Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bamital.DX Trojan


  • This topic is locked This topic is locked
29 replies to this topic

#1 Jasetronaut

Jasetronaut

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 03 October 2010 - 06:11 AM

Hi,

NOD32 is picking up these two things, and I've had trouble removing them. Is anyone able to help me with removing this trojan?

Object:
C:\WINDOWS\system32\winlogon.exe
Threat:
win32/Bamital.DX trojan

Object:
C:\WINDOWS\system32\explorer.exe
Threat:
win32/Bamital.DX trojan



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 AM

Posted 09 October 2010 - 12:36 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Jasetronaut

Jasetronaut
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 09 October 2010 - 02:44 AM


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-05.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/09/2008 1:37:41 PM
System Uptime: 10/06/2010 5:17:25 PM (2904 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP45-DS3P
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 596 GiB total, 431.067 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial

==== System Restore Points ===================

RP1: 2/10/2010 11:31:22 PM - System Checkpoint
RP2: 4/10/2010 2:48:32 AM - System Checkpoint
RP3: 5/10/2010 3:02:23 AM - System Checkpoint
RP4: 5/10/2010 6:33:57 PM - Software Distribution Service 3.0
RP5: 6/10/2010 5:33:04 PM - Software Distribution Service 3.0
RP6: 7/10/2010 5:36:17 PM - System Checkpoint
RP7: 8/10/2010 5:38:02 PM - System Checkpoint
RP8: 9/10/2010 1:51:45 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.3.4 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Standard
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Digital Editions
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.6
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced SystemCare 3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
Aspell English Dictionary-0.50-2
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Display Driver
µTorrent
AutoUpdate
AviSynth 2.5
Bonjour
Canon Easy-WebPrint EX
Canon iP4500 series
Canon MP Navigator EX 1.0
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CanoScan 8800F
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Norwegian
CCC Help Spanish
CCC Help Swedish
CCleaner
CD-LabelPrint
ComicRack v0.9.128
Common-Use Signing Interface
Compatibility Pack for the 2007 Office system
Connect
Corel Painter X
Critical Update for Windows Media Player 11 (KB959772)
D-Link DSLs
Diagnostic Utility
DivX Converter
DivX Player
DivX Web Player
DriverAgent by eSupport.com
e-tax 2009
e-tax 2010
ECI Client v5.2
Energy Saver Advance B8.0520.1
ESET NOD32 Antivirus
Facebook Plug-In
FlashGet 1.9.6.1073
Game Booster
GNU Aspell 0.50-3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GTK+ Runtime 2.14.7 rev a (remove only)
Guild Wars
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iPodRobot iPod Video Converter 5.0.0
iTunes
Java Auto Updater
Java™ 6 Update 18
Java™ 6 Update 4
Java™ 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 5.8.3 (Standard)
kuler
LightScribe 1.4.89.1
Liveupdate4
Logitech Desktop Messenger
Logitech Print Service
Logitech Registration
Logitech SetPoint 6.1
Magic DVD Ripper V5.5.0
MagicTune Premium
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Journal Viewer
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.5)
MSI Afterburner 1.5.0
MSI Kombustor v1.0.0
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Natural Color Pro
nFLVPlayer
OGA Notifier 2.0.0048.0
Online Armor 4.0
Pando Media Booster
PDF Settings CS4
Pen Tablet
Photoshop Camera Raw
Picasa 3
Pidgin
Pixel Bender Toolkit
QuickTime
Rainlendar2 (remove only)
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skins
Skype™ 4.2
Smart Defrag
Sony Ericsson PC Suite 6.011.00
Sophos Anti-Rootkit 1.5.4
Star Wars: Knights of the Old Republic
Steam
Suite Shared Configuration CS4
The Elder Scrolls IV: Oblivion
Torchlight
Tropico 3 - Steam Special Edition
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB943729)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vampire - The Masquerade Bloodlines
VideoLAN VLC media player 0.8.6h
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp
Winamp Detector Plug-in
Winamp Remote
Windows Defender
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
WinRAR archiver
World of Warcraft
Xvid 1.1.3 final uninstall
Zune Desktop Theme

==== Event Viewer Messages From Past Week ========

6/10/2010 10:29:15 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
2/10/2010 12:37:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdir Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT OADevice OAmon OAnet PenClass RasAcd Rdbss Tcpip
2/10/2010 12:33:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/10/2010 11:47:33 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
2/10/2010 11:34:10 PM, error: Service Control Manager [7034] - The Sony Ericsson OMSI download service service terminated unexpectedly. It has done this 1 time(s).
2/10/2010 10:38:20 PM, error: SRService [104] - The System Restore initialization process failed.
2/10/2010 10:38:20 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
2/10/2010 10:24:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT OADevice OAmon OAnet PenClass RasAcd Rdbss Tcpip
2/10/2010 10:14:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd PenClass
2/10/2010 10:13:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/10/2010 10:11:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/10/2010 10:05:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT OADevice OAmon OAnet PenClass RasAcd Rdbss Tcpip
2/10/2010 10:05:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/10/2010 10:05:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/10/2010 10:05:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/10/2010 10:05:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/10/2010 10:05:51 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/10/2010 10:05:51 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/10/2010 10:05:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/10/2010 10:03:01 PM, error: Service Control Manager [7034] - The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


DDS (Ver_10-10-05.01) - NTFSx86
Run by Jay at 17:30:32.23 on Sat 09/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1352 [GMT 10:00]

AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.myheritage.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Rainlendar2] "c:\program files\rainlendar2\Rainlendar2.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254574203234
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tall emu\online armor\oaevent.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jay\applic~1\mozilla\firefox\profiles\so3wpbc8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\jay\application data\mozilla\firefox\profiles\so3wpbc8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\documents and settings\jay\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\jay\application data\mozilla\firefox\profiles\so3wpbc8.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common-use signing interface\bin\npCsiPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-4-6 226680]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-4-6 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-4-6 29560]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144]
R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2008-9-2 80392]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-6-14 10448]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-4-6 1284600]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-6-14 90112]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2010-6-14 22016]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-4-6 3360760]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-10-22 3032360]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-9-10 15144]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c4a75eebe8f8;Google Update Service (gupdate1c9c4a75eebe8f8);c:\program files\google\update\GoogleUpdate.exe [2009-4-24 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-14 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-6-14 23456]
S3 esihdrv;esihdrv;\??\c:\docume~1\jay\locals~1\temp\esihdrv.sys --> c:\docume~1\jay\locals~1\temp\esihdrv.sys [?]
S3 FLASHSYS;FLASHSYS;c:\program files\msi\live update 4\lu4\FlashSys.sys [2010-6-14 9216]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\198.tmp --> c:\windows\system32\198.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2010-6-14 29440]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2010-6-14 17536]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-6-14 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-6-14 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-6-14 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-6-14 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-6-14 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-6-14 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-6-14 115752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-10-09 07:29:15 0 ----a-w- c:\documents and settings\jay\defogger_reenable
2010-10-08 07:40:10 218 ----a-w- c:\documents and settings\jay\.recently-used.xbel
2010-10-02 13:33:08 -------- d-sha-r- C:\cmdcons
2010-10-02 13:31:23 98816 ----a-w- c:\windows\sed.exe
2010-10-02 13:31:23 77312 ----a-w- c:\windows\MBR.exe
2010-10-02 13:31:23 256512 ----a-w- c:\windows\PEV.exe
2010-10-02 13:31:23 161792 ----a-w- c:\windows\SWREG.exe
2010-10-02 13:30:44 -------- d-----w- C:\ComboFix
2010-10-02 12:43:45 -------- d-----w- c:\program files\Sophos
2010-10-02 12:30:19 -------- d-----w- c:\program files\ESET
2010-09-30 05:18:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\VOWSoft
2010-09-30 05:18:32 -------- d-----w- c:\program files\VOWSoft iPod Software
2010-09-26 10:43:13 -------- d-----w- c:\program files\Yahoo!
2010-09-26 10:43:06 -------- d-----w- c:\program files\CCleaner
2010-09-26 09:31:23 -------- d-----w- c:\docume~1\jay\applic~1\Malwarebytes
2010-09-26 09:31:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-26 09:31:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-26 09:31:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-26 09:31:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-12 04:55:52 -------- d-----w- c:\docume~1\jay\locals~1\applic~1\MagicSoftware
2010-09-12 04:55:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\MagicSoftware
2010-09-12 04:55:47 -------- d-----w- c:\program files\MagicDVDRipper
2010-09-12 04:47:40 -------- d-----w- c:\docume~1\jay\applic~1\Ashampoo
2010-09-12 04:37:00 -------- d-----w- c:\docume~1\jay\locals~1\applic~1\ashampoo
2010-09-12 04:37:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\ashampoo
2010-09-12 04:36:54 -------- d-----w- c:\program files\Ashampoo

==================== Find3M ====================

2010-10-06 07:20:11 16608 -c--a-w- c:\windows\gdrv.sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-09 19:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-09 19:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-30 10:49:35 52736 ----a-w- c:\windows\ipuninst.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 17:33:10.21 ===============

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>Drivers
==============================================
0xAC17C000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6287360 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xB9240000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 4808704 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1FC000 C:\WINDOWS\System32\ati3duag.dll 3506176 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF554000 C:\WINDOWS\System32\ativvaxx.dll 2097152 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA8EE4000 C:\WINDOWS\system32\DRIVERS\eamon.sys 684032 bytes (ESET, Amon monitor)
0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 638976 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF0FC000 C:\WINDOWS\System32\atikvmag.dll 626688 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB9E22000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xABAD9000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xABB54000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF195000 C:\WINDOWS\System32\atiok3x2.dll 421888 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xB90E3000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xABCC1000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8423000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xABBC4000 C:\WINDOWS\system32\drivers\OADriver.sys 303104 bytes (Tall Emu, OA Helper Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA860A000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xA7A5A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB91AB000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 217088 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB9141000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8686000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DF5000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x8AE89000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xABC0E000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9204000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xABC73000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xABC9B000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA88BB000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xACD5F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB91E0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9188000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xABC39000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEB000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xABD8C000 C:\WINDOWS\system32\DRIVERS\ehdrv.sys 126976 bytes (ESET, ESET Helper driver)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xACD83000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 110592 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xB9DDB000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xABC5B000 C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 98304 bytes (ESET, ESET Antivirus Network Redirector)
0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9171000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8A1F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB922C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xABD1A000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9EAF000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xA864D000 C:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xABEB6000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xACCA5000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA258000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xACD15000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA268000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xABEA6000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xABEE6000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA218000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA178000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xACCC5000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xABEF6000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA738C000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xACCD5000 C:\WINDOWS\system32\drivers\OAnet.sys 36864 bytes (Tall Emu Pty Ltd, OA Helper Driver)
0xACCB5000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3E8000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0xAC0D4000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xAC0CC000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xAC0FC000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xAC0F4000 C:\WINDOWS\system32\drivers\OAmon.sys 32768 bytes (Tall Emu, TDI Helper Driver)
0xAC0EC000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xAC0DC000 C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys 32768 bytes (Wacom Technology, Wacom HID Mouse Monitor Filter Driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xAC0E4000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA3F0000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA420000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA478000 C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys 24576 bytes (Realtek Semiconductor Corporation , Realtek NDIS Protocol Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3D0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA430000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA458000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xAC104000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA410000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA418000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA408000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAC0C4000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA5A0000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA594000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xACC4D000 C:\WINDOWS\system32\drivers\MTictwl.sys 16384 bytes (Samsung Electronics, Inc. , MagicTunePremium Driver)
0xA8ED4000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA56C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA79E3000 C:\WINDOWS\gdrv.sys 12288 bytes (Windows ® 2000 DDK provider, GIGABYTE Tools)
0xAC164000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA59C000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA57C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xACC49000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA64E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA64C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA650000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA652000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA60C000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA614000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA608000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0xBA60A000 C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7BC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7BF000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA758000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xBA767000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [s116mgmt.sys]
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
0x05760000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 102400 bytes
0x06500000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 102400 bytes
0x07BA0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 102400 bytes
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [s116mdm.sys]
WARNING: Virus alike driver modification [NdisIP.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [s116cr.sys]
0x03050000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 110592 bytes
WARNING: Virus alike driver modification [SLIP.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wacommousefilter.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [WacomVKHid.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
0x00D30000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x88FE8DA0 ] PID: 432, 118784 bytes
0x03B10000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 118784 bytes
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [tunmp.sys]
0x072F0000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 1232896 bytes
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [s116cm.sys]
WARNING: Virus alike driver modification [s116cmnt.sys]
WARNING: Virus alike driver modification [s116wh.sys]
WARNING: Virus alike driver modification [s116whnt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [fltMgr.sys]
WARNING: Virus alike driver modification [MTiCtwl.sys]
WARNING: Virus alike driver modification [wacomvhid.sys]
WARNING: Virus alike driver modification [afd.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [usbport.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [s116mdfl.sys]
WARNING: Virus alike driver modification [wacmoumonitor.sys]
0x04D40000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 151552 bytes
WARNING: Virus alike driver modification [StreamIP.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
0x07A20000 Hidden Image-->CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 159744 bytes
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [CCDECODE.sys]
WARNING: Virus alike driver modification [kmixer.sys]
0x895A9F53 Unknown page with executable code, 173 bytes
0x06790000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 1748992 bytes
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [mrxdav.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [acpi.sys]
0x06230000 Hidden Image-->Branding.dll [ EPROCESS 0x8935CDA0 ] PID: 3616, 1896448 bytes
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [WSTCODEC.SYS]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [usbuhci.sys]
WARNING: Virus alike driver modification [ipinip.sys]
0x07A50000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 208896 bytes
WARNING: Virus alike driver modification [tsbvcap.sys]
0x06540000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 217088 bytes
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [s116nd5.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [USBSTOR.SYS]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [fdc.sys]
0x07B50000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 282624 bytes
0x03400000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x88FE8DA0 ] PID: 432, 28672 bytes
0x00E40000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x88FE8DA0 ] PID: 432, 28672 bytes
0x03040000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x03070000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x03BE0000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x040D0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x04340000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x04220000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x04360000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x04480000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x044B0000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x04590000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x045A0000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x04D80000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x04F30000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x04E00000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x04F10000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x051E0000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x05230000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x05270000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x05260000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x05280000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x05330000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x052F0000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x05390000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x053B0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x055E0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x05600000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x056B0000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x057C0000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x057D0000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x05930000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x05E50000 Hidden Image-->atixclib.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x06030000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
0x06040000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 28672 bytes
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [wdfldr.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [intelppm.sys]
0x07890000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 364544 bytes
WARNING: Virus alike driver modification [crusoe.sys]
0x03A50000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x88FE8DA0 ] PID: 432, 36864 bytes
0x03BC0000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 36864 bytes
0x03B60000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 36864 bytes
0x03DC0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 36864 bytes
0x040B0000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 36864 bytes
0x052C0000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 36864 bytes
0x053F0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 36864 bytes
0x05420000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 36864 bytes
0x055A0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 36864 bytes
0x057F0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 36864 bytes
0x05FE0000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 36864 bytes
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [isapnp.sys]
0x04CE0000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 372736 bytes
0x06F40000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 372736 bytes
0x077C0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 372736 bytes
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [update.sys]
WARNING: Virus alike driver modification [nmnt.sys]
0x07820000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 405504 bytes
WARNING: Virus alike driver modification [ndproxy.sys]
0x05C60000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 413696 bytes
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [imapi.sys]
0x05DD0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 421888 bytes
0x07A90000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 421888 bytes
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [wmilib.sys]
0x89635E44 Unknown page with executable code, 444 bytes
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [PxHelp20.sys]
0x00DC0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x88FE8DA0 ] PID: 432, 45056 bytes
0x010A0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x88FE8DA0 ] PID: 432, 45056 bytes
0x03A40000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x88FE8DA0 ] PID: 432, 45056 bytes
0x030B0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 45056 bytes
0x03010000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 45056 bytes
0x03030000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 45056 bytes
0x03BF0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 45056 bytes
0x05360000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 45056 bytes
0x053A0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 45056 bytes
0x05590000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 45056 bytes
0x044D0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x8935CDA0 ] PID: 3616, 454656 bytes
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [wdf01000.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [MSPQM.sys]
0x05940000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 503808 bytes
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [DMusic.sys]
0x052B0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
0x03B90000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
0x03BB0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
0x03DA0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
0x04080000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
0x04470000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
0x05240000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
0x053C0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
0x05410000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
0x05550000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
0x05910000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
0x059C0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
0x065C0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 53248 bytes
WARNING: Virus alike driver modification [1394bus.sys]
WARNING: Virus alike driver modification [MSTEE.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [swmidi.sys]
0x059D0000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 569344 bytes
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
0x07DE0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 585728 bytes
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [usbhub.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [USBAUDIO.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
0x05560000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 61440 bytes
0x055D0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 61440 bytes
WARNING: Virus alike driver modification [ohci1394.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [enum1394.sys]
0x07BC0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 643072 bytes
0x08010000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 651264 bytes
0x060D0000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 659456 bytes
WARNING: Virus alike driver modification [udfs.sys]
0x8963DD66 Unknown page with executable code, 666 bytes
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [psched.sys]
0x03B70000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 69632 bytes
0x03B40000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 69632 bytes
0x051C0000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 69632 bytes
0x055B0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 69632 bytes
0x05670000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 69632 bytes
0x056F0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 69632 bytes
0x057A0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 69632 bytes
0x07050000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 700416 bytes
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [MSKSSRV.sys]
0x07D20000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 757760 bytes
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [mcd.sys]
0x00DD0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x88FE8DA0 ] PID: 432, 77824 bytes
0x03080000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 77824 bytes
0x03D20000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x8935CDA0 ] PID: 3616, 77824 bytes
0x05290000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 77824 bytes
0x05340000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 77824 bytes
0x056D0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 77824 bytes
WARNING: Virus alike driver modification [LMouKE.Sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
0x07F40000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 831488 bytes
WARNING: Virus alike driver modification [s116bus.sys]
WARNING: Virus alike driver modification [NABTSFEC.sys]
0x05300000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 86016 bytes
0x05610000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 86016 bytes
0x06060000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x8935CDA0 ] PID: 3616, 86016 bytes
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [cdr4_xp.sys]
WARNING: Virus alike driver modification [cdralw2k.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [atapi.sys]
WARNING: Virus alike driver modification [s116obex.sys]
WARNING: Virus alike driver modification [s116unic.sys]




#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 AM

Posted 09 October 2010 - 03:00 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"
    In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Jasetronaut

Jasetronaut
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 09 October 2010 - 03:33 AM

ComboFix 10-10-08.01 - Jay 09/10/2010 18:12:30.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1443 [GMT 10:00]
Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hpe317.dll

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))))
.

2010-10-09 07:19 . 2010-10-09 07:19 2157 ----a-w- c:\documents and settings\Jay\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-10-09 05:03 . 2010-10-09 05:03 2095 ----a-w- c:\documents and settings\Jay\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2010-10-02 12:43 . 2010-10-02 12:43 -------- d-----w- c:\program files\Sophos
2010-10-02 12:30 . 2010-10-02 12:30 -------- d-----w- c:\program files\ESET
2010-09-30 11:41 . 2010-09-30 11:41 2145 ----a-w- c:\documents and settings\Jay\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2010-09-30 05:18 . 2010-09-30 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\VOWSoft
2010-09-30 05:18 . 2010-09-30 05:18 -------- d-----w- c:\program files\VOWSoft iPod Software
2010-09-26 10:43 . 2010-09-26 10:43 -------- d-----w- c:\documents and settings\Jay\Application Data\Yahoo!
2010-09-26 10:43 . 2010-09-26 11:07 -------- d-----w- c:\program files\Yahoo!
2010-09-26 10:43 . 2010-09-26 10:43 -------- d-----w- c:\program files\CCleaner
2010-09-26 09:31 . 2010-09-26 09:31 -------- d-----w- c:\documents and settings\Jay\Application Data\Malwarebytes
2010-09-26 09:31 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-26 09:31 . 2010-09-26 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-26 09:31 . 2010-09-26 09:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-26 09:31 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.3\ARM\938\AdobeARM.exe
2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.3\ARM\938\AdobeExtractFiles.dll
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.3\ARM\938\ReaderUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.3\ARM\938\AcrobatUpdater.exe
2010-09-20 01:21 . 2010-09-20 01:21 2165 ----a-w- c:\documents and settings\Jay\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2010-09-12 04:55 . 2010-09-12 04:55 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\MagicSoftware
2010-09-12 04:55 . 2010-09-12 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\MagicSoftware
2010-09-12 04:55 . 2010-09-12 04:55 -------- d-----w- c:\program files\MagicDVDRipper
2010-09-12 04:47 . 2010-09-12 04:47 -------- d-----w- c:\documents and settings\Jay\Application Data\Ashampoo
2010-09-12 04:37 . 2010-09-12 04:37 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\ashampoo
2010-09-12 04:37 . 2010-09-12 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-09-12 04:36 . 2010-09-12 04:36 -------- d-----w- c:\program files\Ashampoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 07:30 . 2010-05-16 01:27 -------- d-----w- c:\documents and settings\Jay\Application Data\.purple
2010-10-07 06:11 . 2008-10-22 14:46 -------- d-----w- c:\documents and settings\Jay\Application Data\gtk-2.0
2010-10-06 23:06 . 2009-09-14 00:06 -------- d-----w- c:\program files\World of Warcraft
2010-10-06 11:22 . 2009-02-12 11:09 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-10-06 07:20 . 2008-09-02 03:48 16608 -c--a-w- c:\windows\gdrv.sys
2010-10-05 04:54 . 2009-12-23 11:37 -------- d-----w- c:\program files\Steam
2010-10-04 11:45 . 2010-06-10 03:04 -------- d-----w- c:\documents and settings\Jay\Application Data\Skype
2010-10-04 06:02 . 2008-09-02 08:00 -------- d-----w- c:\documents and settings\Jay\Application Data\skypePM
2010-10-03 10:44 . 2008-09-03 06:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-02 13:47 . 2008-10-22 06:17 -------- d-----w- c:\documents and settings\Jay\Application Data\WTablet
2010-10-02 12:30 . 2008-09-04 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-10-02 12:27 . 2008-10-23 00:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-10-02 12:12 . 2010-04-06 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-29 23:41 . 2008-10-21 13:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-28 02:19 . 2008-09-02 07:38 -------- d-----w- c:\documents and settings\Jay\Application Data\uTorrent
2010-09-27 13:30 . 2008-10-23 10:12 -------- d-----w- c:\program files\FlashGet
2010-09-26 15:48 . 2008-09-03 03:43 -------- d-----w- c:\program files\Google
2010-09-26 11:07 . 2008-09-02 03:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-26 11:03 . 2010-08-08 05:52 -------- d-----w- c:\program files\Handbrake
2010-09-26 11:00 . 2010-09-03 03:05 -------- d-----w- c:\program files\City of Heroes
2010-09-26 10:58 . 2010-07-09 03:28 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-09-26 10:58 . 2010-07-09 03:27 -------- d-----w- c:\program files\ArcSoft
2010-09-26 10:29 . 2010-08-16 11:25 -------- d-----w- c:\documents and settings\Jay\Application Data\251194815B6086F231527487C167770E
2010-09-16 09:44 . 2008-09-02 12:21 -------- d-----w- c:\program files\Xvid
2010-09-16 09:44 . 2008-09-02 07:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-16 09:44 . 2010-07-02 01:52 -------- d-----w- c:\program files\ECIClientV5
2010-09-16 09:44 . 2010-04-21 13:00 -------- d-----w- c:\program files\Common-Use Signing Interface
2010-09-16 09:37 . 2008-09-02 04:15 -------- d-----w- c:\program files\MagicTune Premium
2010-09-16 09:37 . 2008-09-17 00:00 -------- d-----w- c:\program files\LimeWire
2010-09-16 09:37 . 2010-04-11 02:49 -------- d-----w- c:\program files\Winamp Remote
2010-09-16 09:37 . 2010-09-08 11:48 -------- d-----w- c:\program files\QuickTime
2010-09-16 09:37 . 2010-05-04 03:32 -------- d-----w- c:\program files\Microsoft Works
2010-09-16 09:37 . 2008-09-02 12:04 -------- d-----w- c:\program files\DivX
2010-09-08 21:56 . 2009-10-04 00:54 43956 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-08 11:52 . 2010-09-08 11:51 -------- d-----w- c:\program files\iTunes
2010-09-08 11:51 . 2010-09-08 11:51 -------- d-----w- c:\program files\iPod
2010-09-08 11:51 . 2008-09-02 05:42 -------- d-----w- c:\program files\Common Files\Apple
2010-09-08 11:44 . 2010-09-08 11:44 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-03 06:23 . 2008-09-02 05:10 -------- d-----w- c:\program files\Guild Wars
2010-08-31 05:59 . 2010-08-31 05:59 -------- d-----w- c:\program files\Common Files\Skype
2010-08-30 10:28 . 2010-08-30 10:28 -------- d-----w- c:\documents and settings\Jay\Application Data\HandBrake
2010-08-22 23:58 . 2010-07-26 04:30 -------- d-----w- c:\program files\Mozilla Sunbird
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 11:30 . 2008-09-02 04:04 50656 -c--a-w- c:\documents and settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-04 01:50 . 2010-08-04 01:50 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-08-03 03:28 . 2010-08-03 03:28 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-07-30 10:49 . 2010-07-30 10:49 52736 ----a-w- c:\windows\ipuninst.exe
2010-07-29 03:31 . 2010-07-29 03:31 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-07-28 10:15 . 2008-10-23 10:14 188152 -c--a-w- c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\FlashGot.exe
2010-07-22 15:49 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-14 22:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 2B0B8B1C3793ECE69056835B829392F6 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . F1187D2E6A63E2FE1874525D1BBDFB05 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-02_13.36.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-08-01 07:49 . 2010-08-01 07:49 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
+ 2010-10-06 07:39 . 2010-10-06 07:39 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
+ 2010-10-06 07:20 . 2010-10-06 07:20 16384 c:\windows\Temp\Perflib_Perfdata_844.dat
+ 2010-10-06 07:20 . 2010-10-06 07:20 16384 c:\windows\Temp\Perflib_Perfdata_644.dat
+ 2008-04-14 12:00 . 2010-10-06 07:39 92678 c:\windows\system32\perfc009.dat
- 2010-03-22 19:31 . 2010-03-22 19:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-21 23:43 . 2010-09-21 23:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-23 05:55 . 2010-09-23 05:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-04-01 01:42 . 2010-04-01 01:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-03-31 04:51 . 2010-03-31 04:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-22 16:26 . 2010-09-22 16:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-03-31 04:51 . 2010-03-31 04:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-22 16:26 . 2010-09-22 16:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-22 16:26 . 2010-09-22 16:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-03-31 04:51 . 2010-03-31 04:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-03-31 05:32 . 2010-03-31 05:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-22 17:17 . 2010-09-22 17:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-22 17:17 . 2010-09-22 17:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-03-31 05:32 . 2010-03-31 05:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2010-10-06 07:39 . 2010-10-06 07:39 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2010-10-06 07:39 . 2010-10-06 07:39 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2010-10-06 07:33 . 2010-10-06 07:33 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_fa3239d6\System.Drawing.Design.dll
+ 2010-10-06 07:33 . 2010-10-06 07:33 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_3f7eccd3\CustomMarshalers.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 54784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\e48a365b852cd9526f374a59ae05b14a\System.Xaml.Hosting.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\392550d6e95ad09fb9322d9455aec8db\System.Web.DynamicData.Design.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-06 07:37 . 2010-10-06 07:37 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-09 17:08 . 2010-06-09 17:08 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-06 07:33 . 2010-10-06 07:33 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-10-06 07:37 . 2010-10-06 07:37 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-08-11 07:43 . 2010-08-11 07:43 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-14 12:00 . 2010-10-06 07:39 516708 c:\windows\system32\perfh009.dat
+ 2010-09-21 23:43 . 2010-09-21 23:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-22 19:31 . 2010-03-22 19:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-31 04:51 . 2010-03-31 04:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-22 16:26 . 2010-09-22 16:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 04:49 . 2010-03-31 04:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-22 16:25 . 2010-09-22 16:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-03-31 05:32 . 2010-03-31 05:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-22 17:17 . 2010-09-22 17:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-09-23 11:02 . 2010-09-23 11:02 798208 c:\windows\Installer\d8fd3.msp
+ 2010-10-06 07:34 . 2010-10-06 07:34 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7cac325f\System.Drawing.dll
+ 2010-10-06 07:34 . 2010-10-06 07:34 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_2889e25d\System.Drawing.Design.dll
+ 2010-10-06 07:34 . 2010-10-06 07:34 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_d5f6be9f\CustomMarshalers.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 858112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\5a92089db9cf7d6719e17901faccac62\System.Web.Extensions.Design.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 332288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\c97c50687367c59e2a079256db3f3fe0\System.Web.Entity.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 296448 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\176672e0493bf60c3f734c993a07bb16\System.Web.Entity.Design.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 705536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\95b2dbd5420314afcae0ebf2017c817e\System.Web.DynamicData.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 256512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\38841365902dc452c19f164174cf0b59\System.Web.DataVisualization.Design.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 421888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3ab33bf00cf828230466368599d7dc41\System.ServiceModel.Activation.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 767488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\423d873fc534c5a104683990f4644bfe\System.Runtime.Remoting.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 499712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\968743c11e050cfdeadad7846203ff59\System.Data.Services.Design.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 471040 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\5801d526748d91c3b3ea51578a3dc7f4\ComSvcConfig.ni.exe
+ 2010-10-06 07:44 . 2010-10-06 07:44 842752 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\cb88fc7083c5681f13db38fed0833824\AspNetMMCExt.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\f39d526b39e8928e719d9ce8a971383e\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0916f4cf87dafdf941b66056dd0e005\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa7ddbdf38e8a7129fb0befd951897f5\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7619247d1c0a0779042423940f5f93de\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-10-06 07:43 . 2010-10-06 07:43 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-06 07:37 . 2010-10-06 07:37 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-06 07:37 . 2010-10-06 07:37 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-06 07:37 . 2010-10-06 07:37 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-06 07:37 . 2010-10-06 07:37 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-10-06 07:37 . 2010-10-06 07:37 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-03-18 06:47 . 2010-03-18 06:47 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
+ 2010-09-21 19:55 . 2010-09-21 19:55 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
+ 2010-09-21 19:55 . 2010-09-21 19:55 5176144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll
- 2010-03-22 19:32 . 2010-03-22 19:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-21 23:44 . 2010-09-21 23:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-04-01 01:42 . 2010-04-01 01:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 05:55 . 2010-09-23 05:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-04-01 01:42 . 2010-04-01 01:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 05:55 . 2010-09-23 05:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-03-31 04:50 . 2010-03-31 04:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-22 16:26 . 2010-09-22 16:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-22 16:25 . 2010-09-22 16:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2010-04-01 01:42 . 2010-04-01 01:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-23 05:55 . 2010-09-23 05:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
- 2010-08-01 07:49 . 2010-08-01 07:49 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2010-10-06 07:39 . 2010-10-06 07:39 5176144 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-09-22 05:02 . 2010-09-22 05:02 4076032 c:\windows\Installer\d8fdb.msp
+ 2010-09-22 21:39 . 2010-09-22 21:39 4265472 c:\windows\Installer\d8fcc.msp
+ 2010-10-03 10:48 . 2010-10-03 10:48 3568640 c:\windows\Installer\47da8f9.msi
+ 2010-10-03 10:47 . 2010-10-03 10:47 3095552 c:\windows\Installer\47da8f2.msi
+ 2010-10-03 10:47 . 2010-10-03 10:47 3521536 c:\windows\Installer\47da8eb.msi
+ 2010-10-03 10:46 . 2010-10-03 10:46 4038656 c:\windows\Installer\47da8e5.msi
+ 2010-10-03 10:46 . 2010-10-03 10:46 3079168 c:\windows\Installer\47da8df.msi
+ 2010-10-03 10:46 . 2010-10-03 10:46 3078656 c:\windows\Installer\47da8d9.msi
+ 2010-10-03 10:45 . 2010-10-03 10:45 3346432 c:\windows\Installer\47da8d3.msi
+ 2010-10-03 10:44 . 2010-10-03 10:44 3084288 c:\windows\Installer\47da8cd.msi
+ 2010-10-03 10:44 . 2010-10-03 10:44 3211776 c:\windows\Installer\47da8c7.msi
+ 2010-10-03 10:42 . 2010-10-03 10:42 3180544 c:\windows\Installer\47da8c2.msi
+ 2010-10-06 07:34 . 2010-10-06 07:34 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_83bd883f\System.dll
+ 2010-10-06 07:33 . 2010-10-06 07:33 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_823bb1be\System.dll
+ 2010-10-06 07:34 . 2010-10-06 07:34 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_61dbcfa6\System.Xml.dll
+ 2010-10-06 07:33 . 2010-10-06 07:33 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_435a4516\System.Xml.dll
+ 2010-10-06 07:33 . 2010-10-06 07:33 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4925162b\System.Windows.Forms.dll
+ 2010-10-06 07:34 . 2010-10-06 07:34 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_2a9518c5\System.Windows.Forms.dll
+ 2010-10-06 07:34 . 2010-10-06 07:34 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b0cdcf18\System.Drawing.dll
+ 2010-10-06 07:34 . 2010-10-06 07:34 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ee8bd873\System.Design.dll
+ 2010-10-06 07:34 . 2010-10-06 07:34 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c243ebf9\System.Design.dll
+ 2010-10-06 07:34 . 2010-10-06 07:34 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_aa131c07\mscorlib.dll
+ 2010-10-06 07:34 . 2010-10-06 07:34 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_132e0ff9\mscorlib.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 1203712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\7eb7c9925325af5ff8efe701816ce21b\System.WorkflowServices.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 1956352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\e6a8093075513417293fa9c0cb0d3f15\System.Workflow.Runtime.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 2839552 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\d6754ff376c584b0b3f1a9ebff584d88\System.Workflow.Activities.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 1864704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\6e204cb5a071f46729950d05a3b2a156\System.Web.Services.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 2324992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\6723ea07781fc48d355011d3abb84926\System.Web.Mobile.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 3079168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\43d80c564ad9e44d1e85f571660eeaef\System.Web.Extensions.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 4429312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\bdd7213eb34d213d5ec4b5a15d090164\System.Web.DataVisualization.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 1046528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\efc766cd735063418f2b3bb68aea5000\System.ServiceModel.Web.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 2008576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\f9b19f1b5459ba4f1e168ea880c02ac2\System.Data.Services.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 1398272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\a5771fc17441b1037cd89e35d041e4d8\System.Data.Entity.Design.ni.dll
+ 2010-10-06 07:45 . 2010-10-06 07:45 1133056 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0da7e3dd322077d58c6e20b1dc44cd2c\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d13674449b3ae21327820bddbd7e445f\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b0a15b4d745ba295fc0adb6d1a14b4e\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-10-06 07:43 . 2010-10-06 07:43 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-10-06 07:37 . 2010-10-06 07:37 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-10-06 07:37 . 2010-10-06 07:37 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-06 07:38 . 2010-10-06 07:38 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-02-04 06:33 . 2009-02-04 06:33 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-08-11 07:43 . 2010-08-11 07:43 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-06 07:35 . 2010-10-06 07:35 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-06 07:37 . 2010-10-06 07:37 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-08-11 07:44 . 2010-08-11 07:44 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-06 07:36 . 2010-10-06 07:36 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-06 07:33 . 2010-10-06 07:33 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-06-09 17:08 . 2010-06-09 17:08 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-10-06 07:33 . 2010-10-06 07:33 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-09 17:08 . 2010-06-09 17:08 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-09-24 04:08 . 2010-09-24 04:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-09-23 21:08 . 2010-09-23 21:08 17518080 c:\windows\Installer\d8fc3.msp
+ 2010-10-06 07:45 . 2010-10-06 07:45 11917312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\14142c920eb5f6ee161521d15f01c71b\System.Web.ni.dll
+ 2010-10-06 07:40 . 2010-10-06 07:40 10847744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\02afab1644fc00dc886dbcc4aa0fef1b\System.Design.ni.dll
+ 2010-10-06 07:44 . 2010-10-06 07:44 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-10-06 07:43 . 2010-10-06 07:43 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll
+ 2010-10-06 07:40 . 2010-10-06 07:40 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-03-12 6658552]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-14 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-09 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-08-31 421160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Tall Emu\Online Armor\oaevent.dll" [2010-03-12 925688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows\pss\NCProTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^VirtualExpander.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\VirtualExpander.lnk
backup=c:\windows\pss\VirtualExpander.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 15:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 05:10 2349776 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-03 15:43 767312 -c--a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-08-31 22:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 02:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-09 19:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-24 23:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-14 11:25 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-02 07:17 1242448 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 01:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"updater.exe"= c:\windows\updater.exe
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\tropico 3\\tropico3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56573:TCP"= 56573:TCP:Pando Media Booster
"56573:UDP"= 56573:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"57814:TCP"= 57814:TCP:Pando Media Booster
"57814:UDP"= 57814:UDP:Pando Media Booster

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/07/2010 1:31 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/08/2010 1:28 PM 95896]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [6/04/2010 9:15 PM 226680]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [6/04/2010 9:15 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [6/04/2010 9:15 PM 29560]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/08/2010 2:16 PM 810144]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2/09/2008 1:49 PM 80392]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [14/06/2010 5:12 PM 10448]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [6/04/2010 9:15 PM 1284600]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [14/06/2010 5:30 PM 22016]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [22/10/2008 4:16 PM 3032360]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [10/09/2008 11:57 AM 15144]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate1c9c4a75eebe8f8;Google Update Service (gupdate1c9c4a75eebe8f8);c:\program files\Google\Update\GoogleUpdate.exe [24/04/2009 4:39 PM 133104]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [14/06/2010 5:04 PM 90112]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [6/04/2010 9:15 PM 3360760]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 5:46 AM 288112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14/06/2010 5:32 PM 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [14/06/2010 3:25 PM 23456]
S3 esihdrv;esihdrv;\??\c:\docume~1\Jay\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Jay\LOCALS~1\Temp\esihdrv.sys [?]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [14/06/2010 5:42 PM 9216]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\198.tmp --> c:\windows\system32\198.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [14/06/2010 5:30 PM 29440]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [14/06/2010 5:30 PM 17536]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [14/06/2010 5:04 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [14/06/2010 5:04 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [14/06/2010 5:04 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [14/06/2010 5:04 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [14/06/2010 5:04 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [14/06/2010 5:04 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [14/06/2010 5:04 PM 115752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/12/2008 4:24 PM 717296]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*Deregistered* - Normandy
.
Contents of the 'Scheduled Tasks' folder

2010-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2010-10-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 01:54]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 06:39]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 06:39]

2010-10-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.myheritage.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\documents and settings\Jay\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.txt=
.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\198.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2010-10-09 18:30:10
ComboFix-quarantined-files.txt 2010-10-09 08:30
ComboFix2.txt 2010-10-02 13:39

Pre-Run: 463,165,636,608 bytes free
Post-Run: 463,207,710,720 bytes free

- - End Of File - - DAAFB8FAEC1870E34899F31F6E803E6B


Hi,

Nod32 Is still picking up the trojan unfortunately.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 AM

Posted 09 October 2010 - 03:39 AM

Hello

Do you have access to another XP pro computer?

Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
      /md5start
      explorer.exe
      winlogon.exe
      /md5stop
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time,


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Jasetronaut

Jasetronaut
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 09 October 2010 - 03:56 AM

Hi,

No I don't have access to another XP pro computer.


OTL logfile created on: 9/10/2010 6:50:12 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 431.85 Gb Free Space | 72.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZANTETSU
Current User Name: Jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/09 18:47:47 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/08/12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/05/19 06:41:50 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/05/06 19:32:28 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/03/18 17:37:49 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/13 06:10:20 | 003,064,824 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2010/03/13 06:10:16 | 006,658,552 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2010/03/13 06:10:16 | 003,360,760 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2010/03/13 06:10:16 | 001,284,600 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/08/24 22:01:56 | 004,067,328 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/05/01 15:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008/05/01 15:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/03 17:17:28 | 002,473,984 | ---- | M] (SEC) -- C:\Program Files\MagicTune Premium\MagicTune.exe
PRC - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2010/10/09 18:47:47 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.exe
MOD - [2010/03/13 06:10:20 | 000,948,728 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2008/04/14 22:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/14 22:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/14 22:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 22:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 22:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/05/06 19:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/13 06:10:16 | 003,360,760 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/03/13 06:10:16 | 001,284,600 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/01/15 11:14:01 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2009/09/30 18:56:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/05/01 15:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\penclass.sys -- (PenClass)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\198.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jay\LOCALS~1\Temp\esihdrv.sys -- (esihdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jay\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2010/10/09 18:41:52 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/08/04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/08/03 13:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/06/14 15:25:57 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/04/30 18:56:24 | 006,032,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/22 18:30:22 | 000,222,672 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/03/18 19:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 19:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 19:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/03/13 05:39:10 | 000,024,440 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/03/13 05:38:58 | 000,029,560 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/03/13 05:38:54 | 000,226,680 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2010/01/15 11:10:14 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2009/11/18 09:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 09:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/12 12:10:54 | 000,029,440 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2009/09/14 22:48:30 | 004,477,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/19 08:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/05/08 08:02:52 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/05/08 08:02:51 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/02/16 19:35:06 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2008/12/15 16:40:13 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/09 16:11:34 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/04/14 22:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 22:00:00 | 000,064,512 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/14 22:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/17 13:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/01/15 12:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/12/14 09:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2007/11/29 12:46:08 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2007/11/29 12:46:08 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2007/04/04 12:43:38 | 000,098,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)
DRV - [2007/04/04 12:43:36 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716obex.sys -- (s716obex)
DRV - [2007/04/04 12:43:36 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)
DRV - [2007/04/04 12:43:34 | 000,108,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdm.sys -- (s716mdm)
DRV - [2007/04/04 12:43:34 | 000,100,360 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/04 12:43:32 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdfl.sys -- (s716mdfl)
DRV - [2007/04/04 12:43:20 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)
DRV - [2007/04/03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.28
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..keyword.URL: "http://radiobar.toolbarhome.com/search.aspx?srch=ku&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 21:48:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/11 10:56:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/10/02 22:30:20 | 000,000,000 | ---D | M]

[2010/07/26 14:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Extensions
[2010/07/26 14:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/09 15:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions
[2009/11/03 17:27:44 | 000,000,000 | ---D | M] (ANTHEM) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2010/04/11 12:49:28 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/07/22 19:13:11 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/05/14 07:12:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/03 16:51:17 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2010/06/14 16:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\DeviceDetection@logitech.com
[2009/02/22 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\notebook@google.com
[2010/07/26 15:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Sunbird\Profiles\jy7y1fd7.default\extensions
[2010/07/28 20:13:24 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\searchplugins\web-search.xml
[2010/04/11 15:50:02 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\searchplugins\winamp-search.xml
[2009/02/21 09:05:39 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\searchplugins\yahoo.gif
[2009/02/21 09:05:39 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\searchplugins\yahoo.src
[2009/02/21 09:05:38 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\searchplugins\yahoo.xml
[2010/10/09 15:26:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/14 08:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/03/13 13:13:31 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/13 13:13:31 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/13 13:13:31 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/14 19:05:24 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml
[2010/03/13 13:13:31 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/09 18:25:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1254574203234 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/01 12:17:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/09 18:47:35 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.exe
[2010/10/09 18:09:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/02 23:33:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/02 23:31:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/02 23:31:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/02 23:31:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/02 23:31:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/02 22:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/10/02 22:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/02 22:21:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jay\Recent
[2010/10/02 12:42:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/02 12:34:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/30 15:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VOWSoft
[2010/09/30 15:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\VOWSoft iPod Software
[2010/09/27 11:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Lists
[2010/09/27 11:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Money
[2010/09/27 11:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Health
[2010/09/27 11:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Styling + Grooming
[2010/09/27 11:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Job Stuff
[2010/09/27 11:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\University
[2010/09/27 11:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\E-Books
[2010/09/27 11:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Customisation
[2010/09/26 20:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Yahoo!
[2010/09/26 20:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/09/26 20:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/26 19:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Malwarebytes
[2010/09/26 19:31:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/26 19:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/26 19:31:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/26 19:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/12 14:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\MagicSoftware
[2010/09/12 14:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2010/09/12 14:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDVDRipper
[2010/09/12 14:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Ashampoo
[2010/09/12 14:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\ashampoo
[2010/09/12 14:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/09/12 14:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2010/09/08 21:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/08 21:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/08 21:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/03 13:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\City of Heroes
[2010/08/31 15:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/30 20:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\HandBrake
[2010/08/30 20:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\HandBrake
[2010/08/16 21:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\ooqquddcd
[2010/08/16 21:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\251194815B6086F231527487C167770E
[2010/08/14 15:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Vegetarian Stuff
[2010/08/13 23:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\Oblivion
[2010/08/13 23:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\My Games
[2010/08/10 10:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\runic games
[2010/08/08 15:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010/08/07 16:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/08/05 23:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\GamepotUSA
[2010/08/04 11:50:36 | 000,140,752 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/08/03 18:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2010/08/03 13:28:36 | 000,095,896 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2010/08/02 18:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\cYo
[2010/08/02 18:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\cYo
[2010/08/01 17:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\ComicRack
[2010/08/01 17:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/30 20:49:35 | 000,052,736 | ---- | C] (Interplay Productions) -- C:\WINDOWS\ipuninst.exe
[2010/07/30 20:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\BlackIsle
[2010/07/29 13:31:26 | 000,115,008 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/07/26 15:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Talkback
[2010/07/26 14:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\Thunderbird
[2010/07/26 14:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Thunderbird
[2010/07/26 14:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2010/07/26 14:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Sunbird
[2010/07/26 14:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\CBS Interactive
[2010/07/26 12:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Taxation
[2010/07/26 12:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Titan Backup
[2010/07/26 12:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/07/26 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\AVGTOOLBAR
[2010/07/16 17:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\ArcSoft
[2010/07/16 16:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/05/24 22:15:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jay\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/09 18:47:47 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.exe
[2010/10/09 18:43:09 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/09 18:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/09 18:41:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/09 18:40:43 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/09 18:40:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/09 18:40:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/09 18:40:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/09 18:26:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/09 18:25:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/09 18:08:14 | 003,876,009 | R--- | M] () -- C:\Documents and Settings\Jay\Desktop\ComboFix.exe
[2010/10/09 17:39:52 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\RKUnhookerLE.EXE
[2010/10/09 17:29:43 | 000,544,256 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\dds.scr
[2010/10/09 17:29:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jay\defogger_reenable
[2010/10/09 17:27:33 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Defogger.exe
[2010/10/09 16:50:15 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/10/09 14:34:21 | 000,039,301 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\4153505_830133.jpg
[2010/10/09 09:46:31 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/08 22:13:32 | 000,186,454 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\66814_449735044039_537004039_5144966_97005_n.jpg
[2010/10/08 17:40:10 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Jay\.recently-used.xbel
[2010/10/07 16:12:23 | 000,089,707 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\10045255.gif
[2010/10/07 15:59:05 | 000,528,674 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\10317802.jpg
[2010/10/07 15:56:55 | 000,145,575 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\12653984_p4.jpg
[2010/10/07 15:56:55 | 000,081,127 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\13667887_m.jpg
[2010/10/07 15:52:49 | 000,065,062 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\7662092_m.jpg
[2010/10/06 19:14:29 | 000,039,916 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\6493_109445419039_537004039_2048371_2602939_n.jpg
[2010/10/06 19:14:00 | 000,057,878 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\29476_401853934039_537004039_4022400_6788997_n.jpg
[2010/10/06 17:39:45 | 000,600,202 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/06 17:39:45 | 000,516,708 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 17:39:45 | 000,092,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/03 20:50:21 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Adobe Flash CS4 Professional.lnk
[2010/10/03 20:03:04 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/10/03 13:41:30 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Steam.lnk
[2010/10/02 23:42:46 | 006,495,312 | -H-- | M] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\IconCache.db
[2010/10/02 23:33:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/02 22:28:02 | 000,000,665 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/02 22:28:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/02 22:25:43 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Jay\NTUSER.DAT
[2010/10/02 22:25:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jay\ntuser.ini
[2010/10/02 22:12:06 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/02 19:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/30 22:46:20 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\The Work of Art in the Age of Mechanical Reproduction by Walter Benjamin.doc
[2010/09/30 15:18:33 | 000,001,075 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iPodRobot iPod Video Converter.lnk
[2010/09/27 12:10:47 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/09/27 12:08:05 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/27 12:07:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2010/09/27 11:50:49 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 01:49:12 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/26 20:43:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\CCleaner.lnk
[2010/09/26 19:31:17 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 09:59:19 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Star Wars Knights of the Old Republic.url
[2010/09/15 08:23:15 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/09/12 14:55:49 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Magic DVD Ripper.lnk
[2010/09/12 14:47:34 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 6 FREE.lnk
[2010/09/12 14:47:34 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio 6 FREE.lnk
[2010/09/09 07:56:27 | 000,043,956 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/23 10:33:59 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Google Chrome.lnk
[2010/08/16 21:28:25 | 002,296,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/15 19:18:25 | 000,050,656 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/14 21:30:09 | 000,050,656 | ---- | M] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/14 19:47:51 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2010/08/04 11:50:36 | 000,140,752 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/08/03 13:28:36 | 000,095,896 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2010/08/01 17:58:27 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ComicRack.lnk
[2010/07/30 20:49:35 | 000,052,736 | ---- | M] (Interplay Productions) -- C:\WINDOWS\ipuninst.exe
[2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/07/26 14:50:18 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag.lnk
[2010/07/26 14:38:24 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/07/16 15:53:56 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/09 17:39:51 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\RKUnhookerLE.EXE
[2010/10/09 17:29:39 | 000,544,256 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\dds.scr
[2010/10/09 17:29:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jay\defogger_reenable
[2010/10/09 17:27:32 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Defogger.exe
[2010/10/09 14:34:21 | 000,039,301 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\4153505_830133.jpg
[2010/10/08 22:13:32 | 000,186,454 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\66814_449735044039_537004039_5144966_97005_n.jpg
[2010/10/08 17:40:10 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Jay\.recently-used.xbel
[2010/10/07 16:11:56 | 000,089,707 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\10045255.gif
[2010/10/07 15:54:19 | 000,081,127 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\13667887_m.jpg
[2010/10/07 15:53:59 | 000,145,575 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\12653984_p4.jpg
[2010/10/07 15:53:45 | 000,528,674 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\10317802.jpg
[2010/10/07 15:52:28 | 000,065,062 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\7662092_m.jpg
[2010/10/06 19:14:29 | 000,039,916 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\6493_109445419039_537004039_2048371_2602939_n.jpg
[2010/10/06 19:14:00 | 000,057,878 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\29476_401853934039_537004039_4022400_6788997_n.jpg
[2010/10/03 20:50:21 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Adobe Flash CS4 Professional.lnk
[2010/10/02 23:47:12 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/02 23:33:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/02 23:33:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/02 23:31:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/02 23:31:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/02 23:31:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/02 23:31:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/02 23:31:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/30 19:37:06 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\The Work of Art in the Age of Mechanical Reproduction by Walter Benjamin.doc
[2010/09/30 15:18:33 | 000,001,075 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iPodRobot iPod Video Converter.lnk
[2010/09/27 12:10:47 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/09/27 12:08:05 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/27 12:07:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2010/09/27 01:49:12 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/26 20:48:51 | 003,876,009 | R--- | C] () -- C:\Documents and Settings\Jay\Desktop\ComboFix.exe
[2010/09/26 20:43:08 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\CCleaner.lnk
[2010/09/26 19:31:17 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 09:59:19 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Star Wars Knights of the Old Republic.url
[2010/09/12 14:55:49 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Magic DVD Ripper.lnk
[2010/09/12 14:36:57 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 6 FREE.lnk
[2010/09/12 14:36:57 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio 6 FREE.lnk
[2010/09/09 07:52:46 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/23 10:33:59 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Google Chrome.lnk
[2010/08/14 00:39:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/08/07 16:50:26 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/01 17:58:27 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ComicRack.lnk
[2010/07/26 14:50:18 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag.lnk
[2010/07/26 14:38:24 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/07/16 15:53:56 | 000,000,026 | ---- | C] () -- C:\UpdaterforApp.ini
[2010/07/09 13:27:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/06 19:48:39 | 000,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/06/14 17:37:19 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/05/16 12:22:01 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/07 12:59:41 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/07 13:16:35 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2009/05/24 22:15:44 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2009/05/24 22:15:24 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\pcouffin.cat
[2009/05/24 22:15:24 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\pcouffin.inf
[2009/05/08 08:02:52 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/05/08 08:02:51 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/02/07 13:18:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msnmsgr.exe.ini
[2009/01/24 15:46:23 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/01/08 23:47:51 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/12/16 09:44:39 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/15 16:59:09 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/11/24 14:22:25 | 000,001,300 | ---- | C] () -- C:\WINDOWS\System32\cool.dll
[2008/10/23 13:22:15 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/10/06 15:26:18 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2008/09/04 18:35:01 | 000,124,416 | ---- | C] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 14:07:11 | 000,002,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/09/04 14:07:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C826A71632.sys
[2008/09/03 13:33:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/02 22:21:29 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/02 22:21:29 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/24 02:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/24 02:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/24 02:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/24 02:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/04/14 22:00:00 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/02/26 15:47:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/10/02 22:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/12 14:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/06/15 18:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/09/02 17:33:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/02 22:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/04/25 19:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/09/12 14:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2009/01/25 08:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaWidget
[2009/02/07 13:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/03/16 20:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2010/04/06 21:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/04/11 12:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2008/12/24 18:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/05 22:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/01/08 23:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/05/08 08:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2010/08/09 15:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/30 10:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/30 15:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VOWSoft
[2009/03/29 00:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/10 11:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/21 23:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4C0DBD62-F011-4A41-B11D-BE5CFA6DEDD7}
[2009/10/03 13:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 20:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/09 17:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\.purple
[2010/09/26 20:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\251194815B6086F231527487C167770E
[2008/11/26 11:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ACD Systems
[2008/09/03 01:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Ambient Design
[2009/08/22 13:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Any Video Converter
[2010/09/12 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Ashampoo
[2010/08/02 16:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\AVGTOOLBAR
[2008/10/09 12:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Blender Foundation
[2008/09/03 17:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\BSD
[2010/06/23 22:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Canon
[2010/06/22 22:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Canon Easy-WebPrint EX
[2010/08/03 18:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\CBS Interactive
[2009/05/24 21:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\CDBurnerXP_Soft
[2010/08/02 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\cYo
[2008/12/15 16:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\DAEMON Tools
[2010/01/09 10:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ESET
[2010/06/15 18:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Facebook
[2009/08/01 00:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\FotoWire
[2010/10/07 16:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\gtk-2.0
[2010/08/30 20:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\HandBrake
[2009/01/25 08:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Inkscape
[2010/07/26 14:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\IObit
[2010/06/14 16:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Leadertech
[2010/05/04 13:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\LimeWire
[2010/03/16 20:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\MyHeritage
[2008/12/24 21:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Nokia
[2009/06/07 15:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\OfficeUpdate12
[2010/04/06 21:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\OnlineArmor
[2008/12/24 18:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\PC Suite
[2008/10/23 13:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\QQ Games Plugin
[2010/08/10 10:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\runic games
[2009/01/08 23:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ScanSoft
[2008/10/05 13:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\SecondLife
[2010/06/14 16:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Teleca
[2010/05/07 12:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Template
[2010/07/26 14:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Thunderbird
[2010/02/01 15:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Tropico 3
[2008/10/06 17:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\TrueCrypt
[2010/09/28 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\uTorrent
[2009/05/30 00:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Vso
[2009/02/04 16:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Windows Desktop Search
[2009/10/11 21:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Windows Search
[2009/08/15 01:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Xilisoft Corporation
[2010/10/09 18:43:09 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=F1187D2E6A63E2FE1874525D1BBDFB05 -- C:\WINDOWS\explorer.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 22:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=2B0B8B1C3793ECE69056835B829392F6 -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613
< End of report >


OTL Extras logfile created on: 9/10/2010 6:50:12 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 431.85 Gb Free Space | 72.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZANTETSU
Current User Name: Jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56573:TCP" = 56573:TCP:*:Enabled:Pando Media Booster
"56573:UDP" = 56573:UDP:*:Enabled:Pando Media Booster
"57814:TCP" = 57814:TCP:*:Enabled:Pando Media Booster
"57814:UDP" = 57814:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56573:TCP" = 56573:TCP:*:Enabled:Pando Media Booster
"56573:UDP" = 56573:UDP:*:Enabled:Pando Media Booster
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"57814:TCP" = 57814:TCP:*:Enabled:Pando Media Booster
"57814:UDP" = 57814:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune -- (SEC)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\GIGABYTE\EnergySaver\run.exe" = C:\Program Files\GIGABYTE\EnergySaver\run.exe:*:Enabled:update -- ()
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"updater.exe" = C:\windows\updater.exe -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"C:\Program Files\Steam\steamapps\common\oblivion\OblivionLauncher.exe" = C:\Program Files\Steam\steamapps\common\oblivion\OblivionLauncher.exe:*:Enabled:The Elder Scrolls IV: Oblivion -- (Bethesda Softworks)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\common\tropico 3\tropico3.exe" = C:\Program Files\Steam\steamapps\common\tropico 3\tropico3.exe:*:Enabled:Tropico 3 - Steam Special Edition -- (Haemimont Games)
"C:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe" = C:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of the Old Republic -- (BioWare Corp.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A67BAB4-DA03-D177-D2B3-5441D302D122}" = Catalyst Control Center Graphics Full New
"{0A8C7880-F199-4807-ABD4-6E695B71A3D7}" = e-tax 2009
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{10CA5F88-BF0A-FE9E-3ACF-1F4D4AE99607}" = CCC Help French
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{12187515-72A8-2585-151B-30C691570DEA}" = CCC Help Chinese Traditional
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15E2DDAB-4099-E15D-C0FB-2AFF6D0EEE35}" = ccc-utility
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 18
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{27EC691D-253C-4F23-9EB8-903794C995F6}" = Catalyst Control Center - Branding
"{2B89DB46-84E2-CA82-495E-186A749D12E7}" = CCC Help Finnish
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{310DC2DE-72D7-E291-BC52-31720021145E}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33B9AA7E-6994-5764-18E2-426F37788723}" = Skins
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{40484E0C-E898-4749-00AC-13F41720565B}" = CCC Help Chinese Standard
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BDF0BC2-1003-EEC1-0CAA-6DFD891E8FB5}" = Catalyst Control Center Graphics Full Existing
"{4E9F3002-6CB0-DC83-4652-E274720A8D32}" = CCC Help Dutch
"{509E7E30-8EC3-449B-8C59-B952E7489B0F}" = D-Link DSLs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63707FC3-7B1E-0FB4-7234-7F417FA63690}" = Catalyst Control Center Graphics Light
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{667CDE63-7C87-ED7C-0CED-BA2531CB9272}" = ATI AVIVO Codecs
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73840172-AA77-F582-57A2-EC940019A03F}" = CCC Help Danish
"{7439807E-0C89-E942-50C6-FCAE6C3025D3}" = CCC Help Swedish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78DD0978-64ED-4745-A0D1-3C43B1E142D7}" = ATI Catalyst Install Manager
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0520.1
"{7FCE2B3F-56B6-97FE-F365-BC76DACB85F0}" = Catalyst Control Center Graphics Previews Common
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{867A797B-CD3F-9060-6394-9141BFB251A7}" = CCC Help Norwegian
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90A50A34-2B16-8494-15AB-20737B38B1ED}" = CCC Help Japanese
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937C6F96-CEA5-4B97-848D-1328BD8D59D4}" = ECI Client v5.2
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AFBB2DF4-26EC-5604-86B1-AECEDBAC6923}" = ccc-core-static
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1E033DF-001B-0232-36CB-D913AFFDD95D}" = CCC Help Spanish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8600BE3-6504-1101-5FA6-43DF1EF74D9F}" = CCC Help Italian
"{B885C9D8-9FB9-EB33-C8A0-CA93E63C1AC9}" = Catalyst Control Center Core Implementation
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB937F88-FA65-EDB6-A043-EA973D595FEB}" = Catalyst Control Center InstallProxy
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE2078E-5E93-BE20-ABC2-485D5F19FAC2}" = ccc-core-preinstall
"{BFE57A27-63A6-289C-0E75-E108E626A1A8}" = CCC Help English
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4526CCC-CF15-4908-892F-37FAF69946A6}_is1" = nFLVPlayer
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02EDDE7-B5C5-40A2-AF57-73A3278F4EEB}" = ESET NOD32 Antivirus
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE8EF0E4-1989-26B0-A364-629B8897609D}" = Catalyst Control Center Localization All
"84261EAEDFA5240ACFFEDFB145134E295B649795" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Afterburner" = MSI Afterburner 1.5.0
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComicRack" = ComicRack v0.9.128
"Common-Use Signing Interface" = Common-Use Signing Interface
"Digital Editions" = Adobe Digital Editions
"DriverAgent.exe" = DriverAgent by eSupport.com
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FlashGet" = FlashGet 1.9.6.1073
"Game Booster_is1" = Game Booster
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Guild Wars" = Guild Wars
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"iPodRobot iPod Video Converter" = iPodRobot iPod Video Converter 5.0.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Standard)
"Liveupdate4_is1" = Liveupdate4
"Logitech Print Service" = Logitech Print Service
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI Kombustor_is1" = MSI Kombustor v1.0.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1" = Online Armor 4.0
"Orb" = Winamp Remote
"Pen Tablet Driver" = Pen Tablet
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"Rainlendar2" = Rainlendar2 (remove only)
"Smart Defrag_is1" = Smart Defrag
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SP6" = Logitech SetPoint 6.1
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 23490" = Tropico 3 - Steam Special Edition
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 41500" = Torchlight
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/10/2010 7:30:48 AM | Computer Name = ZANTETSU | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/10/2010 7:30:48 AM | Computer Name = ZANTETSU | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/10/2010 7:31:05 AM | Computer Name = ZANTETSU | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/10/2010 12:06:13 AM | Computer Name = ZANTETSU | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/10/2010 1:14:03 AM | Computer Name = ZANTETSU | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1750665693-QkxaMDAwMitEOTAzQ0YqM0NBQjAxM0E3QjdCQkM3QzRBOQ==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 7/10/2010 2:00:39 AM | Computer Name = ZANTETSU | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/10/2010 5:10:05 AM | Computer Name = ZANTETSU | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1750665693-QkxaMDAwMitEOTAzQ0YqM0NBQjAxM0E3QjdCQkM3QzRBOQ==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 8/10/2010 11:21:14 PM | Computer Name = ZANTETSU | Source = Bonjour Service | ID = 100
Description = 532: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/10/2010 4:12:16 AM | Computer Name = ZANTETSU | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 9/10/2010 4:41:41 AM | Computer Name = ZANTETSU | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 6/10/2010 2:46:14 AM | Computer Name = ZANTETSU | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 6/10/2010 2:58:15 AM | Computer Name = ZANTETSU | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 6/10/2010 3:10:15 AM | Computer Name = ZANTETSU | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 6/10/2010 3:20:27 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 6/10/2010 3:20:02 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd PenClass

Error - 9/10/2010 4:05:54 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7034
Description = The Online Armor service terminated unexpectedly. It has done this
1 time(s).

Error - 9/10/2010 4:12:19 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/10/2010 4:12:19 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7034
Description = The Sony Ericsson OMSI download service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/10/2010 4:41:00 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/10/2010 4:41:04 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd PenClass


< End of report >


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 AM

Posted 09 October 2010 - 04:28 AM

Hello

I would like you to do a system restore to before this happened and lets HOPE it replaces those two files

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Jasetronaut

Jasetronaut
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 09 October 2010 - 04:40 AM

Hi Gringo,

It doesn't appear to have worked sad.gif I'm guessing this means I may have to end up reformatting my hard disk?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 AM

Posted 09 October 2010 - 06:18 AM

Hello

I am changing the search a little

Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
      /md5start
      explorer.*
      winlogon.*
      /md5stop
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Jasetronaut

Jasetronaut
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 09 October 2010 - 06:33 AM

OTL logfile created on: 9/10/2010 9:27:01 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 431.63 Gb Free Space | 72.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZANTETSU
Current User Name: Jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/09 21:25:27 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/08/12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/05/19 06:41:50 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/05/06 19:32:28 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/03/18 17:37:49 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/13 06:10:20 | 003,064,824 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2010/03/13 06:10:16 | 006,658,552 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2010/03/13 06:10:16 | 003,360,760 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2010/03/13 06:10:16 | 001,284,600 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/08/24 22:01:56 | 004,067,328 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/05/01 15:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008/05/01 15:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/03 17:17:28 | 002,473,984 | ---- | M] (SEC) -- C:\Program Files\MagicTune Premium\MagicTune.exe
PRC - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2010/10/09 21:25:27 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.exe
MOD - [2010/03/13 06:10:20 | 000,948,728 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2008/04/14 22:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/14 22:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/14 22:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 22:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 22:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/05/06 19:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/13 06:10:16 | 003,360,760 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/03/13 06:10:16 | 001,284,600 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/01/15 11:14:01 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2009/09/30 18:56:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/05/01 15:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\penclass.sys -- (PenClass)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\198.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jay\LOCALS~1\Temp\esihdrv.sys -- (esihdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2010/10/09 19:36:49 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/08/04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/08/03 13:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/06/14 15:25:57 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/04/30 18:56:24 | 006,032,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/22 18:30:22 | 000,222,672 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/03/18 19:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 19:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 19:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/03/13 05:39:10 | 000,024,440 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/03/13 05:38:58 | 000,029,560 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/03/13 05:38:54 | 000,226,680 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2010/01/15 11:10:14 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2009/11/18 09:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 09:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/12 12:10:54 | 000,029,440 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2009/09/14 22:48:30 | 004,477,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/19 08:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/05/08 08:02:52 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/05/08 08:02:51 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/02/16 19:35:06 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2008/12/15 16:40:13 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/09 16:11:34 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/04/14 22:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 22:00:00 | 000,064,512 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/14 22:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/17 13:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/01/15 12:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/12/14 09:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2007/11/29 12:46:08 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2007/11/29 12:46:08 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2007/04/04 12:43:38 | 000,098,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)
DRV - [2007/04/04 12:43:36 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716obex.sys -- (s716obex)
DRV - [2007/04/04 12:43:36 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)
DRV - [2007/04/04 12:43:34 | 000,108,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdm.sys -- (s716mdm)
DRV - [2007/04/04 12:43:34 | 000,100,360 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/04 12:43:32 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdfl.sys -- (s716mdfl)
DRV - [2007/04/04 12:43:20 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)
DRV - [2007/04/03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.28
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..keyword.URL: "http://radiobar.toolbarhome.com/search.aspx?srch=ku&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 21:48:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/11 10:56:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/10/02 22:30:20 | 000,000,000 | ---D | M]

[2010/07/26 14:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Extensions
[2010/07/26 14:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/09 15:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions
[2009/11/03 17:27:44 | 000,000,000 | ---D | M] (ANTHEM) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2010/04/11 12:49:28 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/07/22 19:13:11 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/05/14 07:12:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/03 16:51:17 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2010/06/14 16:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\DeviceDetection@logitech.com
[2009/02/22 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\notebook@google.com
[2010/07/26 15:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Sunbird\Profiles\jy7y1fd7.default\extensions
[2010/07/28 20:13:24 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\searchplugins\web-search.xml
[2010/04/11 15:50:02 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\searchplugins\winamp-search.xml
[2009/02/21 09:05:39 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\searchplugins\yahoo.gif
[2009/02/21 09:05:39 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\searchplugins\yahoo.src
[2009/02/21 09:05:38 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\searchplugins\yahoo.xml
[2010/10/09 15:26:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/14 08:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/03/13 13:13:31 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/13 13:13:31 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/13 13:13:31 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/14 19:05:24 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml
[2010/03/13 13:13:31 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/09 18:25:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1254574203234 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/01 12:17:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/09 21:25:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/09 21:25:19 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.exe
[2010/10/09 18:09:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/02 23:33:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/02 23:31:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/02 23:31:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/02 23:31:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/02 23:31:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/02 22:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/10/02 22:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/02 22:21:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jay\Recent
[2010/10/02 12:42:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/02 12:34:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/30 15:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VOWSoft
[2010/09/30 15:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\VOWSoft iPod Software
[2010/09/27 11:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Lists
[2010/09/27 11:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Money
[2010/09/27 11:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Health
[2010/09/27 11:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Styling + Grooming
[2010/09/27 11:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Job Stuff
[2010/09/27 11:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\University
[2010/09/27 11:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\E-Books
[2010/09/27 11:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Customisation
[2010/09/26 20:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Yahoo!
[2010/09/26 20:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/09/26 20:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/26 19:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Malwarebytes
[2010/09/26 19:31:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/26 19:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/26 19:31:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/26 19:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/12 14:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\MagicSoftware
[2010/09/12 14:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2010/09/12 14:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDVDRipper
[2010/09/12 14:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Ashampoo
[2010/09/12 14:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\ashampoo
[2010/09/12 14:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/09/12 14:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2010/09/08 21:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/08 21:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/08 21:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/03 13:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\City of Heroes
[2010/08/31 15:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/30 20:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\HandBrake
[2010/08/30 20:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\HandBrake
[2010/08/16 21:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\ooqquddcd
[2010/08/16 21:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\251194815B6086F231527487C167770E
[2010/08/14 15:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Vegetarian Stuff
[2010/08/13 23:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\Oblivion
[2010/08/13 23:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\My Games
[2010/08/10 10:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\runic games
[2010/08/08 15:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010/08/07 16:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/08/05 23:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\GamepotUSA
[2010/08/04 11:50:36 | 000,140,752 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/08/03 18:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2010/08/03 13:28:36 | 000,095,896 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2010/08/02 18:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\cYo
[2010/08/02 18:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\cYo
[2010/08/01 17:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\ComicRack
[2010/08/01 17:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/30 20:49:35 | 000,052,736 | ---- | C] (Interplay Productions) -- C:\WINDOWS\ipuninst.exe
[2010/07/30 20:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\BlackIsle
[2010/07/29 13:31:26 | 000,115,008 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/07/26 15:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Talkback
[2010/07/26 14:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\Thunderbird
[2010/07/26 14:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Thunderbird
[2010/07/26 14:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2010/07/26 14:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Sunbird
[2010/07/26 14:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\CBS Interactive
[2010/07/26 12:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\My Documents\Taxation
[2010/07/26 12:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Titan Backup
[2010/07/26 12:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/07/26 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\AVGTOOLBAR
[2010/07/16 17:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\ArcSoft
[2010/07/16 16:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/05/24 22:15:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jay\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/09 21:25:27 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.exe
[2010/10/09 20:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/09 20:09:22 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/10/09 19:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/09 19:39:11 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/09 19:36:56 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/09 19:36:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/09 19:36:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/09 19:36:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/09 19:36:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/09 19:33:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jay\ntuser.ini
[2010/10/09 19:33:43 | 007,027,708 | -H-- | M] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\IconCache.db
[2010/10/09 18:26:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/09 18:25:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/09 18:08:14 | 003,876,009 | R--- | M] () -- C:\Documents and Settings\Jay\Desktop\ComboFix.exe
[2010/10/09 17:39:52 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\RKUnhookerLE.EXE
[2010/10/09 17:29:43 | 000,544,256 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\dds.scr
[2010/10/09 17:29:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jay\defogger_reenable
[2010/10/09 17:27:33 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Defogger.exe
[2010/10/09 14:34:21 | 000,039,301 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\4153505_830133.jpg
[2010/10/09 09:46:31 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/08 22:13:32 | 000,186,454 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\66814_449735044039_537004039_5144966_97005_n.jpg
[2010/10/08 17:40:10 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Jay\.recently-used.xbel
[2010/10/07 16:12:23 | 000,089,707 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\10045255.gif
[2010/10/07 15:59:05 | 000,528,674 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\10317802.jpg
[2010/10/07 15:56:55 | 000,145,575 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\12653984_p4.jpg
[2010/10/07 15:56:55 | 000,081,127 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\13667887_m.jpg
[2010/10/07 15:52:49 | 000,065,062 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\7662092_m.jpg
[2010/10/06 19:14:29 | 000,039,916 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\6493_109445419039_537004039_2048371_2602939_n.jpg
[2010/10/06 19:14:00 | 000,057,878 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\29476_401853934039_537004039_4022400_6788997_n.jpg
[2010/10/06 17:39:45 | 000,600,202 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/06 17:39:45 | 000,516,708 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 17:39:45 | 000,092,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/03 20:50:21 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Adobe Flash CS4 Professional.lnk
[2010/10/03 20:03:04 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/10/03 13:41:30 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Steam.lnk
[2010/10/02 23:33:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/02 23:31:20 | 009,166,848 | ---- | M] () -- C:\Documents and Settings\Jay\ntuser.dat
[2010/10/02 22:28:02 | 000,000,665 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/02 22:28:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/02 22:12:06 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/30 22:46:20 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\The Work of Art in the Age of Mechanical Reproduction by Walter Benjamin.doc
[2010/09/30 15:18:33 | 000,001,075 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iPodRobot iPod Video Converter.lnk
[2010/09/27 12:10:47 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/09/27 12:08:05 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/27 12:07:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2010/09/27 11:50:49 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 01:49:12 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/26 20:43:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\CCleaner.lnk
[2010/09/26 19:31:17 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 09:59:19 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Star Wars Knights of the Old Republic.url
[2010/09/15 08:23:15 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/09/12 14:55:49 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Magic DVD Ripper.lnk
[2010/09/12 14:47:34 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 6 FREE.lnk
[2010/09/12 14:47:34 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio 6 FREE.lnk
[2010/09/09 07:56:27 | 000,043,956 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/23 10:33:59 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\Jay\Desktop\Google Chrome.lnk
[2010/08/16 21:28:25 | 002,296,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/15 19:18:25 | 000,050,656 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/14 21:30:09 | 000,050,656 | ---- | M] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/14 19:47:51 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2010/08/04 11:50:36 | 000,140,752 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/08/03 13:28:36 | 000,095,896 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2010/08/01 17:58:27 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ComicRack.lnk
[2010/07/30 20:49:35 | 000,052,736 | ---- | M] (Interplay Productions) -- C:\WINDOWS\ipuninst.exe
[2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/07/26 14:50:18 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag.lnk
[2010/07/26 14:38:24 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/07/16 15:53:56 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/09 17:39:51 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\RKUnhookerLE.EXE
[2010/10/09 17:29:39 | 000,544,256 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\dds.scr
[2010/10/09 17:29:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jay\defogger_reenable
[2010/10/09 17:27:32 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Defogger.exe
[2010/10/09 14:34:21 | 000,039,301 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\4153505_830133.jpg
[2010/10/08 22:13:32 | 000,186,454 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\66814_449735044039_537004039_5144966_97005_n.jpg
[2010/10/08 17:40:10 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Jay\.recently-used.xbel
[2010/10/07 16:11:56 | 000,089,707 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\10045255.gif
[2010/10/07 15:54:19 | 000,081,127 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\13667887_m.jpg
[2010/10/07 15:53:59 | 000,145,575 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\12653984_p4.jpg
[2010/10/07 15:53:45 | 000,528,674 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\10317802.jpg
[2010/10/07 15:52:28 | 000,065,062 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\7662092_m.jpg
[2010/10/06 19:14:29 | 000,039,916 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\6493_109445419039_537004039_2048371_2602939_n.jpg
[2010/10/06 19:14:00 | 000,057,878 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\29476_401853934039_537004039_4022400_6788997_n.jpg
[2010/10/03 20:50:21 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Adobe Flash CS4 Professional.lnk
[2010/10/02 23:47:12 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/02 23:33:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/02 23:33:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/02 23:31:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/02 23:31:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/02 23:31:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/02 23:31:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/02 23:31:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/02 23:31:19 | 009,166,848 | ---- | C] () -- C:\Documents and Settings\Jay\ntuser.dat
[2010/09/30 19:37:06 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\The Work of Art in the Age of Mechanical Reproduction by Walter Benjamin.doc
[2010/09/30 15:18:33 | 000,001,075 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iPodRobot iPod Video Converter.lnk
[2010/09/27 12:10:47 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/09/27 12:08:05 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/27 12:07:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2010/09/27 01:49:12 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/26 20:48:51 | 003,876,009 | R--- | C] () -- C:\Documents and Settings\Jay\Desktop\ComboFix.exe
[2010/09/26 20:43:08 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\CCleaner.lnk
[2010/09/26 19:31:17 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 09:59:19 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Star Wars Knights of the Old Republic.url
[2010/09/12 14:55:49 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Magic DVD Ripper.lnk
[2010/09/12 14:36:57 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 6 FREE.lnk
[2010/09/12 14:36:57 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio 6 FREE.lnk
[2010/09/09 07:52:46 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/23 10:33:59 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Google Chrome.lnk
[2010/08/14 00:39:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/08/07 16:50:26 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/01 17:58:27 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ComicRack.lnk
[2010/07/26 14:50:18 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag.lnk
[2010/07/26 14:38:24 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/07/16 15:53:56 | 000,000,026 | ---- | C] () -- C:\UpdaterforApp.ini
[2010/07/09 13:27:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/06 19:48:39 | 000,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/06/14 17:37:19 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/05/16 12:22:01 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/07 12:59:41 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/07 13:16:35 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2009/05/24 22:15:44 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2009/05/24 22:15:24 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\pcouffin.cat
[2009/05/24 22:15:24 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jay\Application Data\pcouffin.inf
[2009/05/08 08:02:52 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/05/08 08:02:51 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/02/07 13:18:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msnmsgr.exe.ini
[2009/01/24 15:46:23 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/01/08 23:47:51 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/12/16 09:44:39 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/15 16:59:09 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/11/24 14:22:25 | 000,001,300 | ---- | C] () -- C:\WINDOWS\System32\cool.dll
[2008/10/23 13:22:15 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/10/06 15:26:18 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2008/09/04 18:35:01 | 000,124,416 | ---- | C] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 14:07:11 | 000,002,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/09/04 14:07:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C826A71632.sys
[2008/09/03 13:33:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/02 22:21:29 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/02 22:21:29 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/24 02:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/24 02:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/24 02:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/24 02:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/04/14 22:00:00 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/02/26 15:47:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/10/02 22:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/12 14:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/06/15 18:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/09/02 17:33:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/02 22:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/04/25 19:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/09/12 14:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2009/01/25 08:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaWidget
[2009/02/07 13:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/03/16 20:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2010/04/06 21:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/04/11 12:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2008/12/24 18:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/05 22:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/01/08 23:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/05/08 08:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2010/08/09 15:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/30 10:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/30 15:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VOWSoft
[2009/03/29 00:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/10 11:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/21 23:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4C0DBD62-F011-4A41-B11D-BE5CFA6DEDD7}
[2009/10/03 13:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 20:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/09 17:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\.purple
[2010/09/26 20:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\251194815B6086F231527487C167770E
[2008/11/26 11:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ACD Systems
[2008/09/03 01:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Ambient Design
[2009/08/22 13:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Any Video Converter
[2010/09/12 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Ashampoo
[2010/08/02 16:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\AVGTOOLBAR
[2008/10/09 12:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Blender Foundation
[2008/09/03 17:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\BSD
[2010/06/23 22:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Canon
[2010/06/22 22:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Canon Easy-WebPrint EX
[2010/08/03 18:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\CBS Interactive
[2009/05/24 21:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\CDBurnerXP_Soft
[2010/08/02 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\cYo
[2008/12/15 16:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\DAEMON Tools
[2010/01/09 10:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ESET
[2010/06/15 18:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Facebook
[2009/08/01 00:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\FotoWire
[2010/10/07 16:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\gtk-2.0
[2010/08/30 20:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\HandBrake
[2009/01/25 08:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Inkscape
[2010/07/26 14:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\IObit
[2010/06/14 16:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Leadertech
[2010/05/04 13:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\LimeWire
[2010/03/16 20:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\MyHeritage
[2008/12/24 21:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Nokia
[2009/06/07 15:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\OfficeUpdate12
[2010/04/06 21:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\OnlineArmor
[2008/12/24 18:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\PC Suite
[2008/10/23 13:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\QQ Games Plugin
[2010/08/10 10:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\runic games
[2009/01/08 23:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ScanSoft
[2008/10/05 13:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\SecondLife
[2010/06/14 16:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Teleca
[2010/05/07 12:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Template
[2010/07/26 14:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Thunderbird
[2010/02/01 15:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Tropico 3
[2008/10/06 17:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\TrueCrypt
[2010/09/28 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\uTorrent
[2009/05/30 00:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Vso
[2009/02/04 16:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Windows Desktop Search
[2009/10/11 21:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Windows Search
[2009/08/15 01:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Xilisoft Corporation
[2010/10/09 19:39:11 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=F1187D2E6A63E2FE1874525D1BBDFB05 -- C:\WINDOWS\explorer.exe

< MD5 for: EXPLORER.GIF >
[2008/07/22 09:22:18 | 000,001,054 | ---- | M] () MD5=678B9EABF7493254CDB7F86E98AFAFD7 -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\Studios\Sync Studio\Images\Explorer.gif

< MD5 for: EXPLORER.SCF >
[2008/04/14 22:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: WINLOGON.EXE >
[2008/04/14 22:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=2B0B8B1C3793ECE69056835B829392F6 -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613
< End of report >

OTL Extras logfile created on: 9/10/2010 9:27:01 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 431.63 Gb Free Space | 72.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZANTETSU
Current User Name: Jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- Reg Error: Key error. File not found
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56573:TCP" = 56573:TCP:*:Enabled:Pando Media Booster
"56573:UDP" = 56573:UDP:*:Enabled:Pando Media Booster
"57814:TCP" = 57814:TCP:*:Enabled:Pando Media Booster
"57814:UDP" = 57814:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56573:TCP" = 56573:TCP:*:Enabled:Pando Media Booster
"56573:UDP" = 56573:UDP:*:Enabled:Pando Media Booster
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"57814:TCP" = 57814:TCP:*:Enabled:Pando Media Booster
"57814:UDP" = 57814:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune -- (SEC)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\GIGABYTE\EnergySaver\run.exe" = C:\Program Files\GIGABYTE\EnergySaver\run.exe:*:Enabled:update -- ()
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"updater.exe" = C:\windows\updater.exe -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"C:\Program Files\Steam\steamapps\common\oblivion\OblivionLauncher.exe" = C:\Program Files\Steam\steamapps\common\oblivion\OblivionLauncher.exe:*:Enabled:The Elder Scrolls IV: Oblivion -- (Bethesda Softworks)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\common\tropico 3\tropico3.exe" = C:\Program Files\Steam\steamapps\common\tropico 3\tropico3.exe:*:Enabled:Tropico 3 - Steam Special Edition -- (Haemimont Games)
"C:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe" = C:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of the Old Republic -- (BioWare Corp.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A67BAB4-DA03-D177-D2B3-5441D302D122}" = Catalyst Control Center Graphics Full New
"{0A8C7880-F199-4807-ABD4-6E695B71A3D7}" = e-tax 2009
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{10CA5F88-BF0A-FE9E-3ACF-1F4D4AE99607}" = CCC Help French
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{12187515-72A8-2585-151B-30C691570DEA}" = CCC Help Chinese Traditional
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15E2DDAB-4099-E15D-C0FB-2AFF6D0EEE35}" = ccc-utility
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 18
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{27EC691D-253C-4F23-9EB8-903794C995F6}" = Catalyst Control Center - Branding
"{2B89DB46-84E2-CA82-495E-186A749D12E7}" = CCC Help Finnish
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{310DC2DE-72D7-E291-BC52-31720021145E}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33B9AA7E-6994-5764-18E2-426F37788723}" = Skins
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{40484E0C-E898-4749-00AC-13F41720565B}" = CCC Help Chinese Standard
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BDF0BC2-1003-EEC1-0CAA-6DFD891E8FB5}" = Catalyst Control Center Graphics Full Existing
"{4E9F3002-6CB0-DC83-4652-E274720A8D32}" = CCC Help Dutch
"{509E7E30-8EC3-449B-8C59-B952E7489B0F}" = D-Link DSLs
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{63707FC3-7B1E-0FB4-7234-7F417FA63690}" = Catalyst Control Center Graphics Light
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{667CDE63-7C87-ED7C-0CED-BA2531CB9272}" = ATI AVIVO Codecs
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73840172-AA77-F582-57A2-EC940019A03F}" = CCC Help Danish
"{7439807E-0C89-E942-50C6-FCAE6C3025D3}" = CCC Help Swedish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78DD0978-64ED-4745-A0D1-3C43B1E142D7}" = ATI Catalyst Install Manager
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0520.1
"{7FCE2B3F-56B6-97FE-F365-BC76DACB85F0}" = Catalyst Control Center Graphics Previews Common
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{867A797B-CD3F-9060-6394-9141BFB251A7}" = CCC Help Norwegian
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90A50A34-2B16-8494-15AB-20737B38B1ED}" = CCC Help Japanese
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937C6F96-CEA5-4B97-848D-1328BD8D59D4}" = ECI Client v5.2
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AFBB2DF4-26EC-5604-86B1-AECEDBAC6923}" = ccc-core-static
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1E033DF-001B-0232-36CB-D913AFFDD95D}" = CCC Help Spanish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8600BE3-6504-1101-5FA6-43DF1EF74D9F}" = CCC Help Italian
"{B885C9D8-9FB9-EB33-C8A0-CA93E63C1AC9}" = Catalyst Control Center Core Implementation
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB937F88-FA65-EDB6-A043-EA973D595FEB}" = Catalyst Control Center InstallProxy
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE2078E-5E93-BE20-ABC2-485D5F19FAC2}" = ccc-core-preinstall
"{BFE57A27-63A6-289C-0E75-E108E626A1A8}" = CCC Help English
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4526CCC-CF15-4908-892F-37FAF69946A6}_is1" = nFLVPlayer
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02EDDE7-B5C5-40A2-AF57-73A3278F4EEB}" = ESET NOD32 Antivirus
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE8EF0E4-1989-26B0-A364-629B8897609D}" = Catalyst Control Center Localization All
"84261EAEDFA5240ACFFEDFB145134E295B649795" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Afterburner" = MSI Afterburner 1.5.0
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComicRack" = ComicRack v0.9.128
"Common-Use Signing Interface" = Common-Use Signing Interface
"Digital Editions" = Adobe Digital Editions
"DriverAgent.exe" = DriverAgent by eSupport.com
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FlashGet" = FlashGet 1.9.6.1073
"Game Booster_is1" = Game Booster
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Guild Wars" = Guild Wars
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"iPodRobot iPod Video Converter" = iPodRobot iPod Video Converter 5.0.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Standard)
"Liveupdate4_is1" = Liveupdate4
"Logitech Print Service" = Logitech Print Service
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI Kombustor_is1" = MSI Kombustor v1.0.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1" = Online Armor 4.0
"Orb" = Winamp Remote
"Pen Tablet Driver" = Pen Tablet
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"Rainlendar2" = Rainlendar2 (remove only)
"Smart Defrag_is1" = Smart Defrag
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SP6" = Logitech SetPoint 6.1
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 23490" = Tropico 3 - Steam Special Edition
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 41500" = Torchlight
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2010 1:14:03 AM | Computer Name = ZANTETSU | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1750665693-QkxaMDAwMitEOTAzQ0YqM0NBQjAxM0E3QjdCQkM3QzRBOQ==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 7/10/2010 2:00:39 AM | Computer Name = ZANTETSU | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/10/2010 5:10:05 AM | Computer Name = ZANTETSU | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1750665693-QkxaMDAwMitEOTAzQ0YqM0NBQjAxM0E3QjdCQkM3QzRBOQ==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 8/10/2010 11:21:14 PM | Computer Name = ZANTETSU | Source = Bonjour Service | ID = 100
Description = 532: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/10/2010 4:12:16 AM | Computer Name = ZANTETSU | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 9/10/2010 4:41:41 AM | Computer Name = ZANTETSU | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 9/10/2010 5:36:39 AM | Computer Name = ZANTETSU | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


Error - 9/10/2010 5:36:40 AM | Computer Name = ZANTETSU | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 9/10/2010 5:36:40 AM | Computer Name = ZANTETSU | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 9/10/2010 5:36:45 AM | Computer Name = ZANTETSU | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

[ System Events ]
Error - 9/10/2010 4:05:54 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7034
Description = The Online Armor service terminated unexpectedly. It has done this
1 time(s).

Error - 9/10/2010 4:12:19 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/10/2010 4:12:19 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7034
Description = The Sony Ericsson OMSI download service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/10/2010 4:41:00 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/10/2010 4:41:04 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd PenClass

Error - 9/10/2010 5:33:39 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/10/2010 5:36:07 AM | Computer Name = ZANTETSU | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x80092003 Error description: An error occurred while reading or writing to
a file. Signatures loading: %%825 Loading signature version: 1.91.1122.0 Loading
engine version: 1.1.6201.0

Error - 9/10/2010 5:36:34 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/10/2010 5:36:39 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd PenClass

Error - 9/10/2010 5:37:07 AM | Computer Name = ZANTETSU | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).


< End of report >



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 AM

Posted 10 October 2010 - 01:47 AM

Hello

You need to find a friend that has xp SP2 so you can copy these two files to a jump drive
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\winlogon.exe



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
SRPeek::
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\winlogon.exe


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 AM

Posted 13 October 2010 - 09:10 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Jasetronaut

Jasetronaut
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 13 October 2010 - 09:46 PM

Hi Gringo,

Sorry about the delay, yes I would still like your help, though I don't have access to another machine that I can copy the files from to a jump drive. My system is still infected.


ComboFix 10-10-12.03 - Jay 14/10/2010 12:27:26.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1370 [GMT 10:00]
Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jay\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-12 16:11 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D1D0345D-83BC-4C4F-A0F4-3B74769A1D18}\mpengine.dll
2010-10-11 01:19 . 2010-09-22 08:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-10-09 09:34 . 2010-10-09 09:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-02 12:43 . 2010-10-02 12:43 -------- d-----w- c:\program files\Sophos
2010-10-02 12:30 . 2010-10-02 12:30 -------- d-----w- c:\program files\ESET
2010-09-30 05:18 . 2010-09-30 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\VOWSoft
2010-09-30 05:18 . 2010-09-30 05:18 -------- d-----w- c:\program files\VOWSoft iPod Software
2010-09-26 10:43 . 2010-09-26 10:43 -------- d-----w- c:\documents and settings\Jay\Application Data\Yahoo!
2010-09-26 10:43 . 2010-09-26 11:07 -------- d-----w- c:\program files\Yahoo!
2010-09-26 10:43 . 2010-09-26 10:43 -------- d-----w- c:\program files\CCleaner
2010-09-26 09:31 . 2010-09-26 09:31 -------- d-----w- c:\documents and settings\Jay\Application Data\Malwarebytes
2010-09-26 09:31 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-26 09:31 . 2010-09-26 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-26 09:31 . 2010-09-26 09:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-26 09:31 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2008-04-14 . 2B0B8B1C3793ECE69056835B829392F6 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . F1187D2E6A63E2FE1874525D1BBDFB05 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-03-12 6658552]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-14 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-09 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-08-31 421160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Tall Emu\Online Armor\oaevent.dll" [2010-03-12 925688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows\pss\NCProTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^VirtualExpander.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\VirtualExpander.lnk
backup=c:\windows\pss\VirtualExpander.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 15:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
c:\progra~1\COMMON~1\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 05:10 2349776 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-03 15:43 767312 -c--a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
c:\program files\Google\Google Talk\googletalk.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-08-31 22:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
c:\program files\Logitech\Video\ISStart.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
c:\program files\Logitech\Video\ManifestEngine.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
c:\program files\Logitech\Video\ISStart.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
c:\program files\Logitech\Video\LogiTray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
c:\windows\system32\LVCOMSX.EXE [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSI Live]
c:\program files\MSI\MSI Live\SetWallpaper.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
c:\windows\system32\NeroCheck.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 02:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
c:\program files\CyberLink\PowerDVD8\Language\Language.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
c:\program files\PeerGuardian2\pg2.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-09 19:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-24 23:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-14 11:25 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-02 07:17 1242448 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 01:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"updater.exe"= c:\windows\updater.exe
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\tropico 3\\tropico3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56573:TCP"= 56573:TCP:Pando Media Booster
"56573:UDP"= 56573:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"57814:TCP"= 57814:TCP:Pando Media Booster
"57814:UDP"= 57814:UDP:Pando Media Booster

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/07/2010 1:31 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/08/2010 1:28 PM 95896]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [6/04/2010 9:15 PM 226680]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [6/04/2010 9:15 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [6/04/2010 9:15 PM 29560]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/08/2010 2:16 PM 810144]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2/09/2008 1:49 PM 80392]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [14/06/2010 5:12 PM 10448]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [6/04/2010 9:15 PM 1284600]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [14/06/2010 5:30 PM 22016]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [22/10/2008 4:16 PM 3032360]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [10/09/2008 11:57 AM 15144]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate1c9c4a75eebe8f8;Google Update Service (gupdate1c9c4a75eebe8f8);c:\program files\Google\Update\GoogleUpdate.exe [24/04/2009 4:39 PM 133104]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [14/06/2010 5:04 PM 90112]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [6/04/2010 9:15 PM 3360760]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 5:46 AM 288112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14/06/2010 5:32 PM 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [14/06/2010 3:25 PM 23456]
S3 esihdrv;esihdrv;\??\c:\docume~1\Jay\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Jay\LOCALS~1\Temp\esihdrv.sys [?]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [14/06/2010 5:42 PM 9216]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\198.tmp --> c:\windows\system32\198.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [14/06/2010 5:30 PM 29440]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [14/06/2010 5:30 PM 17536]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [14/06/2010 5:04 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [14/06/2010 5:04 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [14/06/2010 5:04 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [14/06/2010 5:04 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [14/06/2010 5:04 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [14/06/2010 5:04 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [14/06/2010 5:04 PM 115752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/12/2008 4:24 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2010-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 01:54]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 06:39]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 06:39]

2010-10-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.myheritage.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\documents and settings\Jay\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\so3wpbc8.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\198.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2010-10-14 12:44:30
ComboFix-quarantined-files.txt 2010-10-14 02:44
ComboFix2.txt 2010-10-09 08:30
ComboFix3.txt 2010-10-02 13:39

Pre-Run: 457,913,163,776 bytes free
Post-Run: 457,903,652,864 bytes free

- - End Of File - - AD57448914A3FCF814FA0471A4A981A5


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 AM

Posted 14 October 2010 - 08:54 AM

Hello

we need to find a friend


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users