+ 2010-04-12 03:52 . 2007-08-14 02:39 71680 c:\windows\ie8\admparse.dll
+ 2010-04-12 03:54 . 2009-02-20 10:20 13824 c:\windows\ie7updates\KB980182-IE7\ieudinit.exe
+ 2010-04-12 03:53 . 2009-03-08 11:35 2048 c:\windows\ie8updates\KB980302-IE8\iecompat.dll
+ 2006-11-16 04:54 . 2009-01-08 01:21 121856 c:\windows\system32\xmllite.dll
- 2006-11-16 04:54 . 2006-07-14 15:51 121856 c:\windows\system32\xmllite.dll
+ 2010-02-25 04:13 . 2009-08-07 02:23 209624 c:\windows\system32\wuweb.dll
+ 2010-02-25 04:13 . 2009-08-07 02:24 327896 c:\windows\system32\wucltui.dll
+ 2008-09-07 06:15 . 2009-03-08 11:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2006-11-16 04:56 . 2009-03-08 11:34 236544 c:\windows\system32\webcheck.dll
+ 2006-11-16 04:56 . 2009-03-08 11:33 420352 c:\windows\system32\vbscript.dll
- 2006-11-16 04:56 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2006-11-16 04:56 . 2009-03-08 11:34 105984 c:\windows\system32\url.dll
+ 2008-09-07 06:15 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
+ 2008-09-07 06:15 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2008-09-07 06:15 . 2009-03-08 11:34 193536 c:\windows\system32\msrating.dll
+ 2008-09-07 06:15 . 2009-03-08 11:22 156160 c:\windows\system32\msls31.dll
- 2008-09-07 06:15 . 2007-08-14 02:54 156160 c:\windows\system32\msls31.dll
+ 2006-10-27 23:09 . 2010-02-25 06:24 594432 c:\windows\system32\msfeeds.dll
+ 2008-09-07 06:15 . 2009-03-08 11:33 726528 c:\windows\system32\jscript.dll
+ 2008-09-07 06:15 . 2009-03-08 11:22 164352 c:\windows\system32\ieui.dll
+ 2008-09-07 06:15 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2008-09-07 06:15 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 20:27 . 2009-03-08 11:11 445952 c:\windows\system32\ieapfltr.dll
+ 2008-09-07 06:15 . 2009-03-08 11:32 163840 c:\windows\system32\ieakui.dll
+ 2008-09-07 06:15 . 2009-03-08 11:33 229376 c:\windows\system32\ieaksie.dll
+ 2008-09-07 06:15 . 2009-03-08 11:33 125952 c:\windows\system32\ieakeng.dll
+ 2008-09-07 06:15 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
- 2004-12-17 22:13 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2004-12-17 22:13 . 2010-03-11 12:38 133120 c:\windows\system32\extmgr.dll
+ 2008-09-07 06:15 . 2009-03-08 11:31 216064 c:\windows\system32\dxtrans.dll
+ 2008-09-07 06:15 . 2009-03-08 11:31 348160 c:\windows\system32\dxtmsft.dll
+ 2010-02-25 04:13 . 2009-08-07 02:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2010-02-25 04:13 . 2009-08-07 02:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2006-11-16 04:56 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-11-16 04:56 . 2009-03-08 11:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2008-09-06 23:09 . 2009-03-08 11:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2006-11-16 04:56 . 2009-03-08 11:33 420352 c:\windows\system32\dllcache\vbscript.dll
- 2006-11-16 04:56 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2006-11-16 04:56 . 2009-03-08 11:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-08 01:20 . 2009-01-08 01:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2008-09-07 06:15 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-09-07 06:15 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-09-07 06:15 . 2009-03-08 11:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2008-09-07 06:15 . 2009-03-08 11:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2008-09-07 06:15 . 2007-08-14 02:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-09-07 06:06 . 2010-02-25 06:24 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-09-07 06:15 . 2009-03-08 11:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-09-06 23:10 . 2009-03-08 21:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-06-10 19:45 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-09-07 06:15 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-09-07 06:15 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-09-07 06:06 . 2009-03-08 11:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-09-07 06:15 . 2009-03-08 11:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2008-09-07 06:15 . 2009-03-08 11:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2008-09-07 06:15 . 2009-03-08 11:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-09-07 06:15 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-12-17 22:13 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-12-17 22:13 . 2010-03-11 12:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2008-09-07 06:15 . 2009-03-08 11:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-09-07 06:15 . 2009-03-08 11:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-09-07 06:15 . 2009-03-08 11:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2008-09-07 06:15 . 2009-03-08 11:32 128512 c:\windows\system32\advpack.dll
- 2010-02-10 01:28 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\ab0676fe50d78a2ee35a6cca883a9b02\update\updspapi.dll
- 2010-02-10 01:28 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\ab0676fe50d78a2ee35a6cca883a9b02\update\update.exe
- 2010-02-10 01:28 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\ab0676fe50d78a2ee35a6cca883a9b02\spuninst.exe
+ 2010-04-12 03:53 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980302-IE8\spuninst\updspapi.dll
+ 2010-04-12 03:53 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980302-IE8\spuninst\spuninst.exe
+ 2010-04-12 03:53 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-04-12 03:53 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-04-12 03:53 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-04-12 03:53 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-04-12 03:53 . 2009-03-08 11:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-04-12 03:53 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-04-12 03:53 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-04-12 03:53 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-04-12 03:53 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-04-12 03:53 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-04-12 03:52 . 2009-03-03 00:18 826368 c:\windows\ie8\wininet.dll
+ 2010-04-12 03:52 . 2007-08-14 02:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2010-04-12 03:52 . 2009-02-20 18:09 233472 c:\windows\ie8\webcheck.dll
+ 2010-04-12 03:52 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
+ 2010-04-12 03:52 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 105984 c:\windows\ie8\url.dll
+ 2010-04-12 03:52 . 2009-01-08 01:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-04-12 03:52 . 2009-01-08 01:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-04-12 03:52 . 2006-09-07 00:43 213216 c:\windows\ie8\spuninst.exe
+ 2010-04-12 03:52 . 2009-02-20 18:09 102912 c:\windows\ie8\occache.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 671232 c:\windows\ie8\mstime.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 193024 c:\windows\ie8\msrating.dll
+ 2010-04-12 03:52 . 2007-08-14 02:54 156160 c:\windows\ie8\msls31.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 477696 c:\windows\ie8\mshtmled.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 459264 c:\windows\ie8\msfeeds.dll
+ 2010-04-12 03:52 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2010-04-12 03:52 . 2009-02-28 04:54 636072 c:\windows\ie8\iexplore.exe
+ 2010-04-12 03:52 . 2007-08-14 02:54 180736 c:\windows\ie8\ieui.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 268288 c:\windows\ie8\iertutil.dll
+ 2010-04-12 03:52 . 2007-08-14 01:54 287744 c:\windows\ie8\ieproxy.dll
+ 2010-04-12 03:52 . 2007-08-14 02:54 191488 c:\windows\ie8\iepeers.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 385024 c:\windows\ie8\iedkcs32.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 383488 c:\windows\ie8\ieapfltr.dll
+ 2010-04-12 03:52 . 2009-02-20 05:14 161792 c:\windows\ie8\ieakui.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 230400 c:\windows\ie8\ieaksie.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 153088 c:\windows\ie8\ieakeng.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 214528 c:\windows\ie8\dxtrans.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 347136 c:\windows\ie8\dxtmsft.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 124928 c:\windows\ie8\advpack.dll
+ 2010-04-12 03:54 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB980182-IE7\spuninst\updspapi.dll
+ 2010-04-12 03:54 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB980182-IE7\spuninst\spuninst.exe
+ 2010-04-12 03:54 . 2009-02-20 18:09 133120 c:\windows\ie7updates\KB980182-IE7\extmgr.dll
+ 2010-02-25 04:13 . 2009-08-07 02:23 1929952 c:\windows\system32\wuaueng.dll
+ 2006-11-16 04:56 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2008-09-07 06:15 . 2010-02-25 06:24 5944832 c:\windows\system32\mshtml.dll
+ 2006-10-17 20:57 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2006-09-06 08:01 . 2009-02-07 04:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2010-02-25 04:13 . 2009-08-07 02:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2006-11-16 04:56 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-09-07 06:15 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\mshtml.dll
+ 2008-09-07 06:06 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2008-09-07 06:06 . 2009-02-07 04:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2010-02-02 16:30 . 2010-02-02 16:30 5527040 c:\windows\Installer\4598e.msp
+ 2009-10-28 04:34 . 2009-10-28 04:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2010-04-12 03:53 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-04-12 03:53 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-04-12 03:53 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 1160192 c:\windows\ie8\urlmon.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 3595264 c:\windows\ie8\mshtml.dll
+ 2010-04-12 03:52 . 2009-02-20 18:09 6066176 c:\windows\ie8\ieframe.dll
+ 2010-04-12 03:52 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
+ 2006-10-27 23:09 . 2010-02-25 18:54 11070976 c:\windows\system32\ieframe.dll
+ 2008-09-07 06:06 . 2010-02-25 18:54 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-12 03:53 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 05:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2006-01-30 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Macro Express 3.lnk]
backup=c:\windows\pss\Macro Express 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ronc^Start Menu^Programs^Startup^Update Notifier.lnk]
path=c:\documents and settings\ronc\Start Menu\Programs\Startup\Update Notifier.lnk
backup=c:\windows\pss\Update Notifier.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 23:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Uninstaller PRO Installation Monitor]
2008-09-03 16:48 920976 ----a-w- c:\program files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-05-14 03:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2009-09-27 07:32 83312 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 19:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-11 09:50 20992 ----a-w- c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
2005-09-19 01:40 1421824 ----a-w- c:\program files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-05-25 17:55 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PCProxy"=3 (0x3)
"N360"=2 (0x2)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"cmdAgent"=2 (0x2)
"SeaPort"=3 (0x3)
"NetTcpPortSharing"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"CachemanXPService"=3 (0x3)
"BootlogService"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"xmlprov"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"UPS"=3 (0x3)
"UPHClean"=2 (0x2)
"TrkWks"=2 (0x2)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SamSs"=2 (0x2)
"RasMan"=2 (0x2)
"RasAuto"=2 (0x2)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"Nla"=2 (0x2)
"Netman"=2 (0x2)
"Netlogon"=2 (0x2)
"MSIServer"=2 (0x2)
"Messenger"=2 (0x2)
"LmHosts"=2 (0x2)
"LanmanWorkstation"=2 (0x2)
"LanmanServer"=2 (0x2)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"gupdate1caba70678a18cc"=2 (0x2)
"getPlusHelper"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"EventSystem"=2 (0x2)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"Dhcp"=2 (0x2)
"CryptSvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"COMSysApp"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"ClipSrv"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AppMgmt"=2 (0x2)
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Iomega Drive Icons"=c:\program files\Iomega\DriveIcons\ImgIcon.exe
"Iomega Startup Options"=c:\program files\Iomega\Common\ImgStart.exe
"Realtime Audio Engine"=mmrtkrnl.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electric Rain\\Swift 3D\\Version 4.00\\Program\\Swift3D.exe"=
"c:\\Program Files\\Microsoft ASP.NET Web Matrix\\v0.6.812\\WebServer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\RssBandit\\RSSBandit.exe"=
"c:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"\\\\STREAMER\\STREAMER (F)\\GoodPrograms\\Exeem\\eXeem BETA 0.25\\client.dll"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6889:TCP"= 6889:TCP:6889
"49152:TCP"= 49152:TCP:BitComet 49152 TCP
"49152:UDP"= 49152:UDP:BitComet 49152 UDP

R0 CFRMD;CFRMD;c:\windows\System32\drivers\CFRMD.sys [x]
R2 nvtvSND;AOpen NVIDIA WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys [2002-06-27 14048]
R3 cpuz128;cpuz128;c:\docume~1\ronc\LOCALS~1\Temp\cpuz_x32.sys [x]
R3 hcdriver;EHCI;c:\windows\system32\Drivers\hcdriver.sys [2006-02-03 50432]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2004-02-16 571776]
R3 ProtoWall;ProtoWall Network Service;c:\windows\system32\DRIVERS\ProtoWall.sys [2004-08-12 22912]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
R4 BootlogService;BootlogService;c:\program files\Greatis\BootLog XP\BootLogService.exe [2009-12-04 65248]
R4 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [2009-01-11 355840]
R4 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-01 53248]
R4 gupdate1caba70678a18cc;Google Update Service (gupdate1caba70678a18cc);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 133104]
R4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
R4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S0 Fasttrak;Fasttrak;c:\windows\system32\drivers\Fasttrak.sys [2001-11-22 70528]
S1 Asapi;Asapi; [x]
S1 aswSP;aswSP; [x]
S1 kbfilter;Keyboard Filter Driver; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 PEG;PEG;c:\windows\system32\drivers\peg.sys [2009-09-10 8064]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2007-12-11 33792]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2007-06-25 18840]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 17:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-04-11 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 22:41]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 01:25]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 01:25]

2010-04-12 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-03-09 02:58]

2010-04-12 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-03-09 02:58]

2010-03-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-03-09 02:58]

2010-04-12 c:\windows\Tasks\User_Feed_Synchronization-{B8215452-FB01-444F-B86F-2AFAA437DB8D}.job
- c:\windows\system32\msfeedssync.exe [2008-09-07 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u0y4282u.default\
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.txt=
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 22:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys Fasttrak.sys >>UNKNOWN [0x8435F8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7718f28
\Driver\ACPI -> ACPI.sys @ 0xf766bcb8
\Driver\atapi -> atapi.sys @ 0xf75e7852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf74b0bb0
PacketIndicateHandler -> NDIS.sys @ 0xf74bda21
SendHandler -> NDIS.sys @ 0xf749b87b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|"|w*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||w*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9a,ac,d9,89,84,ec,51,9d,50,f3,8c,0a,35,fe,0f,b3,6a,46,54,50,a1,
84,a6,7a,06,dc,35,67,f2,7c,60,e7,5a,45,f1,ea,db,bf,0a,63,44,fe,ad,06,a2,62,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\ronc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\ronc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-04-11 22:33:23
ComboFix-quarantined-files.txt 2010-04-12 05:33
ComboFix2.txt 2010-04-10 19:57
ComboFix3.txt 2010-04-09 05:33

Pre-Run: 9,235,288,064 bytes free
Post-Run: 9,185,107,968 bytes free

- - End Of File - - 8B11F6F9212700825A8F7AAF4D22006A



Edited by Ron Cooper, 12 April 2010 - 11:28 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users